The document outlines a user-centric machine learning framework for enhancing the functionality of Security Operations Centers (SOCs) in cyber security. It highlights the importance of a proactive approach in detecting potential threats by utilizing existing security information and event management systems. The proposed system aims to improve user awareness and risk reduction by analyzing security data and optimizing detection methodologies.

1. USER CENTRIC MACHINE LEARNING FOR
CYBER SECURITY OPERATION CENTER
CHITTULURI. SAI CHANDRA
Sri Indu Institute of Engineering and Technology
Under the Guidance of
Mr. VEERA KISHORE KADAM
ASSOCIATE PROFESSOR

2. CONTENTS
• Abstract
• Introduction
• Existing System
• Proposed System
• System Analysis
• System Architecture
• Modules
• UML Diagrams
• Conclusion
• Future Enhancement

3. ABSTRACT
In order to ensure a User Internet Security, SIEM (Security Information and Event
Management) system is in place to simplify the various preventive technologies and flag alerts for
security events. Machine learning is a possible approach to improving the productivity of
SOC(Security Operations Center) analysts. In this project, we create a user-centric engineer
learning framework for the Internet Safety Functional Center in the real organizational context. We
discuss regular data sources in SOC, and how to process this data and create an effective machine
learning system.

4. INTRODUCTION
Cyber security incidents will cause significant financial and reputation impacts. In order to detect
malicious activities, the SIEM (Security Information and Event Management) system is built. From the
security event logs, SOC (Security Operation Center) team develops so-called use cases with a pre-
determined severity based on the analysts experiences.
If any pre-defined use case is triggered, SIEM system will generate an alert in real time. SOC analysts
will then investigate the alerts to decide whether the user related to the alert is risky (a true positive) or
not (false positive).

5. If they find the alerts to be suspicious from the analysis, SOC analysts will create OTRS (Open Source
Ticket Request System) tickets. After initial investigation, certain OTRS tickets will be escalated to tier 2
investigation system as severe security incidents for further investigation and remediation by Incident
Response Team.

6. EXISTING SYSTEM
Most approaches to security in the enterprise have focused on protecting the network infrastructure with
no or little attention to end users. Data Analysis for Network Cyber-Security focuses on monitoring and
analyzing network traffic data, with the intention of preventing, malicious activity.
Based on that no or little attention which was given by the existing organizations, the end use may not
have a complete knowledge about the risk they are going through.

7. PROPOSED SYSTEM
User-centric cyber security helps users in reduce the risk associated. User-centric cyber security is not the
same as user security. User-centric cyber security is about answering peoples’ needs in ways that preserve
the integrity of the enterprise network and its assets.
Cyber-security systems are real-time and robust independent systems with high performances
requirements. Critical infrastructures have always been the target of criminals and are affected by security
threats because of their complexity and cyber-security connectivity.
 Main scope of this project in reduce the risk of the user on internet.

8. SYSTEM ANALYSIS
Software Requirements:
Operating System : Windows XP/7/8/10
User Interface : HTML/CSS
Programming Language: Python
Web Framework : Django
Database : MYSQL
Hardware Requirements:
System : Pentium IV 2.4 GHz
Hard Disk : 40 Gb
Monitor : 14’ Colour Monitor
Ram : 512Mb

9. SYSTEM ARCHITECTURE

10. MODULES
Cyber Analysis
Dataset Modification
Cyber Analysis:-
Cyber threat analysis is a process in which the knowledge of internal and external information
vulnerabilities pertinent to a particular organization is matched against real-world cyber-attacks. With
respect to cyber security, this threat-oriented approach to combating cyber-attacks represents a smooth
transition from a state of reactive security to a state of proactive one.
Data Reduction
Risky User Detection

11. Dataset Modification:-
If a dataset in your dashboard contains many dataset objects, you can hide specific dataset objects
from display in the Datasets panel.
Data Reduction:-
Improve storage efficiency through data reduction techniques and capacity optimization using data
reduplication, compression, snapshots and thin provisioning. Data reduction via simply deleting unwanted or
unneeded data is the most effective way to reduce storing of data.
Risky User Detection:-
False alarm immunity to prevent customer embarrassment, High detection rate to protect all kinds of
goods from theft, Wide-exit coverage offers greater flexibility for entrance/exit layouts, Sophisticated digital
controller technology for optimum system performance.

12. UML DIAGRAMS
CLASS DIAGRAM:

13. USECASE DIAGRAM:
USER
ADMIN

14. ACTIVITY DIAGRAM:
USER ADMIN

15. SEQUENCE DIAGRAM:

16. COLLABORATION DIAGRAM:

17. DEPLOYMENT DIAGRAM:

18. CONCLUSION
This method provides complete configuration and solution for dangerous user detection for the
Enterprise System Operating Center.
Machine learning methods in the SOC product environment, IO, host and users to create user-centric
features.
Even with simple mechanical learning algorithms, we prove that the learning system can understand
more insights from the rankings with the most unbalanced and limited labels.

19. FUTURE ENHANCEMENT
To improve the detection precision situation, we will examine other learning methods to
improve the data acquisition, daily model renewal, real time estimate, fully enhance and
organizational risk detection and management.
As of now we provided only one operation i.e. transactions, in future we will update with more
operations under cyber security.

20. !...THANK YOU…!