论文信息 - Scoring Alerts from Threat Detection Technologies

Scoring Alerts from Threat Detection Technologies

We describe methods to score alerts—hypotheses about suspected impending threat events that are issued, based on incrementally presented, time-stamped evidence, before the events occur. Our threat events (and thus alerts) have significant object-oriented structure. The alert s coring methods exploit related methods to score precision, recall, and F-value for structured threat hypotheses when s uch evidence is processed by threat detection technolog ies in a batch, forensic mode. We present a (deemed-impractical) idealized approach and derivative practical variant s. The implemented approach is part of a performance evaluation laboratory (PE Lab) that we have applied during a multi- year, multi-contractor Government research program.

Robert C. Schrag | Masami Takikawa | Paul Goger | James Eilbert

[1] P.J. Denning,et al. On learning how to predict , 1980, Proceedings of the IEEE.

[2] Haym Hirsh,et al. Learning to Predict Rare Events in Event Sequences , 1998, KDD.

[3] Stan Matwin,et al. Data mining to predict aircraft component replacement , 1999, IEEE Intell. Syst..

[4] Kathryn B. Laskey,et al. Measuring Performance for Situation Assessment , 2001 .

[5] S. Matwin,et al. Data Mining For Prediction of Aircraft Component Replacement , 1999 .

[6] Robert C. Schrag,et al. Scoring Hypotheses from Threat Detection Technologies , 2006, AAAI Fall Symposium: Capturing and Using Patterns for Evidence Detection.

[7] P. King,et al. Simulating terrorist threat with the hats simulator , 2005 .