Next Article in Journal
A Model Free Control Based on Machine Learning for Energy Converters in an Array
Previous Article in Journal
Big-Crypto: Big Data, Blockchain and Cryptocurrency
Article Menu

Export Article

Open AccessArticle
Big Data Cogn. Comput. 2018, 2(4), 35; https://doi.org/10.3390/bdcc2040035

The Next Generation Cognitive Security Operations Center: Network Flow Forensics Using Cybersecurity Intelligence

1
Department of Civil Engineering, School of Engineering, Democritus University of Thrace, Xanthi 67100, Greece
2
Department of Computer Science, School of Science, University of Thessaly, Lamia 35131, Greece
3
Research Center for Cloud Computing, Shenzhen Institutes of Advanced Technology, Chinese Academy of Sciences, Shenzhen 518000, China
4
Communications Department, Universitat Politecnica de Valencia, Valencia 46022, Spain
*
Author to whom correspondence should be addressed.
Received: 25 October 2018 / Revised: 12 November 2018 / Accepted: 20 November 2018 / Published: 22 November 2018
Full-Text   |   PDF [634 KB, uploaded 22 November 2018]   |  
  |   Review Reports

Abstract

A Security Operations Center (SOC) can be defined as an organized and highly skilled team that uses advanced computer forensics tools to prevent, detect and respond to cybersecurity incidents of an organization. The fundamental aspects of an effective SOC is related to the ability to examine and analyze the vast number of data flows and to correlate several other types of events from a cybersecurity perception. The supervision and categorization of network flow is an essential process not only for the scheduling, management, and regulation of the network’s services, but also for attacks identification and for the consequent forensics’ investigations. A serious potential disadvantage of the traditional software solutions used today for computer network monitoring, and specifically for the instances of effective categorization of the encrypted or obfuscated network flow, which enforces the rebuilding of messages packets in sophisticated underlying protocols, is the requirements of computational resources. In addition, an additional significant inability of these software packages is they create high false positive rates because they are deprived of accurate predicting mechanisms. For all the reasons above, in most cases, the traditional software fails completely to recognize unidentified vulnerabilities and zero-day exploitations. This paper proposes a novel intelligence driven Network Flow Forensics Framework (NF3) which uses low utilization of computing power and resources, for the Next Generation Cognitive Computing SOC (NGC2SOC) that rely solely on advanced fully automated intelligence methods. It is an effective and accurate Ensemble Machine Learning forensics tool to Network Traffic Analysis, Demystification of Malware Traffic and Encrypted Traffic Identification. View Full-Text
Keywords: network flow forensics; Security Operations Center; network traffic analysis; traffic identification; demystification of malware traffic; ensemble machine learning network flow forensics; Security Operations Center; network traffic analysis; traffic identification; demystification of malware traffic; ensemble machine learning
Figures

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).
SciFeed

Share & Cite This Article

MDPI and ACS Style

Demertzis, K.; Kikiras, P.; Tziritas, N.; Sanchez, S.L.; Iliadis, L. The Next Generation Cognitive Security Operations Center: Network Flow Forensics Using Cybersecurity Intelligence. Big Data Cogn. Comput. 2018, 2, 35.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Big Data Cogn. Comput. EISSN 2504-2289 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top