A Machine Learning Approach to Verify and Reduce False Positive Alarms Generated by Data Breach Detection Processes

Pedro R Vasseur, Pace University


The unauthorized use of sensitive data is a major risk for organizations. Customers whose information is kept by these enterprises are vulnerable if the company does not take protective measures in the handling of their information. The problem of false alarms that arise from breach monitoring systems is risky and costly because there is a tendency in the administration of data breach detection systems to favor the occurrence of false alarms to minimize the occurrences of false negatives. As a result of this propensity, the experts that need to inspect and confirm the nature of these alarms need to dedicate more time to handle many bogus alerts, and whose efforts, in turn, could be used for addressing real data breach events. The subsequent manual confirmation is time-consuming and inefficient. This dissertation aims to improve the quality and reduce the solution time of the verification process. It presents a prototype based on an iterative approach that can verify the true nature of the alarms after detection has taken place, and prioritizes them for the subsequent manual review. The approach utilizes use case scenarios of data-in-motion and data-at-rest instances that are examined by a machine learning method, the ID3 (Iterative Dichotomiser 3). After initially trained, the method keeps acquiring knowledge whenever the model flags a new pattern of alarm and then confirmed by the subject matter expert. It also generates an automated notification when it determines that there is a discrepancy between the model’s training dataset predictor variables and the detection engine access rules. In this way, the prototype minimizes the risk of missing true alarms while using a more efficient verification process.

Subject Area

Information Technology|Artificial intelligence

Recommended Citation

Vasseur, Pedro R, "A Machine Learning Approach to Verify and Reduce False Positive Alarms Generated by Data Breach Detection Processes" (2018). ETD Collection for Pace University. AAI13807340.



Remote User: Click Here to Login (must have Pace University remote login ID and password. Once logged in, click on the View More link above)