The application of Graph Neural Networks (GNNs) to retrospective dismissed security alert analysis has shown a transformative potential for identifying threats that were previously dismissed as false positive or won’t fix category. By converting JSON-formatted alerts from diverse AppSec tools into a heterogeneous graph—linking alerts, code components, user behaviors, and infrastructure events—the GNN model achieved an exceptional 90.1% precision, meaning that nine out of ten reclassified (dismissed) alerts were indeed genuine missed threats. Its 84.7% recall indicates that the model successfully recovered the majority of real threats, and an 87.3% F1-score confirms a well-balanced performance. Operationally, analyzing 10000 historical security scanning alerts yielded 127 true positives, uncovering significant vulnerabilities that developers had overlooked, while generating only 14 false positives, thereby minimizing wasted investigation efforts.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Discussion

  • Devjyoti Raha

摘要

The application of Graph Neural Networks (GNNs) to retrospective dismissed security alert analysis has shown a transformative potential for identifying threats that were previously dismissed as false positive or won’t fix category. By converting JSON-formatted alerts from diverse AppSec tools into a heterogeneous graph—linking alerts, code components, user behaviors, and infrastructure events—the GNN model achieved an exceptional 90.1% precision, meaning that nine out of ten reclassified (dismissed) alerts were indeed genuine missed threats. Its 84.7% recall indicates that the model successfully recovered the majority of real threats, and an 87.3% F1-score confirms a well-balanced performance. Operationally, analyzing 10000 historical security scanning alerts yielded 127 true positives, uncovering significant vulnerabilities that developers had overlooked, while generating only 14 false positives, thereby minimizing wasted investigation efforts.