Design and Implementation of a Research and Education Cybersecurity Operations Center

The growing number and severity of cybersecurity threats, combined with a shortage of skilled security analysts, has led to an increased focus on cybersecurity research and education. In this article, we describe the design and implementation of an education and research Security Operations Center (SOC) to address these issues. The design of a SOC to meet educational goals as well as perform cloud security research is presented, including a discussion of SOC components created by our lab, including honeypots, visualization tools, and a lightweight cloud security dashboard with autonomic orchestration. Experimental results of the honeypot project are provided, including analysis of SSH brute force attacks (aggregate data over time, attack duration, and identification of well-known botnets), geolocation and attack pattern visualization, and autonomic frameworks based on the observe, orient, decide, act methodology. Directions for future work are also be discussed.

[1]  Casimer DeCusatis,et al.  Identity-based network security for commercial blockchain services , 2018, 2018 IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC).

[2]  Mark M. Payne Destruction and Creation , 2010 .

[3]  Alan G. Labouseur,et al.  An API honeypot for DDoS and XSS analysis , 2017, 2017 IEEE MIT Undergraduate Research Technology Conference (URTC).

[4]  Casimer DeCusatis,et al.  Implementing Zero Trust Cloud Networks with Transport Access Control and First Packet Authentication , 2016, 2016 IEEE International Conference on Smart Cloud (SmartCloud).

[5]  Casimer DeCusatis,et al.  Methodology for an Open Digital Forensics Model Based on CAINE , 2015, 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing.

[6]  Alan Labouseur G* studio , 2016, Inroads.

[7]  Alan G. Labouseur,et al.  The G* graph database: efficiently managing large distributed dynamic graphs , 2015, Distributed and Parallel Databases.