Defense Strategies for Epidemic Cyber Security Threads: Modelling and Analysis by Using a Machine Learning Approach

Authors- N Perumal, Nagasundaram S Professor

Abstract--To assure cyber security of an enterprise, typically SIEM(Security Information and Event Management) system is in place to normalize security events from different preventive technology and flag alert. Analysis in the security operation centre(SOC) investigation the alerts to decide if it is truly malicious or not. However, generally the number of alerts is overwhelming with majority of them being false positive and exceeding the SOC’s capacity to handle all alerts. Because of this, potential and exceeding the SOC’s capacity to handle all alerts. Because of this potential malicious attacks and compromised hosts may be missed. Machine learning is a viable approach to reduce the false positive rate and improve the productivity of SOC analysis. In this paper, we develop a user – centric machine learning framework for the cyber security operation centre in real enterprise environment. we discuss the typical data sources in SOC, their work flow and how to leverage and process these data sets to built and effective machine these data sets to built and effective machine learning and process these data sets to built an effective machine learning system. The paper is targeted toward two groups of readers. The first group is data scientists or machine learning systems for security operation centre.

href=”http://doi.org/10.61463/ijset.vol.13.issue2.381″>/10.61463/ijset.vol.13.issue2.381