Analysis of key challenges in Security Operations Centre (SOC): A novel automated solution to reduce noisy events

Tools

Zidan, Kamal (2024) Analysis of key challenges in Security Operations Centre (SOC): A novel automated solution to reduce noisy events. PhD thesis, University of Gloucestershire. doi:10.46289/LEGU1581

[thumbnail of Final Thesis]
Preview
 Text (Final Thesis)
15780 Zidan (2024) Analysis of key challenges in Security Operations Centre (SOC).pdf - Accepted Version
Available under License All Rights Reserved.
Download (5MB) | Preview

Abstract

The changing current technology environment requires security measures to be in place for IT assets, including hardware, software and networks. These assets work collectively and collaboratively to provide services for orgnisations needs. Hence, security is required more than ever to increase the security posture of firms. Accordingly, cyber security threats are increasing rapidly, and due to this organisations are utilising Security Operations Centre (SOC) to monitor their assets and observe activities by collecting data about malicious events and behaviours. The main purpose of SOC is to defend assets by spotting potential malicious activities and respond to them. This thesis presents the result of an up-to-date literature review and interviews that have been conducted with 5 SOC specialists in the UK to understand the main challenges they face. From the research findings, various challenges are identified when working with SOC. Lack of automation, skills shortages, false positives, poor communication between analysts, and board-level implications are the most highlighted difficulties. Hence, experiments are conducted as part of the research to propose an automation solution to tackle some of these challenges. The developed automation model is trained and tested with datasets that include Windows security logs, Mac logs and Linux logs to classify and predict the occurrence of events based on their features and patterns. Various accuracy results occurred due to testing with different algorithms, including Decision Tree (DT), which produced the highest accuracy of 1 for Windows logs, 0.98 for Mac logs and 0.9425 for Linux logs. The automation solution is presented using interview method with 10 participants from a cyber security and software background for feedback retrieval. Thus, a grid matrix is also developed to evaluate the effectiveness of such an automation model as part of the feedback analysis. Overall, the developed automation solution can be used either by itself to automate logs based on their features and patterns or integrate it with tools such as Splunk to enhance and speed up the detection of events.

Item Type: Thesis (PhD)
Thesis Advisors:
Thesis AdvisorEmailURL
Al-Sherbaz, Aliaalsherbaz@glos.ac.ukUNSPECIFIED
Alum, Abuaalam@glos.ac.ukUNSPECIFIED
Uncontrolled Keywords: technology environment; security measures; IT assets; hardware; software; networks; cyber security threats; Security Operations Centre (SOC)
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Q Science > QA Mathematics > QA76 Computer software > QA76.76 Computer software topics A-Z
Divisions: Schools and Research Institutes > School of Business, Computing and Social Sciences
Depositing User: Anne Pengelly
Date Deposited: 28 Jan 2026 10:25
Last Modified: 28 Jan 2026 10:25
URI: https://eprints.glos.ac.uk/id/eprint/15780

University Staff: Request a correction | Repository Editors: Update this record

Altmetric

View Altmetric information about this item.

CORE (COnnecting REpositories)

University Of Gloucestershire

Bookmark and Share

Find Us On Social Media:

Social Media Icons Facebook Twitter YouTube Pinterest Linkedin

Other University Web Sites

University of Gloucestershire, The Park, Cheltenham, Gloucestershire, GL50 2RH. Telephone +44 (0)844 8010001.