Adaptable Plug and Play Security Operations Center Leveraging a Novel Programmable Plugin-based Intrusion Detection and Prevention System

04/10/2022
by   Ahmed S. Shatnawi, et al.
0

The number of cyber-attacks have substantially increased over the past decade resulting in huge organizational financial losses. Indeed, it is no longer a matter of "if" but "when" a security incident will take place. A Security Operations Center(SOC) adoption will help in the detection, identification, prevention, and resolution of issues before they end up causing extensive cyber-related damage. In this paper, our proposed framework is brought about to address the problem that current open-source SOC implementations are plagued with. These include lack of ability to be strengthened on the fly, slow development processes, and their ineptness for continuous timely updates. We, herein, propose a framework that would offer a fully automated open-source SOC deployment; otherwise dubbed, a "plug-and-play framework"; full horizontal scalability incorporating a modular architecture. These underpinning features are meant to mitigate underlying SOC challenges, which often emerge as a result of many pre-determined and repeated processes, bolstering their ability for expansion with new tools. This is on top of enhancing their ability to handle more servers in the clusters as a single logical unit. We also introduce a new system of its kind called a Programmable Plugin-based Intrusion Detection and Prevention System (PPIDPS). This system will extend a SOC's ability to add any tool to the monitored devices while collecting logs that can trigger alerts whenever a suspicious behavior is detected.

READ FULL TEXT

page 12

page 14

page 18

page 20

research
01/27/2022

Early Detection of Network Attacks Using Deep Learning

The Internet has become a prime subject to security attacks and intrusio...
research
05/13/2019

Analyzing Adversarial Attacks Against Deep Learning for Intrusion Detection in IoT Networks

Adversarial attacks have been widely studied in the field of computer vi...
research
07/06/2021

A Low-Cost Machine Learning Based Network Intrusion Detection System with Data Privacy Preservation

Network intrusion is a well-studied area of cyber security. Current mach...
research
03/20/2023

TSNZeek: An Open-source Intrusion Detection System for IEEE 802.1 Time-sensitive Networking

IEEE 802.1 Time-sensitive Networking (TSN) standards are envisioned to r...
research
07/22/2020

Evaluation of Network Based IDS and Deployment of multi-sensor IDS

Cloud-based and network-based technology has witnessed an exponential ri...
research
10/04/2018

PIMS: A Partitioning-Based Intrusion Management System for Relational Databases

Data-intensive applications exhibit increasing reliance on Database Mana...
research
10/04/2018

Design and Evaluation of A Data Partitioning-Based Intrusion Management Architecture for Database Systems

Data-intensive applications exhibit increasing reliance on Database Mana...

Please sign up or login with your details

Forgot password? Click here to reset