Justin E. Doak

  • Citations Per Year
Learn More
In the cyber security operations of a typical organization, data from multiple sources are monitored, and when certain conditions in the data are met, an alert is generated in a Security Event and Incident Management system. Analysts inspect these alerts to decide if any deserve promotion to an event requiring further scrutiny. This triage process is(More)
As cyber monitoring capabilities expand and data rates increase, cyber security analysts must filter through an increasing number of alerts in order to identify potential intrusions on the network. This process is often manual and time-consuming, which limits the number of alerts an analyst can process. This generation of a vast number of alerts without any(More)
  • 1