nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

Design and Implementation of a Research and Education Cybersecurity Operations Center

verfasst von : C. DeCusatis, R. Cannistra, A. Labouseur, M. Johnson

Erschienen in: Cybersecurity and Secure Information Systems

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The growing number and severity of cybersecurity threats, combined with a shortage of skilled security analysts, has led to an increased focus on cybersecurity research and education. In this article, we describe the design and implementation of an education and research Security Operations Center (SOC) to address these issues. The design of a SOC to meet educational goals as well as perform cloud security research is presented, including a discussion of SOC components created by our lab, including honeypots, visualization tools, and a lightweight cloud security dashboard with autonomic orchestration. Experimental results of the honeypot project are provided, including analysis of SSH brute force attacks (aggregate data over time, attack duration, and identification of well-known botnets), geolocation and attack pattern visualization, and autonomic frameworks based on the observe, orient, decide, act methodology. Directions for future work are also be discussed.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel A Detailed Investigation and Analysis of Deep Learning Architectures and Visualization Techniques for Malware Family Identification

Juniper Research Report (2018) The future of cybercrime and security: financial and corporate threats and mitigation. May 12, 2018, https://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillion Last accessed 6 Dec 2018

U.S. Senate hearings on Global Threats and National Security (January 29, 2019), available from https://www.c-span.org/video/?457211-1/national-security-officials-testify-threats-us&live. Last accessed 30 Jan 2019

U.S. Presidential Executive Order, strengthening the cybersecurity of federal networks and critical infrastructure (May 11, 2017) https://www.whitehouse.gov/the-press-office/2017/05/11/presidential-executive-order-strengthening-cybersecurity-federal. Last accessed 18 Dec 2018

Basken P (2017) Innovations in cybersecurity benefit graduates and the nation, Chronicle of Higher Education, February 26, 2017 http://www.chronicle.com/. Last accessed 20 Sept 2017

Eduventure study (2018) Market snapshot: cybersecurity bachelors and masters http://www.eduventures.com/ Last accessed 18 Dec 2018

Federal Cybersecurity Research and Development Strategic Plan (RDSP), 52 pages, National Science and Technology Council (February 2016) https://www.nitrd.gov/cybersecurity/ Last accessed 18 Dec 2018

Marist LongTail SSH Honeypot & Analytic Code available via IEEE Try-CybSi project, part of the IEEE Cybersecurity Initiative launched by the IEEE Computer Society and the IEEE Future Directions Committee http://try.cybersecurity.ieee.org/trycybsi/explore/honeypot (posted March 2016, last accessed Sept 2016)

Marist Innovation Lab GitHub site, https://github.com/Marist-Innovation-Lab. Last accessed 11 Feb 2018

MondoPad homepage, www.mondopad.net. Last accessed 11 Feb 2018

10.

Marist Cybersecurity SOC (2018) Cybersecurity education, geolocation, and IBM QRadar, https://www.youtube.com/watch?v=VZo9TWKIAbI&feature=youtu.be. Last accessed 11 Feb 2018

11.

Marist Cybersecurity SOC (2018) Cloud security and graph analytics https://www.youtube.com/watch?v=Hz_XyIipC2Y&t=1s last accessed 11 Feb 2018

12.

Certified Ethical Hacker (2018) EC Council, https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/. Last accessed 11 Feb 2018

13.

New York State Cybersecurity Certificate, the Institue of Data Center Professionals (IDCP), http://idcp.marist.edu/enterprisesystemseducation/cybersecurity.html. Last accessed 11 Feb 2018

14.

CISSP certification, https://www.isc2.org/Certifications/CISSP. Last accessed 11 Feb 2018

15.

Verizon 2018 data breach report, www.verizonenterprise.com/DBIR/2014. Last accessed 11 Feb 2018

16.

“Staying ahead in the cybersecurity game,” IBM Cybersecurity e-book shared under creative commons license (2014) https://www14.software.ibm.com/webapp/iwm/web/signup.do?source=swg-WW_Security_Organic&S_PKG=ov24572&S_TACT=102PW2CW&ce=ISM0484&ct=SWG&cmp=IBMSocial&cm=h&cr=Security&ccy=US&cm_mc_uid=96215074523614247914094&cm_mc_sid_50200000=1424791409. Last accessed 25 Sept 2017

17.

The Honeypot Project https://www.projecthoneypot.org/. Last accessed 18 Dec 2018

18.

Acalvio Technologies white paper (Fwd. by G. Eschelbeck), “The definitive guide to deception 2.0: cybersecurity manual for definitive deception solutions”, 60 pages (2017)

19.

U.S. Dept. of Homeland Security and U.S. Computer Emergency Readiness Team, Glossary of Common Cybersecurity Terminology (2015)

20.

“Cisco 2015 annual security report”, published by Cisco System Inc., https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf. Last accessed 9 Feb 2015

21.

Joseph V, Liengtiraphan P, Leaden G, DeCusatis C (2017) A Software-Defined Network Honeypot with Geolocation and Analytic Data Collection. In: Proceeding of 12th annual IEEE/ACM information technology professional conference, Trenton, NJ (March 17, 2017)

22.

DeCusatis C, Labouseur A, Famularo T, Heiden J, Leaden G, Magnusson T, Zimmermann M (2017) An API Honeypot for DDoS and XSS Analysis.In: Proceeding of NYIT 7th annual cybersecurity conference, New York, NY; Best Undergraduate Research Paper Award (Sept 23, 2017)

23.

Leaden G, Zimmermann M, DeCusatis C, Labouseur A (2017) An API Honeypot for DDoS and XSS Analysis. Proceeding of IEEE/MIT undergraduate research technology conference, Cambridge, MA (Nov. 3–5 2017)

24.

Labouseur A, Birnbaum J, Olsen P Jr, Spillane S, Vijayan J, Hwang J, Han W (2015) The G-Star graph database: efficiently managing large distributed dynamic graphs. ACM Distrib Parallel Databases 33(4):479–514CrossRef

25.

Remote Firewall Web Server https://github.com/security-kiss.com/rfw. Last accessed 11 Feb 2018

26.

Graylog open source log parser, https://www.graylog.org. Last accessed 11 Feb 2018

27.

ELK stack (Elastisearch, Logstache, Kibana), https://www.elastic.co/elk-stack. Last accessed 11 Feb 2018

28.

DeCusatis C, Zimmerman M, Sager A (2018) Identity based network security for commercial Blockchain services (IEEE XPlore Feature Article). In Proceeding of 8th annual IEEE Computing and Communications Workshop and Conference, Las Vegas, NV (8–10 Jan 2018)

29.

IBM Qradar Security Software Documentation, http://www-01.ibm.com/support/docview.wss?uid=swg21614644 online document. Last accessed 20 Sept 2017

30.

Cisco Tetration Analytics, https://www.cisco.com/c/en/us/products/data-center-analytics/tetration-analytics/index.html online document. Last accessed 20 Sept 2017

31.

Krzywinski M (2018) Linear layout for visualization of networks: the end of hairballs. Proceeding of Genome Informatics 2010, Hinxton, UK (Sept 17, 2010), http://mkweb.bcgsc.ca/linnet. Last accessed 18 Dec 2018

32.

Longtail in hive plots—J. Ma, “Machine learning applications in computational genomics”, Carnegie Mellon University, https://www.slideshare.net/HiveData/prof-jian-ma. Last accessed 18 Dec 2018

33.

Engle S, Whaelan S (2018) Visualizing distributed memory computations using hive plots. Proceeding of ACM 9th international symposium on visualization for cybersecurity, Seattle, WA (Oct 15, 2012), https://vizsec.org/vizsec2012/. Last accessed 18 Dec 2018

34.

Daubert versus Merrell Dow Pharmaceuticals, Inc., 509 U.S. 579 (1993)

35.

DeCusatis C, Carranza A, Ngaide A, Zafar S, Landaez N, An open digital forensics model based on CAINE. Proceeding of 15th IEEE International Conference on computer and information technology (CIT 2015), October 26–28, Liverpool, UK

36.

Smith R (2014) Elemantary Information Security, 2nd edn. Jones and Bartlett Publishers

37.

Boyd JR (1976) Destruction and creation. U.S. Army Command and General Staff College (3 Sept 1976)

38.

DeCusatis C, Liengtiraphan P, Sager A, Pinelli M (2016) Implementing zero trust cloud networks with transport access control and first packet authentication. In: Proceeding IEEE International Conference on Smart Cloud (SmartCloud 2016), New York, NY (18–20 Nov 2016)

39.

Labouseur A et al (2016) G* Studio: An adventure in graph databases, distributed systems, and software development. Inroads 7(2):58–66CrossRef

Titel: Design and Implementation of a Research and Education Cybersecurity Operations Center
verfasst von: C. DeCusatis
R. Cannistra
A. Labouseur
M. Johnson
Verlag: Springer International Publishing
Buch: Cybersecurity and Secure Information Systems
Print ISBN: 978-3-030-16836-0

Electronic ISBN: 978-3-030-16837-7

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-16837-7_13

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner