RADAMS: Resilient and Adaptive Alert and Attention Management Strategy against Informational Denial-of-Service (IDoS) Attacks

  title={RADAMS: Resilient and Adaptive Alert and Attention Management Strategy against Informational Denial-of-Service (IDoS) Attacks},
  author={Linan Huang and Quanyan Zhu},
  journal={Comput. Secur.},

Reinforcement Learning for Feedback-Enabled Cyber Resilience

ADVERT: An Adaptive and Data-Driven Attention Enhancement Mechanism for Phishing Prevention

The results show that the visual aids can statistically increase the attention level and improve the accuracy of phishing recognition from 74.6% to a minimum of 86%.

Multi-Agent Learning for Resilient Distributed Control Systems

This chapter introduces the creation of an artificial intelligence (AI) stack in the MAS to provide computational intelligence for subsystems to detect, respond, and recover and discusses the role of MAS learning in resiliency.

ZETAR: Modeling and Computational Design of Strategic and Adaptive Compliance Policies

ZETAR, a zero-trust audit and recommendation framework, is developed to provide a quantitative approach to model incentives of the insiders and design customized and strategic recommendation policies to improve their compliance and promote insiders’ satisfaction.



Combating Informational Denial-of-Service (IDoS) Attacks: Modeling and Mitigation of Attentional Human Vulnerability

This work aims to formally define IDoS attacks, quantify their consequences, and develop human-assistive security technologies to mitigate the severity level and risks of IDS attacks.

A Game-Theoretic Approach for Alert Prioritization

This paper model alert prioritization with adaptive adversaries using a Stackelberg game and introduces an approach to compute the optimal prioritization of alert types, using both synthetic data and real-world dataset of alerts generated from the audit logs of an electronic medical record system in use at a large academic medical center.

Finding Needles in a Moving Haystack: Prioritizing Alerts with Adversarial Reinforcement Learning

A novel approach for computing a policy for prioritizing alerts using adversarial reinforcement learning, which uses neural reinforcement learning to compute best response policies for both the defender and the adversary to an arbitrary stochastic policy of the other.

Deep learning for prioritizing and responding to intrusion detection alerts

A case study of the application of machine learning to the initial triage of security alerts to help reduce the manual burden placed on Department of Defense (DOD) cyber defense security analysts is reviewed.

NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage

NODOZE generates alert dependency graphs that are two orders of magnitude smaller than those generated by traditional tools without sacrificing the vital information needed for the investigation, and decreases the volume of false alarms by 84%, saving analysts’ more than 90 hours of investigation time per week.

False Alert Buster: an Adaptive Approach for NIDS False Alert Filtering

This paper proposes a scheme to automate false positive alert filtering by leveraging kernel density estimation, which is 34% to 62% better in performance (in terms of error ratio) compared to other algorithms.

Learning to rank for alert triage

The use of supervised machine learning to rank these cyber security alerts to ensure that an analyst's time and energy are focused on the most important alerts to alleviate alert desensitization.

Dynamic Scheduling of Cybersecurity Analysts for Minimizing Risk Using Reinforcement Learning

A reinforcement learning-based stochastic dynamic programming optimization model is presented that incorporates the above estimates of future alert rates and responds by dynamically scheduling cybersecurity analysts to minimize risk (i.e., maximize significant alert coverage by analysts) and maintain the risk under a pre-determined upper bound.

Threat Alert Prioritization Using Isolation Forest and Stacked Auto Encoder With Day-Forward-Chaining Analysis

A new method for highlighting critical alerts with a minimal number of false negatives is presented, which takes the advantage of day-forward-chaining analysis and employs isolation forest to ensure unsupervised performance and adaptability to different types of networks.