Alert correlation framework using a novel clustering approach

Currently, the primary and pressing issue in IDS implementation is the enormous number of alerts generated by the IDS sensors. Moreover, due to this obtrusive predicament, two other problems have emerged, first is the difficulty in processing the alerts accurately and second is the reduction in performance rate in terms of time and memory capacity while processing these alerts. The purpose of this research is to construct a holistic solution that is able to firstly reduce the number of alerts to be processed and at the same time produce a high quality attack scenarios that are meaningful to the administrators in a timely manner. To achieve these goals, alerts generated by IDS sensors need to be correlated and organized in an appropriate approach. Thus the significant contribution of this research is to create an integrated operational framework for alert processing that reduces the amount of alerts to be processed and creates more meaningful attack scenarios to be analyzed. We are presenting the results obtained from the clustering algorithm and discuss its significant contribution to practitioners in an actual working environment

How to design browser security and privacy alerts

Browser security and privacy alerts must be designed to ensure they are of value to the end-user, and communicate risks efficiently. We performed a systematic literature review, producing a list of guidelines from the research. Papers were analysed quantitatively and qualitatively to formulate a comprehensive set of guidelines. Our findings seek to provide developers and designers with guidance as to how to construct security and privacy alerts. We conclude by providing an alert template, highlighting its adherence to the derived guidelines

On the alert: future priorities for alerts in clinical decision support for computerized physician order entry identified from a European workshop

Background: Clinical decision support (CDS) for electronic prescribing systems (computerized physician order entry) should help prescribers in the safe and rational use of medicines. However, the best ways to alert users to unsafe or irrational prescribing are uncertain. Specifically, CDS systems may generate too many alerts, producing unwelcome distractions for prescribers, or too few alerts running the risk of overlooking possible harms. Obtaining the right balance of alerting to adequately improve patient safety should be a priority. Methods: A workshop funded through the European Regional Development Fund was convened by the University Hospitals Birmingham NHS Foundation Trust to assess current knowledge on alerts in CDS and to reach a consensus on a future research agenda on this topic. Leading European researchers in CDS and alerts in electronic prescribing systems were invited to the workshop. Results: We identified important knowledge gaps and suggest research priorities including (1) the need to determine the optimal sensitivity and specificity of alerts; (2) whether adaptation to the environment or characteristics of the user may improve alerts; and (3) whether modifying the timing and number of alerts will lead to improvements. We have also discussed the challenges and benefits of using naturalistic or experimental studies in the evaluation of alerts and suggested appropriate outcome measures. Conclusions: We have identified critical problems in CDS, which should help to guide priorities in research to evaluate alerts. It is hoped that this will spark the next generation of novel research from which practical steps can be taken to implement changes to CDS systems that will ultimately reduce alert fatigue and improve the design of future systems

On Collaborative Predictive Blacklisting

Collaborative predictive blacklisting (CPB) allows to forecast future attack sources based on logs and alerts contributed by multiple organizations. Unfortunately, however, research on CPB has only focused on increasing the number of predicted attacks but has not considered the impact on false positives and false negatives. Moreover, sharing alerts is often hindered by confidentiality, trust, and liability issues, which motivates the need for privacy-preserving approaches to the problem. In this paper, we present a measurement study of state-of-the-art CPB techniques, aiming to shed light on the actual impact of collaboration. To this end, we reproduce and measure two systems: a non privacy-friendly one that uses a trusted coordinating party with access to all alerts (Soldo et al., 2010) and a peer-to-peer one using privacy-preserving data sharing (Freudiger et al., 2015). We show that, while collaboration boosts the number of predicted attacks, it also yields high false positives, ultimately leading to poor accuracy. This motivates us to present a hybrid approach, using a semi-trusted central entity, aiming to increase utility from collaboration while, at the same time, limiting information disclosure and false positives. This leads to a better trade-off of true and false positive rates, while at the same time addressing privacy concerns.Comment: A preliminary version of this paper appears in ACM SIGCOMM's Computer Communication Review (Volume 48 Issue 5, October 2018). This is the full versio

Corporate Social Responsibility and the Mining Sector in Southern Africa: A Focus on Mining in Malawi, South Africa and Zambia

The research conducted by the Bench Marks Foundation on mining in Southern provides SADC governments, mining companies and local mining community stakeholders with information and guidance on issues to consider in the process of empowerment and sustainable development through corporate social responsibility. At the same time it also alerts the global world of the human rights shortfalls that are being practised in the SADC mining communities

Buzz or Beep? How Mode of Alert Influences Driver Takeover Following Automation Failure

abstract: Highly automated vehicles require drivers to remain aware enough to takeover during critical events. Driver distraction is a key factor that prevents drivers from reacting adequately, and thus there is need for an alert to help drivers regain situational awareness and be able to act quickly and successfully should a critical event arise. This study examines two aspects of alerts that could help facilitate driver takeover: mode (auditory and tactile) and direction (towards and away). Auditory alerts appear to be somewhat more effective than tactile alerts, though both modes produce significantly faster reaction times than no alert. Alerts moving towards the driver also appear to be more effective than alerts moving away from the driver. Future research should examine how multimodal alerts differ from single mode, and see if higher fidelity alerts influence takeover times.Dissertation/ThesisMasters Thesis Human Systems Engineering 201

Continuous glucose monitoring sensors: Past, present and future algorithmic challenges

Continuous glucose monitoring (CGM) sensors are portable devices that allow measuring and visualizing the glucose concentration in real time almost continuously for several days and are provided with hypo/hyperglycemic alerts and glucose trend information. CGM sensors have revolutionized Type 1 diabetes (T1D) management, improving glucose control when used adjunctively to self-monitoring blood glucose systems. Furthermore, CGM devices have stimulated the development of applications that were impossible to create without a continuous-time glucose signal, e.g., real-time predictive alerts of hypo/hyperglycemic episodes based on the prediction of future glucose concentration, automatic basal insulin attenuation methods for hypoglycemia prevention, and the artificial pancreas. However, CGM sensors’ lack of accuracy and reliability limited their usability in the clinical practice, calling upon the academic community for the development of suitable signal processing methods to improve CGM performance. The aim of this paper is to review the past and present algorithmic challenges of CGM sensors, to show how they have been tackled by our research group, and to identify the possible future ones

Retrospective descriptive assessment of clinical decision support medication-related alerts in two Saudi Arabian hospitals

OBJECTIVES: To determine the frequency of clinical decision support system (CDSS) medication-related alerts generated, accepted, or overridden, to assess appropriateness of alert display and overrides, and to characterise the documentation of clinician justification for these overrides in an academic medical centre in Saudi Arabia. MATERIALS AND METHODS: System-generated CDSS reports for the period June 2015 to December 2017 were retrospectively reviewed and analysed. Alerts were classified into different types, and rates of alert overrides calculated as percentages of all generated alerts. A subset of 307 overridden alerts was assessed for appropriateness of display and override by two clinical pharmacists. Physician documentation of reasons for overriding alerts were categorised. RESULTS: A total of 4,446,730 medication-related alerts were generated from both inpatient and outpatient settings, and 4,231,743 (95.2%) were overridden. The most common alert type was 'duplicate drug', accounting for 3,549,736 (79.8%) of alerts. Of 307 alerts assessed for appropriateness, 246 (80%) were judged to be appropriately displayed and 244 (79%) were overridden appropriately. New drug allergy and drug allergy alerts had the highest percentage of being judged as inappropriately overridden. For 1,594,313 alerts (37.7%), 'no overridden reason selected' was chosen from the drop-down menu. CONCLUSIONS: The alert generation and override rate were higher than reported previously in the literature. The small sample size of 307 alerts assessed for appropriateness of alert display and override is a potential limitation. Revision of the CDSS rules for alerts (focusing on specificity and relevance for the local context) is now recommended. Future research should prospectively assess providers' perspectives, and determine patient harm associated with overridden alerts