Mohan Baruwal Chhetri,Shahroz Tariq,Ronal Singh,Fatemeh Jalalvand,Cecile Paris,Surya Nepal

DOI: https://doi.org/10.1145/3670009

IF: 5.3

2024-07-15

ACM Transactions on Internet Technology

Abstract:Security Operations Centres (SOCs) play a pivotal role in defending organisations against evolving cyber threats. They function as central hubs for detecting, analysing, and responding promptly to cyber incidents with the primary objective of ensuring the confidentiality, integrity, and availability of digital assets. However, they struggle against the growing problem of alert fatigue, where the sheer volume of alerts overwhelms SOC analysts and raises the risk of overlooking critical threats. In recent times, there has been a growing call for human-AI teaming, wherein humans and AI collaborate with each other, leveraging their complementary strengths and compensating for their weaknesses. The rapid advances in AI and the growing integration of AI-enabled tools and technologies within SOCs give rise to a compelling argument for the implementation of human-AI teaming within the SOC environment. Therefore, in this article, we present our vision for human-AI teaming to address the problem of alert fatigue in the SOC. We propose the A 2 C Framework, which enables flexible and dynamic decision making by allowing seamless transitions between automated, augmented, and collaborative modes of operation. Our framework allows AI-powered automation for routine alerts, AI-driven augmentation for expedited expert decision making, and collaborative exploration for tackling complex, novel threats. By implementing and operationalising A 2 C, SOCs can significantly reduce alert fatigue while empowering analysts to efficiently and effectively respond to security incidents.

computer science, information systems, software engineering

Jack Tilbury,Stephen Flowerday

DOI: https://doi.org/10.3390/jcp4030020

2024-07-01

Journal of Cybersecurity and Privacy

Abstract:The continuous integration of automated tools into security operation centers (SOCs) increases the volume of alerts for security analysts. This amplifies the risk of automation bias and complacency to the point that security analysts have reported missing, ignoring, and not acting upon critical alerts. Enhancing the SOC environment has predominantly been researched from a technical standpoint, failing to consider the socio-technical elements adequately. However, our research fills this gap and provides practical insights for optimizing processes in SOCs. The synergy between security analysts and automation can potentially augment threat detection and response capabilities, ensuring a more robust defense if effective human-automation collaboration is established. A scoping review of 599 articles from four databases led to a final selection of 49 articles. Thematic analysis resulted in 609 coding references generated across four main themes: SOC automation challenges, automation application areas, implications on analysts, and human factor sentiment. Our findings emphasize the extent to which automation can be implemented across the incident response lifecycle. The SOC Automation Matrix represents our primary contribution to achieving a mutually beneficial relationship between analyst and machine. This matrix describes the properties of four distinct human-automation combinations. This is of practical value to SOCs striving to optimize their processes, as our matrix mentions socio-technical system characteristics for automated tools.

computer science, information systems, interdisciplinary applications, software engineering

Xiaoyu Wang,Xiaobo Yang,Xueping Liang,Xiu Zhang,Wei Zhang,Xiaorui Gong

DOI: https://doi.org/10.1016/j.cose.2023.103583

IF: 5.105

2024-02-01

Computers & Security

Abstract:Alert fatigue problems can have serious consequences for the enterprise security. When analysts become overwhelmed by the sheer number of alerts, high-risk alerts may go unnoticed or receive delayed responses, exposing the organization to potential cyber threats or data breaches. While current research on alert triage primarily concentrates on reducing false positives, analysts still face a shortage of resources to investigate all true alerts. The key to resolving this issue lies in the prioritization of alerts based on their potential severity, allowing analysts to allocate their efforts effectively. This paper introduces AlertPro, an alert prioritization framework that facilitates the alert triage and validation stage of typical SOC workflow. The AlertPro framework extracts context features from alert sequences and history features from alerts previously investigated by analysts, besides basic features from raw alert data. By presenting analysts with only the top-ranked potentially high-risk alerts in each query and continually updating these rankings based on feedback, AlertPro significantly streamlines the alert investigation process. To evaluate AlertPro, we conducted experiments on five datasets that are chosen or prepared specifically because they all include multi-step attacks. The results reveal that AlertPro is able to discover a previously undisclosed attack concealed within the public dataset iscx, illustrating its potential in enhancing security posture. We also evaluate the feature importance in anomaly detection and conclude that employing context features yields better performance over basic features. The paper also explores the effectiveness of incorporating history features in active learning, achieving an average improvement of 30% in attack discovery rates. The processing time of AlertPro for re-ranking and selecting high-risk alerts is within 0.5 seconds, indicating that AlertPro can effectively work in real-time scenarios. AlertPro is limited to only using partial feedback and can be improved by incorporating richer feedback from experts. Overall, AlertPro mitigates alert fatigue, enabling security analysts to concentrate their efforts on high-priority threats.

computer science, information systems

Iqbal H. Sarker,Helge Janicke,Nazeeruddin Mohammad,Paul Watters,Surya Nepal

2023-09-28

Abstract:This position paper explores the broad landscape of AI potentiality in the context of cybersecurity, with a particular emphasis on its possible risk factors with awareness, which can be managed by incorporating human experts in the loop, i.e., "Human-AI" teaming. As artificial intelligence (AI) technologies advance, they will provide unparalleled opportunities for attack identification, incident response, and recovery. However, the successful deployment of AI into cybersecurity measures necessitates an in-depth understanding of its capabilities, challenges, and ethical and legal implications to handle associated risk factors in real-world application areas. Towards this, we emphasize the importance of a balanced approach that incorporates AI's computational power with human expertise. AI systems may proactively discover vulnerabilities and detect anomalies through pattern recognition, and predictive modeling, significantly enhancing speed and accuracy. Human experts can explain AI-generated decisions to stakeholders, regulators, and end-users in critical situations, ensuring responsibility and accountability, which helps establish trust in AI-driven security solutions. Therefore, in this position paper, we argue that human-AI teaming is worthwhile in cybersecurity, in which human expertise such as intuition, critical thinking, or contextual understanding is combined with AI's computational power to improve overall cyber defenses.

Cryptography and Security,Artificial Intelligence,Machine Learning

Mosa Sankaram,,Ms Roopesh,Sasank Rasetti,Nourin Nishat,,

DOI: https://doi.org/10.62304/jbedpm.v3i05.180

2024-07-10

Abstract:This literature review explores the transformative impact of artificial intelligence (AI) on enhancing cybersecurity measures across various domains. The study systematically examines the integration of AI in Intrusion Detection Systems (IDS), malware detection, phishing detection, threat intelligence, network security, and endpoint protection. Key findings reveal that AI-driven techniques significantly outperform traditional methods, particularly in real-time threat detection, accuracy, and adaptive response capabilities. Network-based IDS benefit from supervised and unsupervised learning algorithms, improving the identification of malicious network traffic and novel attack patterns. In malware detection, AI-enhanced static and dynamic analysis methods surpass signature-based approaches by detecting previously unknown malware and complex behaviors. Phishing detection has seen substantial improvements with AI applications in email filtering and URL analysis, reducing phishing incidents despite challenges like false positives. AI's role in threat intelligence is critical, automating data analysis to uncover hidden threats and employing predictive analytics to anticipate and mitigate cyber attacks. AI techniques in network security and endpoint protection enhance real-time monitoring and authentication processes, providing robust defenses against cyber intrusions. Despite these advancements, challenges such as handling high data volumes and the need for continuous learning to adapt to emerging threats remain. This review underscores the significant advancements, practical implementations, and ongoing challenges of leveraging AI in cybersecurity, highlighting its potential to fortify digital defenses and address the complexities of contemporary cyber threats.

Valentine A. Onih,Yufenyuy S. Sevidzem,Sulaimon Adeniji

DOI: https://doi.org/10.37502/ijsmr.2024.7404

2024-01-01

International Journal of Scientific and Management Research

Abstract:Introduction: Considering growing cyber risks, this study aims to investigate how artificial intelligence (AI) can enhance threat detection and response rates, thereby enhancing cybersecurity systems. It specifically focuses on addressing the urgent requirement for enhanced defence strategies. Methodology: The research utilised a quantitative approach to analyse data gathered from cybersecurity professionals. Surveys are carried out to assess how well AI technologies work in ensuring safety, the challenges faced, and their practical use in various industries. Discussion: The findings show that artificial intelligence, specifically utilizing machine learning and deep learning, significantly improves the capability to detect and mitigate potential risks. Despite this, there are major challenges including high implementation costs, lack of skilled employees, and concerns about data security that act as significant barriers. The study also highlights the broad consensus on the transformative power of AI in revolutionizing cybersecurity, despite the existence of these challenges. Conclusion: It has become obvious that AI technologies have the capability to improve cybersecurity practices through improved identification and response to cyberattacks. However, to make this work, allocating strategic resources for AI infrastructure development, providing extensive training for professionals, and thoroughly assessing ethical implications are crucial.

Håvard Jakobsen Ofte

DOI: https://doi.org/10.1007/s10207-024-00872-6

2024-07-19

International Journal of Information Security

Abstract:Abstract Security operation centers (SOCs) are increasingly established to meet the growing threat against cyber security. The operators of SOCs respond to complex incidents under time constraints. Within critical infrastructure, the consequences of human error or low performance in SOCs may be detrimental. In other domains, situation awareness (SA) has proven useful to understand and measure how operators use information and decide the correct actions. Until now, SA research in SOCs has been restricted by a lack of in-depth studies of SA mechanisms. Therefore, this study is the first to conduct a goal-directed task analysis in a SOC for critical infrastructure. The study was conducted through a targeted series of unstructured and semi-structured interviews with SOC operators and their leaders complemented by a review of documents, incident reports, and in situ observation of work within the SOC and real incidents. Among the presented findings is a goal hierarchy alongside a complete overview of the decisions the operators make during escalated incidents. How the operators gain and use SA in these decisions is presented as a complete set of SA requirements. The findings are accompanied by an analysis of contextual differences in how the operators prioritize goals and use information in network incidents and security incidents. This enables a discussion of what SA processes might be automated and which would benefit from different SA models. The study provides a unique insight into the SA of SOC operators and is thus a steppingstone for bridging the knowledge gap of Cyber SA.

computer science, information systems, theory & methods, software engineering

Olufunsho I. Falowo,Lily Edinam Botsyoe,Kehinde Koshoedo,Murat Ozer

DOI: https://doi.org/10.1109/access.2024.3454543

IF: 3.9

2024-09-10

IEEE Access

Abstract:This study explores how integrating Artificial General Intelligence (AGI) with Artificial Immune Systems (AIS) could potentialy enhance the efficiency of Security Operations Centers (SOCs). By employing a hypothetical case study and mathematical models, this research compares AGI-driven AIS with traditional AI-driven AIS across key SOC metrics such as True Positives, Benign Positives, False Positives, and False Negatives. Our analysis reveals that AGI-driven AIS solution offers notable improvements in detection accuracy and operational efficiency while reducing costs. These findings highlight the transformative potential of AGI in bolstering cybersecurity defenses. This research emphasizes the importance of AGI for SOCs, presenting it as a critical advancement over current AI technologies. This is particularly relevant for government regulators, original equipment manufacturers (OEMs), cybersecurity professionals, and investors. This study attempts to provide a compelling evidence that AGI can drive more effective and efficient SOC operations, encouraging stakeholders to consider investing in and adopting these advanced AI technologies. In a landscape where cybersecurity threats are becoming increasingly sophisticated, the integration of AGI with AIS to build security threat detection and response, represents a promising frontier. This research underscores the potential of AGI to not only enhance detection and response capabilities but to also streamline operations and optimize resource allocation within SOCs. The findings in this study, we argue, suggest that AGI could play a pivotal role in the future of cybersecurity, making it an essential consideration for those looking to stay ahead in the ongoing battle against cyber threats.

computer science, information systems,telecommunications,engineering, electrical & electronic

Abdulaziz Gulay,Leandros Maglaras

2024-10-03

Abstract:The increasing frequency and sophistication of cybersecurity incidents pose significant challenges to organisations, highlighting the critical need for robust incident response capabilities. This paper explores a possible utilisation of IR CMMs assessments to systematically prioritise incidents based on their impact, severity, and the incident response capabilities of an organisation in specific areas associated with human and organisational factors. The findings reveal common weaknesses in incident response, such as inadequate training and poor communication, and highlight best practices, including regular training programs, clear communication protocols, and well-documented response procedures. The analysis also emphasises the importance of organisational culture in enhancing incident response capabilities. By addressing the gap in understanding how the output of IRM assessments can be immediately utilised to prioritise high-risk incidents, this paper contributes valuable insights to academia and practice, offering a structured approach to enhancing organisational resilience against cybersecurity threats.

Cryptography and Security

Chinenye Cordelia Nnamani

DOI: https://doi.org/10.58578/ijemt.v2i3.3904

2024-10-05

Abstract:This Article thoroughly examines the revolutionary impact of Artificial Intelligence (AI) on improving threat detection and response tactics within the swiftly changing realm of cybersecurity. Conventional security measures, struggling against the complexity of contemporary cyber threats, fail to provide adequate protection. In response, AI, driven by machine learning algorithms and predictive analytics, becomes a dynamic and adaptive entity strengthening digital defenses. The investigation commences with a comprehensive analysis of the methods by which AI enhances danger detection. Behavioral analytics utilizes AI to assess user behaviors and network activity, creating a proactive baseline, while anomaly detection and predictive analysis harness machine learning to recognize deviations from the norm and forecast potential dangers. This comprehensive strategy enables organizations to remain proactive against emerging cyber threats. Moreover, the study explores the crucial function of AI in incident response. AI-driven automated incident analysis expedites reaction times by rapidly analyzing and prioritizing security warnings. The amalgamation of AI with threat intelligence streams guarantees a perpetually updated knowledge repository, enabling organizations to respond adeptly to emerging dangers. The dynamic flexibility of AI allows systems to evolve and learn from each incidence, hence enhancing their defensive capacities over time. The discourse recognizes the significant advantages of AI in cybersecurity while simultaneously addressing the obstacles associated with its application. False positives, a potential drawback, require a measured approach to prevent the perception of typical action as harmful. Ethical factors, including privacy concerns and responsible AI practices, highlight the necessity for a judicious and principled incorporation of AI in cybersecurity. The paper underscores the essential collaborative synergy between human expertise and AI technologies. The essay emphasizes the importance of continuous investment in AI training programs for cybersecurity professionals, acknowledging that AI is best successful when enhanced by human insights. Additionally, it advocates for routine security audits to assess and refine cybersecurity protocols, collaborative research efforts to tackle ethical issues, and user education activities to strengthen collective defenses. As the digital landscape evolves, the incorporation of AI in cybersecurity seems not as a cure-all but as a formidable ally. This partnership guarantees a robust protection against increasingly complex cyber-attacks, reinforcing the basis for a secure digital future.

Gourav Nagar

DOI: https://doi.org/10.18535/ijsrm/v6i7.ec05

2018-07-28

Abstract:It is now clear that as new cyberthreats emerge, old security measures are less successful in thwarting increasingly sophisticated cyberattacks. One of the most significant and influential technologies of the last few years, artificial intelligence (AI) is a game-changer for security operations because it can automate critical processes, maintain real-time threat recognition, and respond with equal speed and efficiency. Based on the automation of threats, vulnerabilities, and events, this abstract analyzes the use of AI in security. It looks at specific AI use cases, such as automated patch management, UEBA, and machine learning-based anomalous activity detection, and explains how the technologies greatly increase the speed and accuracy of thwarting cyberthreats. As a tool, AI offers massive advantages: it helps minimize human effort, act faster, and scale easily but is not without risks inherent to operating on the internet. Namely, some responsibilities involve inputting relevant context, making ethical decisions, and interpreting what AI systems have to offer to human operators will always be needed.This abstract also explores the further discussion of the integration of AI security processing capabilities and experienced security personnel so that both facets are achieved efficiently and rightfully ethically. Finally, the abstract concludes that the key to the future advancement of cybersecurity is the ability to find the best conditions for the collaboration of artificial intelligence and human thought, to strengthen the security of organizations and reduce the consequences of plan implementation.

Sergio Bernardez Molina,Pantaleone Nespoli,Félix Gómez Mármol

2024-05-29

Abstract:There is no denying that the use of Information Technology (IT) is undergoing exponential growth in today's world. This digital transformation has also given rise to a multitude of security challenges, notably in the realm of cybercrime. In response to these growing threats, public and private sectors have prioritized the strengthening of IT security measures. In light of the growing security concern, Artificial Intelligence (AI) has gained prominence within the cybersecurity landscape. This paper presents a comprehensive survey of recent advancements in AI-driven threat response systems. To the best of our knowledge, the most recent survey covering the AI reaction domain was conducted in 2017. Since then, considerable literature has been published, and therefore, it is worth reviewing it. In this comprehensive survey of the state of the art reaction systems, five key features with multiple values have been identified, facilitating a homogeneous comparison between the different works. In addition, through a meticulous methodology of article collection, the 22 most relevant publications in the field have been selected. Then each of these publications has been subjected to a detailed analysis using the features identified, which has allowed for the generation of a comprehensive overview revealing significant relationships between the papers. These relationships are further elaborated in the paper, along with the identification of potential gaps in the literature, which may guide future contributions. A total of seven research challenges have been identified, pointing out these potential gaps and suggesting possible areas of development through concrete proposals.

Cryptography and Security,Artificial Intelligence

Gang Yang,Chaojing Tang,Xingtong Liu

DOI: https://doi.org/10.3390/sym14102138

2022-10-14

Symmetry

Abstract:The exponential expansion of Internet interconnectivity has led to a dramatic increase in cyber-attack alerts, which contain a considerable proportion of false positives. The overwhelming number of false positives cause tremendous resource consumption and delay responses to the really severe incidents, namely, alert fatigue. To cope with the challenge from alert fatigue, we focus on enhancing the capability of detectors to reduce the generation of false alerts from the detection perspective. The core idea of our work is to train a machine-learning-based detector to grasp the empirical intelligence of security analysts to estimate the feasibility of an incoming HTTP request to cause substantial threats, and integrate the estimation into the detection stage to reduce false alarms. To this end, we innovatively introduce the concept of attack feasibility to characterize the composition rationality of an inbound HTTP request as a feasible attack under static scrutinization. First, we adopt a fast request-reorganization algorithm to transform an HTTP request into the form of interface:payload pair for further alignment of structural components which can reveal the processing logic of the target program. Then, we build a dual-channel attention-based circulant convolution neural network (DualAC2NN) to integrate the attack feasibility estimation into the alert decision, by comprehensively considering the interface sensitivity, payload maliciousness, and their bipartite compatibility. Experiments on a real-world dataset show that the proposed method significantly reduces invalid alerts by around 86.37% and over 61.64% compared to a rule-based commercial WAF and several state-of-the-art methods, along with retaining a detection rate at 97.89% and a lower time overhead, which indicates that our approach can effectively mitigate alert fatigue from the detection perspective.

Hao Wu

DOI: https://doi.org/10.12694/scpe.v25i3.2065

2024-04-12

Abstract:There is rapid growth of the security threats faced by enterprises and the security attacks technology is also established at a higher level. Enterprises are facing an escalating threat landscape marked by sophisticated security attacks. To address the structural and technical challenges of information security situational awareness, a method for designing an artificial intelligence-driven system is proposed. In order to solve the system structure and key technical problems of information security situational awareness technology of artificial intelligence, a method of designing information security situational awareness system is proposed, and experiments are carried out through the method. By analyzing the data sources that the system needs to collect, including network traffic mirror data, log data, security intelligence and support data, this paper verifies the feasibility of the system method of information security situational awareness technology of artificial intelligence technology. The proposed core competence platform has the characteristics of low delay and robust real-time capabilities. By presetting the event processing topology, we can quickly build the event processing process, and build the corresponding event processing topology model according to different processing requirements to meet the business requirements. The AI-powered information security situational awareness system substantially enhances security awareness and prediction accuracy.

Tita A. Bach,Jenny K. Kristiansen,Aleksandar Babic,Alon Jacovi

DOI: https://doi.org/10.1109/ACCESS.2024.3437190

2024-08-05

Abstract:Ensuring quality human-AI interaction (HAII) in safety-critical industries is essential. Failure to do so can lead to catastrophic and deadly consequences. Despite this urgency, existing research on HAII is limited, fragmented, and inconsistent. We present here a survey of that literature and recommendations for research best practices that should improve the field. We divided our investigation into the following areas: 1) terms used to describe HAII, 2) primary roles of AI-enabled systems, 3) factors that influence HAII, and 4) how HAII is measured. Additionally, we described the capabilities and maturity of the AI-enabled systems used in safety-critical industries discussed in these articles. We found that no single term is used across the literature to describe HAII and some terms have multiple meanings. According to our literature, seven factors influence HAII: user characteristics (e.g., user personality), user perceptions and attitudes (e.g., user biases), user expectations and experience (e.g., mismatched user expectations and experience), AI interface and features (e.g., interactive design), AI output (e.g., perceived accuracy), explainability and interpretability (e.g., level of detail, user understanding), and usage of AI (e.g., heterogeneity of environments). HAII is most measured with user-related subjective metrics (e.g., user perceptions, trust, and attitudes), and AI-assisted decision-making is the most common primary role of AI-enabled systems. Based on this review, we conclude that there are substantial research gaps in HAII. Researchers and developers need to codify HAII terminology, involve users throughout the AI lifecycle (especially during development), and tailor HAII in safety-critical industries to the users and environments.

Human-Computer Interaction,Artificial Intelligence

Sabarathinam Chockalingam,Dina Hadziosmanovic,Wolter Pieters,Andre Teixeira,Pieter van Gelder

DOI: https://doi.org/10.48550/arXiv.1707.02140

2017-07-07

Abstract:Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by implementing suitable risk treatment plans. However, an overarching overview of these methods, systematizing the characteristics of such methods, is missing. In this paper, we conduct a systematic literature review, and identify 7 integrated safety and security risk assessment methods. We analyze these methods based on 5 different criteria, and identify key characteristics and applications. A key outcome is the distinction between sequential and non-sequential integration of safety and security, related to the order in which safety and security risks are assessed. This study provides a basis for developing more effective integrated safety and security risk assessment methods in the future.

Cryptography and Security

Sakthiswaran Rangaraju

DOI: https://doi.org/10.53555/ephijse.v9i3.211

2023-12-01

Abstract:In recent years, the escalating complexity and frequency of cyber threats have presented a formidable challenge to traditional cybersecurity measures. The emergence of artificial intelligence (AI) technologies has revolutionized the landscape, offering a promising solution to fortify defenses against evolving threats. This paper introduces AI Sentry, an innovative approach to cybersecurity that leverages the power of AI for intelligent threat detection and prevention. AI Sentry embodies a paradigm shift in cybersecurity, integrating machine learning, neural networks, and advanced algorithms to proactively identify, analyze, and mitigate potential threats in real time. By continuously learning from vast datasets and adapting to new attack vectors, AI Sentry enhances its ability to recognize anomalous patterns and behaviors, thereby thwarting sophisticated cyber assaults. The core strength of AI Sentry lies in its capability to detect anomalies and predict threats with a high degree of accuracy, surpassing the limitations of traditional signature-based systems. Through anomaly detection, behavioral analysis, and contextual understanding, AI Sentry not only identifies known threats but also anticipates zero-day attacks and previously unseen malicious activities. This paper delves into the technical underpinnings of AI Sentry, elucidating its architecture, data processing techniques, machine learning models, and the orchestration of various AI components. Furthermore, it explores the ethical considerations and challenges associated with AI-powered cybersecurity, including issues of privacy, bias mitigation, and transparency in decision-making.

Hussain Ahmad,Faheem Ullah,Rehan Jafri

2024-08-14

Abstract:Cyber situational awareness systems are increasingly used for creating cyber common operating pictures for cybersecurity analysis and education. However, these systems face data occlusion and convolution issues due to the burgeoning complexity, dimensionality, and heterogeneity of cybersecurity data, which damages cyber Situational Awareness (SA) of end-users. Moreover, conventional ways of human-computer interactions, such as mouse and keyboard, increase the mental effort and cognitive load of cybersecurity practitioners, when analyzing cyber situations of large-scale infrastructures. Therefore, immersive technologies, such as virtual reality, augmented reality, and mixed reality, are employed in the cybersecurity realm to create intuitive, engaging, and interactive cyber common operating pictures. The Immersive Cyber Situational Awareness (ICSA) systems provide several unique visualization techniques and interaction features for the perception, comprehension, and projection of cyber SA. However, there has been no attempt to comprehensively investigate and classify the existing state of the art in the use of immersive technologies for cyber SA. Therefore, in this paper, we have gathered, analyzed, and synthesized the existing body of knowledge on ICSA systems. In particular, our survey has identified visualization and interaction techniques, evaluation mechanisms, and different levels of cyber SA (i.e., perception, comprehension, and projection) for ICSA systems. Consequently, our survey has enabled us to propose: (i) a reference framework for designing and analyzing ICSA systems by mapping immersive visualization and interaction techniques to the different levels of ICSA; (ii) future research directions for advancing the state-of-the-art on ICSA systems; and (iii) an in-depth analysis of the industrial implications of ICSA systems to enhance cybersecurity operations.

Cryptography and Security

Teena Arora,Venki Balasubramanian,Andrew Stranieri,Shenhan Mai,Rajkumar Buyya,Sardar Islam

DOI: https://doi.org/10.1201/9781003145189

2023-02-08

Abstract:Remote Patient Monitoring (RPM) is an emerging technology paradigm that helps reduce clinician workload by automated monitoring and raising intelligent alarm signals. High sensitivity and intelligent data-processing algorithms used in RPM devices result in frequent false-positive alarms, resulting in alarm fatigue. This study aims to critically review the existing literature to identify the causes of these false-positive alarms and categorize the various interventions used in the literature to eliminate these causes. That act as a catalog and helps in false alarm reduction algorithm design. A step-by-step approach to building an effective alarm signal generator for clinical use has been proposed in this work. Second, the possible causes of false-positive alarms amongst RPM applications were analyzed from the literature. Third, a critical review has been done of the various interventions used in the literature depending on causes and classification based on four major approaches: clinical knowledge, physiological data, medical sensor devices, and clinical environments. A practical clinical alarm strategy could be developed by following our pentagon approach. The first phase of this approach emphasizes identifying the various causes for the high number of false-positive alarms. Future research will focus on developing a false alarm reduction method using data mining.

Machine Learning

Xiang Cheng,Jiale Zhang,Bing Chen

DOI: https://doi.org/10.3390/s19184045

IF: 3.9

2019-01-01

Sensors

Abstract:With the emergence of the Advanced Persistent Threat (APT) attacks, many Internet of Things (IoT) systems have faced large numbers of potential threats with the characteristics of concealment, permeability, and pertinence. However, existing methods and technologies cannot provide comprehensive and prompt recognition of latent APT attack activities in the IoT systems. To address this problem, we propose an APT Alerts and Logs Correlation Method, named APTALCM and a framework of deploying APTALCM on the IoT system, where an edge computing architecture was used to achieve cyber situation comprehension without too much data transmission cost. Specifically, we firstly present a cyber situation ontology for modeling the concepts and properties to formalize APT attack activities in the IoT systems. Then, we introduce a cyber situation instance similarity measurement method based on the SimRank mechanism for APT alerts and logs Correlation. Combining with instance similarity, we further propose an APT alert instances correlation method to reconstruct APT attack scenarios and an APT log instances correlation method to detect log instance communities. Through the coalescence of these methods, APTALCM can accomplish the cyber situation comprehension effectively by recognizing the APT attack intentions in the IoT systems. The exhaustive experimental results demonstrate that the two kernel modules, i.e., Alert Instance Correlation Module (AICM) and Log Instance Correlation Module (LICM) in our APTALCM, can achieve both high true-positive rate and low false-positive rate.