A Grid-Matrix Based on Industry Needs to Evaluate Automation in Security Operations Centre (SOC)

Zidan, Kamal, Alam, Abu and Mirza, Qublai Ali (2024) A Grid-Matrix Based on Industry Needs to Evaluate Automation in Security Operations Centre (SOC). 2024 11th International Conference on Future Internet of Things and Cloud (FiCloud). pp. 16-20. doi:10.1109/FiCloud62933.2024.00011

Text 14556 Zidan K. et al. (2024) A Grid-Matrix Based on Industry Needs to Evaluate Automation in Security Operations Centre (SOC).pdf - Accepted Version Restricted to Repository staff only Available under License All Rights Reserved. Download (827kB)

Abstract

Security Operations Centre (SOC) is a unit used for events detection and responding to incidents associated with cyber security threats via monitoring, detecting, examining and reporting on anomalies. Well-known, unknown and new activities are part of SOC tasks that organisations looking to have in their security environment. The key purpose of SOC is to be able to analyse a large set of data and correlate other categories of events. Some network monitoring software solutions produce huge number of false positives due to the lack of accurate prediction processes. Manual processes can provide hackers with the advantage of having more time to accomplish their malicious activities. Thus, SOC analysts are required to apply automated mechanisms to help them in detecting threats. This paper presents a Grid-Matrix that contains different parameters to be considered when evaluating automation and machine learning (ML) models within SOC. An automation model using machine learning algorithms is presented to several cyber security specialists in industry. Based on their feedback the Grid-Matrix is created to compare and evaluate different automation solutions. Thus the obtained results of this work is the Grid-Matrix that highlights the essential parameters that need to be considered when applying automation solutions into SOC.

Item Type:	Article
Article Type:	Article
Uncontrolled Keywords:	Security Operations Centre; SOC; Cyber security threats; Network monitoring; Grid-Matrix; Machine learning models; ML models;
Subjects:	Q Science > QA Mathematics > QA75 Electronic computers. Computer science Q Science > QA Mathematics > QA76 Computer software Q Science > QA Mathematics > QA76 Computer software > QA76.76 Computer software topics A-Z > QA76.76.C672 Computer game programming
Divisions:	Schools and Research Institutes > School of Business, Computing and Social Sciences
Depositing User:	Kamila Niekoraniec
Date Deposited:	21 Nov 2024 13:13
Last Modified:	21 Nov 2024 13:15
URI:	https://eprints.glos.ac.uk/id/eprint/14556

University Staff: Request a correction | Repository Editors: Update this record