The Next Generation Cognitive Security Operations Center: Network Flow Forensics Using Cybersecurity Intelligence

The Next Generation Cognitive Security Operations Center: Network Flow Forensics Using Cybersecurity Intelligence

A Security Operations Center (SOC) can be defined as an organized and highly skilled team that uses advanced computer forensics tools to prevent, detect and respond to cybersecurity incidents of an organization. The fundamental aspects of an effective SOC is related to the ability to examine and ana...

Full description

Bibliographic Details
Main Authors: Konstantinos Demertzis, Panayiotis Kikiras, Nikos Tziritas, Salvador Llopis Sanchez, Lazaros Iliadis
Format: Article
Language:English
Published: MDPI AG 2018-11-01
Series:Big Data and Cognitive Computing
Subjects:
network flow forensics
Security Operations Center
network traffic analysis
traffic identification
demystification of malware traffic
ensemble machine learning
Online Access:https://www.mdpi.com/2504-2289/2/4/35
id doaj-e3175726ae8044ba91178dae3c426a38
record_format Article
spelling doaj-e3175726ae8044ba91178dae3c426a382020-11-25T00:56:45ZengMDPI AGBig Data and Cognitive Computing2504-22892018-11-01243510.3390/bdcc2040035bdcc2040035The Next Generation Cognitive Security Operations Center: Network Flow Forensics Using Cybersecurity IntelligenceKonstantinos Demertzis0Panayiotis Kikiras1Nikos Tziritas2Salvador Llopis Sanchez3Lazaros Iliadis4Department of Civil Engineering, School of Engineering, Democritus University of Thrace, Xanthi 67100, GreeceDepartment of Computer Science, School of Science, University of Thessaly, Lamia 35131, GreeceResearch Center for Cloud Computing, Shenzhen Institutes of Advanced Technology, Chinese Academy of Sciences, Shenzhen 518000, ChinaCommunications Department, Universitat Politecnica de Valencia, Valencia 46022, SpainDepartment of Civil Engineering, School of Engineering, Democritus University of Thrace, Xanthi 67100, GreeceA Security Operations Center (SOC) can be defined as an organized and highly skilled team that uses advanced computer forensics tools to prevent, detect and respond to cybersecurity incidents of an organization. The fundamental aspects of an effective SOC is related to the ability to examine and analyze the vast number of data flows and to correlate several other types of events from a cybersecurity perception. The supervision and categorization of network flow is an essential process not only for the scheduling, management, and regulation of the network’s services, but also for attacks identification and for the consequent forensics’ investigations. A serious potential disadvantage of the traditional software solutions used today for computer network monitoring, and specifically for the instances of effective categorization of the encrypted or obfuscated network flow, which enforces the rebuilding of messages packets in sophisticated underlying protocols, is the requirements of computational resources. In addition, an additional significant inability of these software packages is they create high false positive rates because they are deprived of accurate predicting mechanisms. For all the reasons above, in most cases, the traditional software fails completely to recognize unidentified vulnerabilities and zero-day exploitations. This paper proposes a novel intelligence driven Network Flow Forensics Framework (NF3) which uses low utilization of computing power and resources, for the Next Generation Cognitive Computing SOC (NGC2SOC) that rely solely on advanced fully automated intelligence methods. It is an effective and accurate Ensemble Machine Learning forensics tool to Network Traffic Analysis, Demystification of Malware Traffic and Encrypted Traffic Identification.https://www.mdpi.com/2504-2289/2/4/35network flow forensicsSecurity Operations Centernetwork traffic analysistraffic identificationdemystification of malware trafficensemble machine learning
collection DOAJ
language English
format Article
sources DOAJ
author Konstantinos Demertzis
Panayiotis Kikiras
Nikos Tziritas
Salvador Llopis Sanchez
Lazaros Iliadis
spellingShingle Konstantinos Demertzis
Panayiotis Kikiras
Nikos Tziritas
Salvador Llopis Sanchez
Lazaros Iliadis
The Next Generation Cognitive Security Operations Center: Network Flow Forensics Using Cybersecurity Intelligence
Big Data and Cognitive Computing
network flow forensics
Security Operations Center
network traffic analysis
traffic identification
demystification of malware traffic
ensemble machine learning
author_facet Konstantinos Demertzis
Panayiotis Kikiras
Nikos Tziritas
Salvador Llopis Sanchez
Lazaros Iliadis
author_sort Konstantinos Demertzis
title The Next Generation Cognitive Security Operations Center: Network Flow Forensics Using Cybersecurity Intelligence
title_short The Next Generation Cognitive Security Operations Center: Network Flow Forensics Using Cybersecurity Intelligence
title_full The Next Generation Cognitive Security Operations Center: Network Flow Forensics Using Cybersecurity Intelligence
title_fullStr The Next Generation Cognitive Security Operations Center: Network Flow Forensics Using Cybersecurity Intelligence
title_full_unstemmed The Next Generation Cognitive Security Operations Center: Network Flow Forensics Using Cybersecurity Intelligence
title_sort next generation cognitive security operations center: network flow forensics using cybersecurity intelligence
publisher MDPI AG
series Big Data and Cognitive Computing
issn 2504-2289
publishDate 2018-11-01
description A Security Operations Center (SOC) can be defined as an organized and highly skilled team that uses advanced computer forensics tools to prevent, detect and respond to cybersecurity incidents of an organization. The fundamental aspects of an effective SOC is related to the ability to examine and analyze the vast number of data flows and to correlate several other types of events from a cybersecurity perception. The supervision and categorization of network flow is an essential process not only for the scheduling, management, and regulation of the network’s services, but also for attacks identification and for the consequent forensics’ investigations. A serious potential disadvantage of the traditional software solutions used today for computer network monitoring, and specifically for the instances of effective categorization of the encrypted or obfuscated network flow, which enforces the rebuilding of messages packets in sophisticated underlying protocols, is the requirements of computational resources. In addition, an additional significant inability of these software packages is they create high false positive rates because they are deprived of accurate predicting mechanisms. For all the reasons above, in most cases, the traditional software fails completely to recognize unidentified vulnerabilities and zero-day exploitations. This paper proposes a novel intelligence driven Network Flow Forensics Framework (NF3) which uses low utilization of computing power and resources, for the Next Generation Cognitive Computing SOC (NGC2SOC) that rely solely on advanced fully automated intelligence methods. It is an effective and accurate Ensemble Machine Learning forensics tool to Network Traffic Analysis, Demystification of Malware Traffic and Encrypted Traffic Identification.
topic network flow forensics
Security Operations Center
network traffic analysis
traffic identification
demystification of malware traffic
ensemble machine learning
url https://www.mdpi.com/2504-2289/2/4/35
work_keys_str_mv AT konstantinosdemertzis thenextgenerationcognitivesecurityoperationscenternetworkflowforensicsusingcybersecurityintelligence
AT panayiotiskikiras thenextgenerationcognitivesecurityoperationscenternetworkflowforensicsusingcybersecurityintelligence
AT nikostziritas thenextgenerationcognitivesecurityoperationscenternetworkflowforensicsusingcybersecurityintelligence
AT salvadorllopissanchez thenextgenerationcognitivesecurityoperationscenternetworkflowforensicsusingcybersecurityintelligence
AT lazarosiliadis thenextgenerationcognitivesecurityoperationscenternetworkflowforensicsusingcybersecurityintelligence
AT konstantinosdemertzis nextgenerationcognitivesecurityoperationscenternetworkflowforensicsusingcybersecurityintelligence
AT panayiotiskikiras nextgenerationcognitivesecurityoperationscenternetworkflowforensicsusingcybersecurityintelligence
AT nikostziritas nextgenerationcognitivesecurityoperationscenternetworkflowforensicsusingcybersecurityintelligence
AT salvadorllopissanchez nextgenerationcognitivesecurityoperationscenternetworkflowforensicsusingcybersecurityintelligence
AT lazarosiliadis nextgenerationcognitivesecurityoperationscenternetworkflowforensicsusingcybersecurityintelligence
_version_ 1725225626792624128

Similar Items