A short listing of research papers I’ve discovered recently that aim to automate or speed up cyber security alert triage (alert prioritization/ranking, causal event correlation, and enrichment).
- NODOZE: Combatting Threat Alert Fatigue with Automated Provenance Triage
- OmegaLog: High-Fidelity Attack Investigation via Transparent Multi-layer Log Analysis
- Towards a Timely Causality Analysis for Enterprise Security
- ProPatrol: Attack Investigation via Extracted High-Level Tasks
- Exploiting Time and Subject Locality for Fast, Efficient, and Understandable Alert Triage
- Deep learning for prioritizing and responding to intrusion detection alerts
- Automated Threat-Alert Screening for Battling Alert Fatigue with Temporal Isolation Forest
The “short links” format was inspired by O’Reilly’s Four Short Links series.