Visible to the public Automated Event Prioritization for Security Operation Center using Deep Learning

TitleAutomated Event Prioritization for Security Operation Center using Deep Learning
Publication TypeConference Paper
Year of Publication2019
AuthorsGupta, Nitika, Traore, Issa, de Quinan, Paulo Magella Faria
Conference Name2019 IEEE International Conference on Big Data (Big Data)
Keywordsautomated event prioritization, Automated Response Actions, Automation, composability, critical security events, cybersecurity clearinghouse, Data models, Deep Learning, deep neural network model, encoding, event classification, feature extraction, graph theory, graphical analysis, IDS, Incident Response, Internet, IP networks, learning (artificial intelligence), neural nets, pattern classification, pubcrawl, Resiliency, security, security data, security event, security of data, Security Operation Center, SIEM, SOC event classification, SOC workflow, Task Analysis
AbstractDespite their popularity, Security Operation Centers (SOCs) are facing increasing challenges and pressure due to the growing volume, velocity and variety of the IT infrastructure and security data observed on a daily basis. Due to the mixed performance of current technological solutions, e.g. IDS and SIEM, there is an over-reliance on manual analysis of the events by human security analysts. This creates huge backlogs and slow down considerably the resolution of critical security events. Obvious solutions include increasing accuracy and efficiency in the automation of crucial aspects of the SOC workflow, such as the event classification and prioritization. In the current paper, we present a new approach for SOC event classification by identifying a set of new features using graphical analysis and classifying using a deep neural network model. Experimental evaluation using real SOC event log data yields very encouraging results in terms of classification accuracy.
DOI10.1109/BigData47090.2019.9006073
Citation Keygupta_automated_2019