Please use this identifier to cite or link to this item: https://rda.sliit.lk/handle/123456789/2076
Title: Autosoc: A low budget flexible security operations platform for enterprises and organizations
Authors: Chamiekara, G. W. P
Cooray, M. I. M
Wickramasinghe, L. S. A. M
Koshila, Y. M. S
Abeywardhana, K. Y
Senarathna, A. N
Keywords: AutoSOC
low budget
flexible security
operations platform
enterprises
organizations
Issue Date: 14-Sep-2017
Publisher: IEEE
Citation: G. W. P. Chamiekara, M. I. M. Cooray, L. S. A. M. Wickramasinghe, Y. M. S. Koshila, K. Y. Abeywardhana and A. N. Senarathna, "AutoSOC: A low budget flexible security operations platform for enterprises and organizations," 2017 National Information Technology Conference (NITC), 2017, pp. 100-105, doi: 10.1109/NITC.2017.8285644.
Series/Report no.: 2017 National Information Technology Conference (NITC);Pages 100-105
Abstract: Most of today's existing Security Operations Center (SOC) platforms follow a hybrid methodology in Security operations execution. However, these systems consist of a number of drawbacks. As there is a human component, there is a possibility of identification of false positives as true threat alerts. This will impact inversely towards the overall system. Currently there exists some automated SOCs as well, however their cost is considerably high for most small and medium scale companies. That is why we propose AutoSOC, a fully automated security operations center platform except for the Forensic investigation system, which requires a ticket to be generated with the approval of the user. This low budget enterprise solution comprises of an Intelligent Intrusion Detection and Prevention System (IIDPS), a Security Incident and Event Management System (SIEM), a Malware Analysis System and a Simple Forensic Investigation System. The Intelligent IIDPS contains an Intelligent Intrusion Detection System (IIDS) and an Intelligent Intrusion Prevention System (IIPS). IIDS is an alert system, which comprises components that notify and communicate in between integrated components when an attack or a breach occurs. The IIPS will understand the behavior of applications, and protocols are supposed to be according to their published standards. The SIEM is responsible for analyzing security event data, and it collects logs, stores, analyzes and reports on log data for incident response, forensics and regulatory compliance. The malware analysis process runs parallel to a forensic toolkit in order to accurately predict possible root causes for a certain incident. The forensic toolkit targets on the key components of analysis including processes running, packets captured etc. Therefore, the suggested solution will be able to reduce the cost of security implementations, increase the efficiency and accuracy of analysis results by eliminating false positives or the reporting of incorrect vulnerabilities by learning about the SOC network and environment.
URI: http://rda.sliit.lk/handle/123456789/2076
ISBN: 978-1-5386-2425-8
Appears in Collections:Department of Computer Systems Engineering-Scopes
Research Papers - Dept of Computer Systems Engineering
Research Papers - IEEE
Research Papers - SLIIT Staff Publications

Files in This Item:
File Description SizeFormat 
AutoSOC_A_low_budget_flexible_security_operations_platform_for_enterprises_and_organizations.pdf
  Until 2050-12-31
381.23 kBAdobe PDFView/Open Request a copy


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.