Faculty of Computing

Permanent URI for this communityhttps://rda.sliit.lk/handle/123456789/4202

Browse

Filters

2019 - 201912020 - 20211

Advanced Search

Filter by

Settings

Has files: YesSubject: search.filters.subject.Operation Center

Search Results

Now showing 1 - 2 of 2
  • Thumbnail Image
    PublicationEmbargo
    The Next Gen Security Operation Center
    (IEEE, 2021-04-02) Perera, A; Rathnayaka, S; Che, C; Madushanka, W. W; Senarathne, A. N
    Due to the evolving Cyber threat landscape, Cyber criminals have found new and ingenious ways of breaching defenses in networks. Due to the sheer destruction these threat actors can cause to an organization, most modern-day organizations have focused their attention towards protecting their critical infrastructure and sensitive information through multiple methods. The main defense against both internal and external threats to an organization has been the implementation of the Security Operations Center (SOC) which is responsible for monitoring, analyzing and mitigating incoming threats. At the heart of the Security Operations Center, lies the Security Information and Event Management system (SIEM) which is utilized by SOC analysts as the centralized point where all security notifications from various security technologies including firewalls, IPS/IDS and Anti-Virus logs are collected and visualized. The effective operation of SOC in an organization is dependent on how well the SIEM filters log events and generates actual alerts. Here lies the major problem faced by SOC analysts in detecting threats. If proper alert correlation is not accomplished, analysts would have to deal with too much alert noise due to a high false positive count. This would ultimately cause analysts to miss critical security incidents, thus causing severe implications to the organization's security. The performance of a SIEM can be enhanced through adding various functionalities such as Threat Hunting, Threat Intelligence and malware identification and prevention in order to reduce false positive alarms, threat framework and machine learning which would increase the accuracy and efficiency of the overall Security Operations process of an organization. Even though many products which provide these additional functionalities exist in the current market, they can be too expensive for smaller scale organizations to handle. Our aim is to make security operations deliverable to any organization regardless of the size and scale without any financial implications and enhance its functionalities with the aid of Advanced Machine Learning Techniques.
  • Thumbnail Image
    PublicationEmbargo
    Intelligent SOC Chatbot for Security Operation Center
    (IEEE, 2019-12-05) Perera, V. H; Senarathne, A. N; Rupasinghe, L
    Information security analysts currently face many challenges: both hidden and visible in the face of unique attack records. The rapid increase patterns of security monitoring and investigation tools (as an average of 20 security solutions have been used per company) leads to frequent changing between screens, alert fatigue, disjointed record keeping, and increased investigation time. This chatbot can suggest the flow of investigation and the relevant commands that will help to obtain the results which need to be resolved the incident. Automate the incident ticket creation is one of major achievement of this research. Security analysts also receive messages of security alerts of the AWS hosted instances. Security analysts are also continuing to work on their sub tasks, quite overloaded with their main tasks to engage in collaborative investigations and knowledge sharing. Chat-Ops help to vanquish and meet those challenges. Processes, automated workflows, the chatbot, security tools, and humans exist in the same chat window feeding data and commands in a worthy cycle. It will lead to huge changes in everything from remediation times and investigation depth to future learning and knowledge administration. Different analysts will drive the investigation in different ways. Most of the time, analysts will miss most important parts and techniques, but those parts could be very valuable for the result. The investigation flow and commands will suggest based on past investigations and commands that previous analysts were used. This chatbot will help in many ways of current analyst who work in a security operation center.