Reducing benign positives in threat detection systems: A graph-based approach to contextualizing security alerts

Joshua, Emmanuel (2025) Reducing benign positives in threat detection systems: A graph-based approach to contextualizing security alerts. International Journal of Science and Research Archive, 14 (3). pp. 346-352. ISSN 2582-8185

[thumbnail of IJSRA-2025-0641.pdf] Article PDF
IJSRA-2025-0641.pdf - Published Version
Available under License Creative Commons Attribution Non-commercial Share Alike.

Download ( 524kB)

Abstract

Threat detection systems form the backbone of modern enterprise cybersecurity programs, analyzing massive volumes of logs, network flows, and user activities to identify potentially malicious events. Despite continuous advances in detection techniques, these systems generate an abundance oding to alert fatigue, wasted analyst resources, and a delayed response to actual threats. This paper surveys the problem of benign positives and proposes a graph-based framework that unifies alerts, user roles, infrastructure metadata, and historical dispositions in a knowledge graph. By representing alerts and contextual entities as interconnected nodes and edges, security teams can quickly detect recurring benign patterns (e.g., routine scanning tasks, staging environment bulk transfers) and implement precise suppression rules. Experimental findings from a simulated enterprise environment indicate that this approach significantly reduces benign positives compared to conventional static filters or standalone machine learning methods. The paper closes with recommendations for integrating multi-cloud data, automated rule generation, privacy safeguards, and user-friendly interfaces that support non-expert security analysts.

Item Type: Article
Official URL: https://doi.org/10.30574/ijsra.2025.14.3.0641
Uncontrolled Keywords: Cybersecurity; Threat Detection; Benign Positives; False Positives; Security Automation; Anomaly Detection Graph-Based Modeling; Security Intelligence; Machine Learning; Security Data Visualization
Depositing User: Editor IJSRA
Date Deposited: 16 Jul 2025 17:39
Related URLs:
URI: https://eprint.scholarsrepository.com/id/eprint/1025