• home
• current students
• graduate
• events

Presenter: Nitika Jindal
Supervisor:

Date: Tue, December 10, 2019
Time: 14:00:00 - 15:00:00
Place: EOW 430

ABSTRACT

Abstract:   

As the attacks are increasing day by day it has become pivotal to protect our data and devices from these attacks. Hackers are getting smarter by every passing day and they are coming up with new ways to intrude into the organization's system. Organizations use firewalls, intrusion detection, and prevention systems to protect their data. The intrusion detection systems generate alerts and it becomes very important to investigate these alerts as there are many false alerts that are being generated. Security Operations Center (SOC) teams collect these alerts from different organizations and investigate them. Despite their popularity, Security Operation Centers (SOCs) are facing increasing challenges and pressure due to the growing volume, velocity, and variety of the IT infrastructure and security data observed on a daily basis. Due to the mixed performance of current technological solutions, e.g. IDS and SIEM, there is an over-reliance on manual analysis of the events by human security analysts. This creates huge backlogs and slows down considerably the resolution of critical security events. Obvious solutions include increasing accuracy and efficiency in the automation of crucial aspects of the SOC workflow, such as the event classification and prioritization.

We present, in the current thesis, an automated and the new approach for SOC event classification by using the graph metrics as the features of the dataset itself and by identifying a set of new features using graphical analysis and some by feature merging. We then supplied these features to the deep neural network model and classified which attacks should be notified to the users and which attacks should not be notified. Experimental evaluation using real SOC event log data yields very encouraging results in terms of classification accuracy.