Security Information and Event Management (SIEM) platforms are critical for organizations to monitor and manage their security operations centers. However, organizations using SIEM platforms have several challenges su...Security Information and Event Management (SIEM) platforms are critical for organizations to monitor and manage their security operations centers. However, organizations using SIEM platforms have several challenges such as inefficiency of alert management and integration with real-time communication tools. These challenges cause delays and cost penalties for organizations in their efforts to resolve the alerts and potential security breaches. This paper introduces a cybersecurity Alert Distribution and Response Network (Adrian) system. Adrian introduces a novel enhancement to SIEM platforms by integrating SIEM functionalities with real-time collaboration platforms. Adrian leverages the uniquity of mobile applications of collaboration platforms to provide real-time alerts, enabling a two-way communication channel that facilitates immediate response to security incidents and efficient SIEM platform management. To demonstrate Adrian’s capabilities, we have introduced a case-study that integrates Wazuh, a SIEM platform, to Slack, a collaboration platform. The case study demonstrates all the functionalities of Adrian including the real-time alert distribution, alert customization, alert categorization, and enablement of management activities, thereby increasing the responsiveness and efficiency of Adrian’s capabilities. The study concludes with a discussion on the potential expansion of Adrian’s capabilities including the incorporation of artificial intelligence (AI) for enhanced alert prioritization and response automation.展开更多
With the rapid development of mobile Internet, people pay increasing attention to the wireless network security problem. But due to the specificity of the wireless network, at present it is rare to see the research of...With the rapid development of mobile Internet, people pay increasing attention to the wireless network security problem. But due to the specificity of the wireless network, at present it is rare to see the research of wireless intrusion alerts clustering method for mobile Internet. This paper proposes a Wireless Intrusion Alert Clustering Method(WIACM) based on the information of the mobile terminal. The method includes alert formatting, alert reduction and alert classification. By introducing key information of the mobile terminal device, this method aggregates the original alerts into hyper alerts. The experimental results show that WIACM would be appropriate for real attack scenarios of mobile Internet, and reduce the amount of alerts with more accuracy of alert analysis.展开更多
Back of queue crashes on Interstates are a major concern for all state transportation departments. In 2020, Indiana DOT begin deploying queue warning trucks with message boards, flashers and digital alerts that could ...Back of queue crashes on Interstates are a major concern for all state transportation departments. In 2020, Indiana DOT begin deploying queue warning trucks with message boards, flashers and digital alerts that could be transmitted to navigation systems such as Waze. This study reports on the deployment and impact evaluation of digital alerts on motorist’s assistance patrols and 19 Queue trucks in Indiana. The motorist assistance patrol evaluation is provided qualitatively. A novel analysis of queue warning trucks equipped with digital alerts was conducted during the months of May-July in 2021 using connected vehicle data. This new data set reports locations of anonymous hard-braking events from connected vehicles on the Interstate. Hard-braking events were tabulated for when queueing occurred with and without the presence of a queue warning truck. Approximately 370 hours of queueing with queue trucks present and 58 hours of queueing without queue truck<span style="font-family:Verdana;">s</span><span style="font-family:Verdana;"> present were evaluated. Hard-braking events were found to decrease approximately 80% when queue warning trucks were used to alert motorists of impending queues.</span>展开更多
To solve the problem of the aleri flooding and information semantics in theexisting Intrusion Detection Sys-tem(IDS), we present a two-stage algorithm for correlating thealerts. In the first stage- the high-level aler...To solve the problem of the aleri flooding and information semantics in theexisting Intrusion Detection Sys-tem(IDS), we present a two-stage algorithm for correlating thealerts. In the first stage- the high-level alerts is integrated by using the Chronicle patternsbased on time intervals, which describe and match the alerts with the temporal time constrains of aninput sequence. In the second stage, the preparing relationship between the high-level alerts isdefined, which is applied to eorrtlatethe high-level alerts, and the attack scenario is constructedby drawing the attack graph. In the end a given example show? the performances of this two-stagecorrelation algorithm in decreasing the number and improving the information semantic of theintrusion alerts produced by the IDS.展开更多
Warning alerts are specially designed to protect user rights and safety to avoid serious damage caused by overlooking the essence of warning alerts. Today’s world of Information Communication Technology (ICT) needs i...Warning alerts are specially designed to protect user rights and safety to avoid serious damage caused by overlooking the essence of warning alerts. Today’s world of Information Communication Technology (ICT) needs improvement and to review the decisions of security experts in terms of improving warning designs and dialogues, and timely inform the authorities to take quick action at the right time and choice. Human behaviour is deeply involved in most of the security failures and its poor response. If we are able to check and monitor human behaviour in any organisation, we can achieve quality assurance and provide best services to our customers. We have arranged a study in the Center of Post Graduate Studies, International Islamic University, Malaysia (CPS-IIUM), department of Hajj Services-Makkah, and Hospital Management System-Makkah comprised of Observation, Interviews, Questionnaire and discussion based on organizational structure and job activities of people involved in different scenarios and positions under one umbrella of organizational objectives in order to trap the human error in order to take rapid action and response from the management team. Human behaviour is deeply observed and checked while performing different job activities in order to identify the serious errors at the right time during job performance at various levels. We have applied the concept of Brahm’s Language for the simulation of human behaviour which proves an opportunity to simulate human behaviour while performing job activities. Customer service can be improved easily if necessary measures and decisions are taken at the right time and place in any organisation.展开更多
Modern cloud services are monitored by numerous multidomain and multivendor monitoring tools,which generate massive numbers of alerts and events that are not actionable.These alerts usually carry isolated messages tha...Modern cloud services are monitored by numerous multidomain and multivendor monitoring tools,which generate massive numbers of alerts and events that are not actionable.These alerts usually carry isolated messages that are missing service contexts.Administrators become inundated with tickets caused by such alert events when they are routed directly to incident management systems.Noisy alerts increase the risk of crucial warnings going undetected and leading to service outages.One of the feasible ways to cope with the above problems involves revealing the correlations behind a large number of alerts and then aggregating the related alerts according to their correlations.Based on these guidelines,AlertInsight,a framework for alert event reduction,is proposed in this paper.In AlertInsight,the correlations among event sources are found by mining a sequence of historical events.Then,event correlation knowledge is employed to build an online detector targeting the correlated events that are hidden in the event stream.Finally,the correlated events are aggregated into a single high-level event for alert reduction.Because of theweaknesses of the commonly used pairwise correlation analysis methods in complex environments,an innovative approach for multiple correlation mining,which overcomes computational complexity challenges by scanning panoramic views of historical episodes from the perspective of holism,is proposed in this paper.In addition,a neural network-based correlated event detector that can learn the event correlation knowledge generated from correlation mining and then detect the correlated events in a sequence online is proposed.Experiments are conducted to test the effectiveness of AlertInsight.The experimental results(precision=0.92,recall=0.93,and F1-score=0.93)demonstrate the performance of AlertInsight for the recognition of multiple correlated alerts and its competence for alert reduction.展开更多
A large part of our daily lives is spent with audio information. Massive obstacles are frequently presented by the colossal amounts of acoustic information and the incredibly quick processing times. This results in th...A large part of our daily lives is spent with audio information. Massive obstacles are frequently presented by the colossal amounts of acoustic information and the incredibly quick processing times. This results in the need for applications and methodologies that are capable of automatically analyzing these contents. These technologies can be applied in automatic contentanalysis and emergency response systems. Breaks in manual communication usually occur in emergencies leading to accidents and equipment damage. The audio signal does a good job by sending a signal underground, which warrants action from an emergency management team at the surface. This paper, therefore, seeks to design and simulate an audio signal alerting and automatic control system using Unity Pro XL to substitute manual communication of emergencies and manual control of equipment. Sound data were trained using the neural network technique of machine learning. The metrics used are Fast Fourier transform magnitude, zero crossing rate, root mean square, and percentage error. Sounds were detected with an error of approximately 17%;thus, the system can detect sounds with an accuracy of 83%. With more data training, the system can detect sounds with minimal or no error. The paper, therefore, has critical policy implications about communication, safety, and health for underground mine.展开更多
文摘Security Information and Event Management (SIEM) platforms are critical for organizations to monitor and manage their security operations centers. However, organizations using SIEM platforms have several challenges such as inefficiency of alert management and integration with real-time communication tools. These challenges cause delays and cost penalties for organizations in their efforts to resolve the alerts and potential security breaches. This paper introduces a cybersecurity Alert Distribution and Response Network (Adrian) system. Adrian introduces a novel enhancement to SIEM platforms by integrating SIEM functionalities with real-time collaboration platforms. Adrian leverages the uniquity of mobile applications of collaboration platforms to provide real-time alerts, enabling a two-way communication channel that facilitates immediate response to security incidents and efficient SIEM platform management. To demonstrate Adrian’s capabilities, we have introduced a case-study that integrates Wazuh, a SIEM platform, to Slack, a collaboration platform. The case study demonstrates all the functionalities of Adrian including the real-time alert distribution, alert customization, alert categorization, and enablement of management activities, thereby increasing the responsiveness and efficiency of Adrian’s capabilities. The study concludes with a discussion on the potential expansion of Adrian’s capabilities including the incorporation of artificial intelligence (AI) for enhanced alert prioritization and response automation.
基金partially supported by the Zhejiang Provincial Natural Science Foundation of China(No.LY16F020010)the Zhejiang Key Discipline Fund of Computer Applied Technology(No.pd2013457)the Hangzhou Science&Technology Development Project of China(No.20140533B13)
文摘With the rapid development of mobile Internet, people pay increasing attention to the wireless network security problem. But due to the specificity of the wireless network, at present it is rare to see the research of wireless intrusion alerts clustering method for mobile Internet. This paper proposes a Wireless Intrusion Alert Clustering Method(WIACM) based on the information of the mobile terminal. The method includes alert formatting, alert reduction and alert classification. By introducing key information of the mobile terminal device, this method aggregates the original alerts into hyper alerts. The experimental results show that WIACM would be appropriate for real attack scenarios of mobile Internet, and reduce the amount of alerts with more accuracy of alert analysis.
文摘Back of queue crashes on Interstates are a major concern for all state transportation departments. In 2020, Indiana DOT begin deploying queue warning trucks with message boards, flashers and digital alerts that could be transmitted to navigation systems such as Waze. This study reports on the deployment and impact evaluation of digital alerts on motorist’s assistance patrols and 19 Queue trucks in Indiana. The motorist assistance patrol evaluation is provided qualitatively. A novel analysis of queue warning trucks equipped with digital alerts was conducted during the months of May-July in 2021 using connected vehicle data. This new data set reports locations of anonymous hard-braking events from connected vehicles on the Interstate. Hard-braking events were tabulated for when queueing occurred with and without the presence of a queue warning truck. Approximately 370 hours of queueing with queue trucks present and 58 hours of queueing without queue truck<span style="font-family:Verdana;">s</span><span style="font-family:Verdana;"> present were evaluated. Hard-braking events were found to decrease approximately 80% when queue warning trucks were used to alert motorists of impending queues.</span>
文摘To solve the problem of the aleri flooding and information semantics in theexisting Intrusion Detection Sys-tem(IDS), we present a two-stage algorithm for correlating thealerts. In the first stage- the high-level alerts is integrated by using the Chronicle patternsbased on time intervals, which describe and match the alerts with the temporal time constrains of aninput sequence. In the second stage, the preparing relationship between the high-level alerts isdefined, which is applied to eorrtlatethe high-level alerts, and the attack scenario is constructedby drawing the attack graph. In the end a given example show? the performances of this two-stagecorrelation algorithm in decreasing the number and improving the information semantic of theintrusion alerts produced by the IDS.
文摘Warning alerts are specially designed to protect user rights and safety to avoid serious damage caused by overlooking the essence of warning alerts. Today’s world of Information Communication Technology (ICT) needs improvement and to review the decisions of security experts in terms of improving warning designs and dialogues, and timely inform the authorities to take quick action at the right time and choice. Human behaviour is deeply involved in most of the security failures and its poor response. If we are able to check and monitor human behaviour in any organisation, we can achieve quality assurance and provide best services to our customers. We have arranged a study in the Center of Post Graduate Studies, International Islamic University, Malaysia (CPS-IIUM), department of Hajj Services-Makkah, and Hospital Management System-Makkah comprised of Observation, Interviews, Questionnaire and discussion based on organizational structure and job activities of people involved in different scenarios and positions under one umbrella of organizational objectives in order to trap the human error in order to take rapid action and response from the management team. Human behaviour is deeply observed and checked while performing different job activities in order to identify the serious errors at the right time during job performance at various levels. We have applied the concept of Brahm’s Language for the simulation of human behaviour which proves an opportunity to simulate human behaviour while performing job activities. Customer service can be improved easily if necessary measures and decisions are taken at the right time and place in any organisation.
文摘Modern cloud services are monitored by numerous multidomain and multivendor monitoring tools,which generate massive numbers of alerts and events that are not actionable.These alerts usually carry isolated messages that are missing service contexts.Administrators become inundated with tickets caused by such alert events when they are routed directly to incident management systems.Noisy alerts increase the risk of crucial warnings going undetected and leading to service outages.One of the feasible ways to cope with the above problems involves revealing the correlations behind a large number of alerts and then aggregating the related alerts according to their correlations.Based on these guidelines,AlertInsight,a framework for alert event reduction,is proposed in this paper.In AlertInsight,the correlations among event sources are found by mining a sequence of historical events.Then,event correlation knowledge is employed to build an online detector targeting the correlated events that are hidden in the event stream.Finally,the correlated events are aggregated into a single high-level event for alert reduction.Because of theweaknesses of the commonly used pairwise correlation analysis methods in complex environments,an innovative approach for multiple correlation mining,which overcomes computational complexity challenges by scanning panoramic views of historical episodes from the perspective of holism,is proposed in this paper.In addition,a neural network-based correlated event detector that can learn the event correlation knowledge generated from correlation mining and then detect the correlated events in a sequence online is proposed.Experiments are conducted to test the effectiveness of AlertInsight.The experimental results(precision=0.92,recall=0.93,and F1-score=0.93)demonstrate the performance of AlertInsight for the recognition of multiple correlated alerts and its competence for alert reduction.
文摘A large part of our daily lives is spent with audio information. Massive obstacles are frequently presented by the colossal amounts of acoustic information and the incredibly quick processing times. This results in the need for applications and methodologies that are capable of automatically analyzing these contents. These technologies can be applied in automatic contentanalysis and emergency response systems. Breaks in manual communication usually occur in emergencies leading to accidents and equipment damage. The audio signal does a good job by sending a signal underground, which warrants action from an emergency management team at the surface. This paper, therefore, seeks to design and simulate an audio signal alerting and automatic control system using Unity Pro XL to substitute manual communication of emergencies and manual control of equipment. Sound data were trained using the neural network technique of machine learning. The metrics used are Fast Fourier transform magnitude, zero crossing rate, root mean square, and percentage error. Sounds were detected with an error of approximately 17%;thus, the system can detect sounds with an accuracy of 83%. With more data training, the system can detect sounds with minimal or no error. The paper, therefore, has critical policy implications about communication, safety, and health for underground mine.
