Functional model of the Security Operation Center

DOI: 10.31673/2409-7292.2020.034448

Authors

  • В. Г. Бушков, (Bushkov V. G.) State University of Telecommunications, Kyiv
  • Є. В. Соловйов, (Solovyov Ye. V.) State University of Telecommunications, Kyiv
  • О. О. Бобровський, (Bobrovsʹkyy O. O.) State University of Telecommunications, Kyiv
  • В. Є. Міщан, (Mishchan V. Ye.) State University of Telecommunications, Kyiv
  • В. О. Попов, (Popov V. O.) State University of Telecommunications, Kyiv

DOI:

https://doi.org/10.31673/2409-7292.2020.034448

Abstract

The article considers the functional model of the Security Operation Center (SOC), which combines the basic policies, procedures and technological tools to combat cyber impacts on the organization. The main functions of SOC, tasks and methods of implementation are defined. Examples of practical application of the model are given. The architecture of a typical SOC infrastructure is proposed.

Keywords: Cyber Defense Operations Center, cyber attack, cybersecurity, network protection.

References
1. CVSS Severity Distribution Over Time [Електронний ресурс] // National Vulnerability Database – Режим доступу до ресурсу: https://nvd.nist.gov/vuln-metrics/visualizations/cvss-severity-distribution-over-time (03.07.20).
2. Sarraute C. Penetration testing == POMDP solving? / C.Sarraute, O.Buffet, J.Hoffmann. // arXiv. – 2013. - arXiv:1306.4714.
3. Sarraute C. POMDPs make better hackers: Accounting for uncertainty in penetration testing. / C.Sarraute, O.Buffet, J.Hoffmann // In Proceedings of the 26th AAAI Conference on Artificial Intelligence «AAAI’12». Toronto, ON, Canada, July 2012. AAAI Press. - pp. 1816-1824.
4. Shmaryahu D. Partially observable contingent planning for penetration testing / D.Shmaryahu, G.Shani, J.Hoffmann // 2017 1st Int Workshop on Artificial Intelligence in Security. – 2017. – pp. 33-40.
5. Stefinko Ya. Theory of modern penetration testing expert system. / Ya.Ya.Stefinko, A.Z.Piskozub // Information Processing Systems, -2017. - Vol. 2(148), - pp. 129-133.
6. Durkota K. Computing optimal policies for attack graphs with action failures and costs. / K.Durkota, V.Lisy. // In 7th European Starting AI Researchers` Symposium «STAIRS’14». January 2014.
7. Zhou T. NIG-AP: a new method for automated penetration testing. / T.Zhou, Y.Zang, J.Zhu, et al. // Frontiers Inf Technol Electronic Eng 20, - 2019. – pp. 1277–1288.
8. Sutton R.S. Reinforcement Learning: An Introduction second edition. / R.S. Sutton, A.G. Barto // The MIT Press, Cambridge, MA, 2018. - 445 P.
9. McFarlane R. A survey of exploration strategies in reinforcement learning. [Електронний ресурс] / R. McFarlane // McGill University – Режим доступу до ресурсу: http://www.cs.mcgill.ca/~cs526/roger.pdf (03.07.20).

Downloads

Published

2020-12-02

Issue

No. 3 (2020)

Section

Articles