Biblio

Despite their popularity, Security Operation Centers (SOCs) are facing increasing challenges and pressure due to the growing volume, velocity and variety of the IT infrastructure and security data observed on a daily basis. Due to the mixed performance of current technological solutions, e.g. IDS and SIEM, there is an over-reliance on manual analysis of the events by human security analysts. This creates huge backlogs and slow down considerably the resolution of critical security events. Obvious solutions include increasing accuracy and efficiency in the automation of crucial aspects of the SOC workflow, such as the event classification and prioritization. In the current paper, we present a new approach for SOC event classification by identifying a set of new features using graphical analysis and classifying using a deep neural network model. Experimental evaluation using real SOC event log data yields very encouraging results in terms of classification accuracy.

In modern cyber-physical systems and wireless sensor networks the complexity of crisis management processes is caused by a variety of software/hardware assets and communication protocols, the necessity of their collaborative function, possible inconsistency of data flows between particular devices and increased requirements to cyber-physical security. A crisis management oriented model of a communicational mobile network is constructed. A general architecture of network nodes by the use of XBee circuits, Arduino microcontrollers and connecting equipment are developed. An analysis of possible cyber-physical security events on the base of existing intruder models is performed. A series of experiments on modeling attacks on network nodes is conducted. Possible ways for attack revelations by means of components for security event collection and data correlation is discussed.