Discussion
摘要
The application of Graph Neural Networks (GNNs) to retrospective dismissed security alert analysis has shown a transformative potential for identifying threats that were previously dismissed as false positive or won’t fix category. By converting JSON-formatted alerts from diverse AppSec tools into a heterogeneous graph—linking alerts, code components, user behaviors, and infrastructure events—the GNN model achieved an exceptional 90.1% precision, meaning that nine out of ten reclassified (dismissed) alerts were indeed genuine missed threats. Its 84.7% recall indicates that the model successfully recovered the majority of real threats, and an 87.3% F1-score confirms a well-balanced performance. Operationally, analyzing 10000 historical security scanning alerts yielded 127 true positives, uncovering significant vulnerabilities that developers had overlooked, while generating only 14 false positives, thereby minimizing wasted investigation efforts.