تقرير
Adaptable Plug and Play Security Operations Center Leveraging a Novel Programmable Plugin-based Intrusion Detection and Prevention System
| العنوان: | Adaptable Plug and Play Security Operations Center Leveraging a Novel Programmable Plugin-based Intrusion Detection and Prevention System |
|---|---|
| المؤلفون: | Shatnawi, Ahmed S., Al-Duwairi, Basheer, Almazari, Mahmoud M., Alshakhatreh, Mohammad S., Khader, Ahmad N., Abdullah, Abdullah A. |
| سنة النشر: | 2022 |
| المجموعة: | Computer Science |
| مصطلحات موضوعية: | Computer Science - Cryptography and Security |
| الوصف: | The number of cyber-attacks have substantially increased over the past decade resulting in huge organizational financial losses. Indeed, it is no longer a matter of "if" but "when" a security incident will take place. A Security Operations Center(SOC) adoption will help in the detection, identification, prevention, and resolution of issues before they end up causing extensive cyber-related damage. In this paper, our proposed framework is brought about to address the problem that current open-source SOC implementations are plagued with. These include lack of ability to be strengthened on the fly, slow development processes, and their ineptness for continuous timely updates. We, herein, propose a framework that would offer a fully automated open-source SOC deployment; otherwise dubbed, a "plug-and-play framework"; full horizontal scalability incorporating a modular architecture. These underpinning features are meant to mitigate underlying SOC challenges, which often emerge as a result of many pre-determined and repeated processes, bolstering their ability for expansion with new tools. This is on top of enhancing their ability to handle more servers in the clusters as a single logical unit. We also introduce a new system of its kind called a Programmable Plugin-based Intrusion Detection and Prevention System (PPIDPS). This system will extend a SOC's ability to add any tool to the monitored devices while collecting logs that can trigger alerts whenever a suspicious behavior is detected. Comment: Submitted to Computers & Security |
| نوع الوثيقة: | Working Paper |
| URL الوصول: | http://arxiv.org/abs/2204.04576 |
| رقم الأكسشن: | edsarx.2204.04576 |
| قاعدة البيانات: | arXiv |
| الوصف غير متاح. |