摘要
在数字化时代背景下,网络安全面临的挑战日益增加,告警疲劳问题突出,传统的告警处理方法因难以区分真假威胁而效率低下。通过采用生成式人工智能(Artificial Intelligence,AI)技术,不仅能更准确地识别安全威胁、减少误报,还能提高安全事件处理的效率。此外,AI的数据分析能力也有助于安全团队更有效应对复杂安全事件,提升网络安全运营水平。AI技术在实际应用中面临准确度和可解释性挑战,通过引入大型语言模型代理(Large Language Model Agent,LLM Agent)降噪系统,集成大小模型的能力,结合告警态势感知和知识库数据,能进一步提高降噪的准确率,实现告警降噪的高效处理。
Against the backdrop of the digital age,the challenges faced by cybersecurity are increasing,with alarm fatigue becoming a prominent issue.Traditional alarm handling methods suffer from low efficiency due to their inability to effectively distinguish between real and false threats.The adoption of generative artificial intelligence(AI)technology not only allows for more accurate identification of security threats and reduction in false alarms but also enhances the efficiency of handling security events.Moreover,AI s capability in data analysis aids security teams in more effectively addressing complex security incidents,thereby improving the overall level of network security.Despite the challenges of accuracy and interpretability faced by AI technology in practical applications,the introduction of the LLM agent noise reduction system,which integrates the capabilities of both large and small models,combined with alert situation awareness and knowledge database data,can achieve efficient alarm processing.
作者
孟楠
周成胜
赵勋
MENG Nan;ZHOU Chengsheng;ZHAO Xun(Security Research Institute,China Academy of Information and Communications Technology,Beijing 100191,China)
出处
《信息通信技术与政策》
2024年第8期24-31,共8页
Information and Communications Technology and Policy
