Risk Averse Alert Prioritization for IDS Using Subnormal Gaussian Fuzzy Models

ArXi:2605.27299v1 Announce Type: cross Modern intrusion detection systems generate thousands of alerts daily, but alert fatigue severely limits security operations effectiveness due to too many false positives or low-impact events. We address this by proposing a principled framework for alert prioritization based on subnormal Gaussian fuzzy numbers, explicitly modeling three sources of uncertainty: threat severity, detection confidence, and organizational risk attitude.