网络安全告警降噪基线的智能生成方法

Intelligent Generation Method of Noise Reduction Baseline for Cybersecurity Alert

网络安全运营往往通过预置的基线规则组等方法来过滤告警,在复杂的场景中难以深入适配企业的具体网络和业务环境.随着企业信息化业务的不断扩展,复杂的网络攻击通常隐藏在海量告警中,造成告警疲劳的现象,严重影响安全运营团队的运营效率.提出一种智能的算法用于生成可解释的网络安全告警降噪基线.面向告警载荷进行数据挖掘建立基线,帮助运营人员在不了解公司环境和业务的情况下对海量的告警进行过滤,提升安全运营的效率.最终,在某大型公司的实际生产环境验证发现生成的降噪基线可以有效地过滤告警.

The operators often filter alerts through some preset baseline rule groups in cybersecurity operation.It is difficult to deeply adapt to the specific network and business environment of the enterprise.With the continuous expansion of enterprise information services,the complex cyberattack is usually hidden in tons of alerts.It causes the alert fatigue,which reduces the efficiency of security operation center.We propose a cybersecurity alert baseline method based on intelligence algorithm to generate interpretable alert noise reduction baselines,which can filter alerts without understanding the company's environment and business.It can improve the efficiency of cybersecurity operation.This method can effectively filter alerts in the actual production environment of a large company.