The Next Generation Cognitive Security Operations Center: Adaptive Analytic Lambda Architecture for Efficient Defense against Adversarial Attacks
A Security Operations Center (SOC) is a central technical level unit responsible for monitoring, analyzing, assessing, and defending an organization’s security posture on an ongoing basis. The SOC staff works closely with incident response teams, security analysts, network engineers and organization...
Main Authors: | , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
MDPI AG
2019-01-01
|
Series: | Big Data and Cognitive Computing |
Subjects: | |
Online Access: | http://www.mdpi.com/2504-2289/3/1/6 |
_version_ | 1811338338332835840 |
---|---|
author | Konstantinos Demertzis Nikos Tziritas Panayiotis Kikiras Salvador Llopis Sanchez Lazaros Iliadis |
author_facet | Konstantinos Demertzis Nikos Tziritas Panayiotis Kikiras Salvador Llopis Sanchez Lazaros Iliadis |
author_sort | Konstantinos Demertzis |
collection | DOAJ |
description | A Security Operations Center (SOC) is a central technical level unit responsible for monitoring, analyzing, assessing, and defending an organization’s security posture on an ongoing basis. The SOC staff works closely with incident response teams, security analysts, network engineers and organization managers using sophisticated data processing technologies such as security analytics, threat intelligence, and asset criticality to ensure security issues are detected, analyzed and finally addressed quickly. Those techniques are part of a reactive security strategy because they rely on the human factor, experience and the judgment of security experts, using supplementary technology to evaluate the risk impact and minimize the attack surface. This study suggests an active security strategy that adopts a vigorous method including ingenuity, data analysis, processing and decision-making support to face various cyber hazards. Specifically, the paper introduces a novel intelligence driven cognitive computing SOC that is based exclusively on progressive fully automatic procedures. The proposed λ-Architecture Network Flow Forensics Framework (λ-ΝF3) is an efficient cybersecurity defense framework against adversarial attacks. It implements the Lambda machine learning architecture that can analyze a mixture of batch and streaming data, using two accurate novel computational intelligence algorithms. Specifically, it uses an Extreme Learning Machine neural network with Gaussian Radial Basis Function kernel (ELM/GRBFk) for the batch data analysis and a Self-Adjusting Memory k-Nearest Neighbors classifier (SAM/k-NN) to examine patterns from real-time streams. It is a forensics tool for big data that can enhance the automate defense strategies of SOCs to effectively respond to the threats their environments face. |
first_indexed | 2024-04-13T18:09:35Z |
format | Article |
id | doaj.art-af23cc441972421295547536266ef8f6 |
institution | Directory Open Access Journal |
issn | 2504-2289 |
language | English |
last_indexed | 2024-04-13T18:09:35Z |
publishDate | 2019-01-01 |
publisher | MDPI AG |
record_format | Article |
series | Big Data and Cognitive Computing |
spelling | doaj.art-af23cc441972421295547536266ef8f62022-12-22T02:35:57ZengMDPI AGBig Data and Cognitive Computing2504-22892019-01-0131610.3390/bdcc3010006bdcc3010006The Next Generation Cognitive Security Operations Center: Adaptive Analytic Lambda Architecture for Efficient Defense against Adversarial AttacksKonstantinos Demertzis0Nikos Tziritas1Panayiotis Kikiras2Salvador Llopis Sanchez3Lazaros Iliadis4Department of Civil Engineering, School of Engineering, Democritus University of Thrace, Xanthi 67100, GreeceResearch Center for Cloud Computing, Shenzhen Institutes of Advanced Technology, Chinese Academy of Sciences, Shenzhen 518000, ChinaDepartment of Computer Science, School of Science, University of Thessaly, 35131 Lamia, GreeceCommunications Department, Universitat Politecnica de Valencia, 46022 Valencia, SpainDepartment of Civil Engineering, School of Engineering, Democritus University of Thrace, Xanthi 67100, GreeceA Security Operations Center (SOC) is a central technical level unit responsible for monitoring, analyzing, assessing, and defending an organization’s security posture on an ongoing basis. The SOC staff works closely with incident response teams, security analysts, network engineers and organization managers using sophisticated data processing technologies such as security analytics, threat intelligence, and asset criticality to ensure security issues are detected, analyzed and finally addressed quickly. Those techniques are part of a reactive security strategy because they rely on the human factor, experience and the judgment of security experts, using supplementary technology to evaluate the risk impact and minimize the attack surface. This study suggests an active security strategy that adopts a vigorous method including ingenuity, data analysis, processing and decision-making support to face various cyber hazards. Specifically, the paper introduces a novel intelligence driven cognitive computing SOC that is based exclusively on progressive fully automatic procedures. The proposed λ-Architecture Network Flow Forensics Framework (λ-ΝF3) is an efficient cybersecurity defense framework against adversarial attacks. It implements the Lambda machine learning architecture that can analyze a mixture of batch and streaming data, using two accurate novel computational intelligence algorithms. Specifically, it uses an Extreme Learning Machine neural network with Gaussian Radial Basis Function kernel (ELM/GRBFk) for the batch data analysis and a Self-Adjusting Memory k-Nearest Neighbors classifier (SAM/k-NN) to examine patterns from real-time streams. It is a forensics tool for big data that can enhance the automate defense strategies of SOCs to effectively respond to the threats their environments face.http://www.mdpi.com/2504-2289/3/1/6network flow forensicsadversarial attacksmalware traffic analysissecurity operations centercognitive cybersecurity intelligencelambda architecture |
spellingShingle | Konstantinos Demertzis Nikos Tziritas Panayiotis Kikiras Salvador Llopis Sanchez Lazaros Iliadis The Next Generation Cognitive Security Operations Center: Adaptive Analytic Lambda Architecture for Efficient Defense against Adversarial Attacks Big Data and Cognitive Computing network flow forensics adversarial attacks malware traffic analysis security operations center cognitive cybersecurity intelligence lambda architecture |
title | The Next Generation Cognitive Security Operations Center: Adaptive Analytic Lambda Architecture for Efficient Defense against Adversarial Attacks |
title_full | The Next Generation Cognitive Security Operations Center: Adaptive Analytic Lambda Architecture for Efficient Defense against Adversarial Attacks |
title_fullStr | The Next Generation Cognitive Security Operations Center: Adaptive Analytic Lambda Architecture for Efficient Defense against Adversarial Attacks |
title_full_unstemmed | The Next Generation Cognitive Security Operations Center: Adaptive Analytic Lambda Architecture for Efficient Defense against Adversarial Attacks |
title_short | The Next Generation Cognitive Security Operations Center: Adaptive Analytic Lambda Architecture for Efficient Defense against Adversarial Attacks |
title_sort | next generation cognitive security operations center adaptive analytic lambda architecture for efficient defense against adversarial attacks |
topic | network flow forensics adversarial attacks malware traffic analysis security operations center cognitive cybersecurity intelligence lambda architecture |
url | http://www.mdpi.com/2504-2289/3/1/6 |
work_keys_str_mv | AT konstantinosdemertzis thenextgenerationcognitivesecurityoperationscenteradaptiveanalyticlambdaarchitectureforefficientdefenseagainstadversarialattacks AT nikostziritas thenextgenerationcognitivesecurityoperationscenteradaptiveanalyticlambdaarchitectureforefficientdefenseagainstadversarialattacks AT panayiotiskikiras thenextgenerationcognitivesecurityoperationscenteradaptiveanalyticlambdaarchitectureforefficientdefenseagainstadversarialattacks AT salvadorllopissanchez thenextgenerationcognitivesecurityoperationscenteradaptiveanalyticlambdaarchitectureforefficientdefenseagainstadversarialattacks AT lazarosiliadis thenextgenerationcognitivesecurityoperationscenteradaptiveanalyticlambdaarchitectureforefficientdefenseagainstadversarialattacks AT konstantinosdemertzis nextgenerationcognitivesecurityoperationscenteradaptiveanalyticlambdaarchitectureforefficientdefenseagainstadversarialattacks AT nikostziritas nextgenerationcognitivesecurityoperationscenteradaptiveanalyticlambdaarchitectureforefficientdefenseagainstadversarialattacks AT panayiotiskikiras nextgenerationcognitivesecurityoperationscenteradaptiveanalyticlambdaarchitectureforefficientdefenseagainstadversarialattacks AT salvadorllopissanchez nextgenerationcognitivesecurityoperationscenteradaptiveanalyticlambdaarchitectureforefficientdefenseagainstadversarialattacks AT lazarosiliadis nextgenerationcognitivesecurityoperationscenteradaptiveanalyticlambdaarchitectureforefficientdefenseagainstadversarialattacks |