This document describes a proposed user-centric machine learning framework for a cyber security operations center. It discusses the typical data sources in a SOC like security logs and alerts from various systems. It explains how this data can be processed and used to create an effective machine learning system to evaluate user risks. This would help security analysts prioritize investigations and improve efficiency. The proposed framework integrates alert information, security logs, and analyst notes to generate features and labels for machine learning models. It aims to reduce manual analysis workload while enhancing security. The document also provides an example implementation using real industry data to demonstrate the full process from data collection and labeling to model training and evaluation.
user centric machine learning framework for cyber security operations centerVenkat Projects
In order to ensure a company's Internet security, SIEM (Security Information and Event Management) system is in place to simplify the various preventive technologies and flag alerts for security events. Inspectors (SOC) investigate warnings to determine if this is true or not. However, the number of warnings in general is wrong with the majority and is more than the ability of SCO to handle all awareness. Because of this, malicious possibility. Attacks and compromised hosts may be wrong. Machine learning is a possible approach to improving the wrong positive rate and improving the productivity of SOC analysts. In this article, we create a user-centric engineer learning framework for the Internet Safety Functional Center in the real organizational context. We discuss regular data sources in SOC, their work flow, and how to process this data and create an effective machine learning system. This article is aimed at two groups of readers. The first group is intelligent researchers who have no knowledge of data scientists or computer safety fields but who engineer should develop machine learning systems for machine safety. The second groups of visitors are Internet security practitioners that have deep knowledge and expertise in Cyber Security, but do Machine learning experiences do not exist and I'd like to create one by themselves. At the end of the paper, we use the account as an example to demonstrate full steps from data collection, label creation, feature engineering, machine learning algorithm and sample performance evaluations using the computer built in the SOC production of Seyondike.
The main aim of this project is to control the cyber crimes. Cyber security incidents will cause significant financial and reputation impacts. In order to detect malicious activities, the SIEM (Security Information and Event Management) system is built. If any pre-defined use case is triggered, SOC analysts will generate OTRS in real time. So that user will be aware of threats
This document discusses ethics in IT security. It covers laws and ethics, codes of ethics from professional organizations like ACM and ISSA, relevant US laws on topics like privacy and copyright, and the importance of education and training in developing an ethical approach to information security. Overall it emphasizes the responsibility of security practitioners to understand legal/regulatory issues and act ethically.
This document discusses threat modeling for software applications. It covers the key stages of threat modeling including decomposing the application, determining and ranking threats using STRIDE, and determining countermeasures. Specific topics covered include threat modeling approaches, data flow diagrams, trust levels, the STRIDE framework for analyzing spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege threats. It also discusses mobile threat modeling and provides an example threat analysis of a student results portal application.
This document discusses threat hunting using the Cyber Kill Chain model. It describes each stage of the kill chain - reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions. It provides examples of detecting activities at each stage, such as detecting suspicious website access, newly observed domains, and known exploits. The document also mentions related frameworks like MITRE ATT&CK and indicators of compromise.
The document provides an overview of threat landscapes, common threat actors, and tools used in cyber attacks against corporations. It discusses how threat landscapes change over time due to new vulnerabilities, software/hardware, and global events. Common threat actors described include white hat, gray hat, and black hat hackers. A variety of penetration testing and hacking tools are outlined that threat actors use, such as password crackers, wireless hacking tools, network scanners, packet sniffers, and vulnerability exploitation tools. Different types of attacks like eavesdropping, data modification, and IP spoofing are also summarized.
The document discusses automatic malware clustering and detection. It covers the current state of antivirus classification, which relies primarily on signature-based methods. Automatic malware clustering aims to recognize known malware to filter it out and focus on new threats. The clustering process typically involves malware analysis, feature extraction, and clustering algorithms. Inconsistent labeling of malware families by different antivirus vendors poses challenges. The document advocates improving classification by describing the full malware lifecycle.
Cybersecurity Incident Management Powerpoint Presentation Slides are designed for information technology experts. Our data security PowerPoint theme combines high-quality design with info accumulated by industry experts. Represent the present situation of the target organization’s information security management using our patterned PPT slideshow. The innovative data visualizations aid in compiling data such as the analysis of the current IT department with considerable convenience. Communicate the cybersecurity framework roadmap and kinds of cyber threats with the help of this PowerPoint layout. Demonstrate the cybersecurity risk management action plan through the tabular format included in this PPT presentation. Illustrate the cybersecurity contingency plan. Our information security management system PowerPoint templates deck helps you in defining risk handling responsibilities of your personnel. Elucidate the role of the management in successful information security governance. Our PPT deck also outlines the costs involved in cybersecurity management and staff training. Showcase an impact analysis with a dash of visual brilliance. Smash the download button and start designing. Our Cybersecurity Incident Management Powerpoint Presentation Slides are topically designed to provide an attractive backdrop to any subject. Use them to look like a presentation pro. https://bit.ly/3zWo1hb
user centric machine learning framework for cyber security operations centerVenkat Projects
In order to ensure a company's Internet security, SIEM (Security Information and Event Management) system is in place to simplify the various preventive technologies and flag alerts for security events. Inspectors (SOC) investigate warnings to determine if this is true or not. However, the number of warnings in general is wrong with the majority and is more than the ability of SCO to handle all awareness. Because of this, malicious possibility. Attacks and compromised hosts may be wrong. Machine learning is a possible approach to improving the wrong positive rate and improving the productivity of SOC analysts. In this article, we create a user-centric engineer learning framework for the Internet Safety Functional Center in the real organizational context. We discuss regular data sources in SOC, their work flow, and how to process this data and create an effective machine learning system. This article is aimed at two groups of readers. The first group is intelligent researchers who have no knowledge of data scientists or computer safety fields but who engineer should develop machine learning systems for machine safety. The second groups of visitors are Internet security practitioners that have deep knowledge and expertise in Cyber Security, but do Machine learning experiences do not exist and I'd like to create one by themselves. At the end of the paper, we use the account as an example to demonstrate full steps from data collection, label creation, feature engineering, machine learning algorithm and sample performance evaluations using the computer built in the SOC production of Seyondike.
The main aim of this project is to control the cyber crimes. Cyber security incidents will cause significant financial and reputation impacts. In order to detect malicious activities, the SIEM (Security Information and Event Management) system is built. If any pre-defined use case is triggered, SOC analysts will generate OTRS in real time. So that user will be aware of threats
This document discusses ethics in IT security. It covers laws and ethics, codes of ethics from professional organizations like ACM and ISSA, relevant US laws on topics like privacy and copyright, and the importance of education and training in developing an ethical approach to information security. Overall it emphasizes the responsibility of security practitioners to understand legal/regulatory issues and act ethically.
This document discusses threat modeling for software applications. It covers the key stages of threat modeling including decomposing the application, determining and ranking threats using STRIDE, and determining countermeasures. Specific topics covered include threat modeling approaches, data flow diagrams, trust levels, the STRIDE framework for analyzing spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege threats. It also discusses mobile threat modeling and provides an example threat analysis of a student results portal application.
This document discusses threat hunting using the Cyber Kill Chain model. It describes each stage of the kill chain - reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions. It provides examples of detecting activities at each stage, such as detecting suspicious website access, newly observed domains, and known exploits. The document also mentions related frameworks like MITRE ATT&CK and indicators of compromise.
The document provides an overview of threat landscapes, common threat actors, and tools used in cyber attacks against corporations. It discusses how threat landscapes change over time due to new vulnerabilities, software/hardware, and global events. Common threat actors described include white hat, gray hat, and black hat hackers. A variety of penetration testing and hacking tools are outlined that threat actors use, such as password crackers, wireless hacking tools, network scanners, packet sniffers, and vulnerability exploitation tools. Different types of attacks like eavesdropping, data modification, and IP spoofing are also summarized.
The document discusses automatic malware clustering and detection. It covers the current state of antivirus classification, which relies primarily on signature-based methods. Automatic malware clustering aims to recognize known malware to filter it out and focus on new threats. The clustering process typically involves malware analysis, feature extraction, and clustering algorithms. Inconsistent labeling of malware families by different antivirus vendors poses challenges. The document advocates improving classification by describing the full malware lifecycle.
Cybersecurity Incident Management Powerpoint Presentation Slides are designed for information technology experts. Our data security PowerPoint theme combines high-quality design with info accumulated by industry experts. Represent the present situation of the target organization’s information security management using our patterned PPT slideshow. The innovative data visualizations aid in compiling data such as the analysis of the current IT department with considerable convenience. Communicate the cybersecurity framework roadmap and kinds of cyber threats with the help of this PowerPoint layout. Demonstrate the cybersecurity risk management action plan through the tabular format included in this PPT presentation. Illustrate the cybersecurity contingency plan. Our information security management system PowerPoint templates deck helps you in defining risk handling responsibilities of your personnel. Elucidate the role of the management in successful information security governance. Our PPT deck also outlines the costs involved in cybersecurity management and staff training. Showcase an impact analysis with a dash of visual brilliance. Smash the download button and start designing. Our Cybersecurity Incident Management Powerpoint Presentation Slides are topically designed to provide an attractive backdrop to any subject. Use them to look like a presentation pro. https://bit.ly/3zWo1hb
Endpoint security is the cybersecurity approach to defending devices like desktops, laptops, and mobile devices from malicious activity. It works by examining files, processes, and system activity for suspicious indicators from a centralized management console. While endpoint security usually refers to an on-premise solution, endpoint protection refers to a cloud-based solution. Endpoint security is important because every remote endpoint can be the entry point for an attack as organizations have increased their use of remote work and BYOD policies. Top endpoint security vendors include ESET, CrowdStrike, Check Point, and Kaspersky, which offer features like endpoint protection, email security, cloud-based control, sandboxing, and security awareness training.
This document is a seminar report submitted by students Krina and Kiran in partial fulfillment of requirements for a Bachelor of Engineering degree. It discusses ethical hacking, including an introduction defining key terms like threats, exploits, vulnerabilities, and targets of evaluation. It describes the job role of an ethical hacker and different types of hackers like white hats, black hats, and grey hats. The report is presented to satisfy degree requirements and obtain certification from their institute and guides.
This PPT help you to present the topic Hacking at collage level and professional level. If you need more please share an email rashed_ec2012@rediffmail.com
A zero day vulnerability is an unknown hole in software that is exploited by hackers before the vendor becomes aware of it. These exploits can go undetected for months, allowing malicious activities like monitoring or theft. There is high demand for zero day exploits due to their ability to go undetected for long periods, with the average exploit remaining undetected for over 300 days. Once a vulnerability is publicly known, patches can be released and it is no longer considered a zero day exploit.
This document describes a file security system that uses encryption to secure files. It discusses the objectives of securing files from unauthorized users and maintaining confidentiality. The system uses encryption and decryption techniques, including symmetric-key and asymmetric-key encryption. It implements these techniques across three modules: input, process, and output. The system encrypts files using the AES encryption algorithm before outputting the encrypted file.
security
,
system
,
introduction
,
threats to computer system
,
computer
,
security
,
types of software
,
system software
,
bios
,
need of an operating system
,
major functions of operating system
,
types of operating system
,
language
,
processor
,
application software
,
thank you
MindMap - Forensics Windows Registry Cheat SheetJuan F. Padilla
This document summarizes information about the Windows Registry including its structure, tools used to access it, locations of hive files, and types of evidence that can be extracted including search history, recent documents, dialog boxes used, commands executed, and software/OS versions. It explains registry hives like HKEY_LOCAL_MACHINE, keys with MRU lists that track recently used items, and how timestamps and MRU lists can help determine the order and time of user activity on a system.
The document discusses updates to the ATT&CK for ICS framework. It summarizes two recent incidents, the Colonial Pipeline ransomware attack and the Oldsmar water treatment plant hack, and highlights techniques used in each. It previews upcoming additions to ATT&CK for ICS in April 2022 and beyond, including new mapped mitigation objects, integration with other frameworks, mapping of ICS attacks to the enterprise ATT&CK, and the addition of detections for techniques. Future plans outlined include revisions to asset definitions based on ICS verticals and a blog series on technique sequences.
Cyber security is important to protect electronic data and online services from criminal or unauthorized use. There are various security problems in the cyber field like cyber attacks, viruses, hackers, malware, and trojan horses. Some major cyber attacks in India include the Cosmos Bank attack, Aadhaar software hack, ATM system hack, and personal data breaches at companies like JustDial. To prevent cyber attacks, organizations should educate employees, keep software updated, perform security testing, and limit employee access to sensitive data. Careers in cyber security include roles like cyber security engineers, penetration testers, and security analysts.
The document summarizes FireEye's cybersecurity products and services. It discusses how the evolving threat landscape is dissolving security perimeters and creating skills shortages. It then outlines FireEye's network security, email security, endpoint security, and Helix security operations platform products. It also describes FireEye's threat intelligence, managed defense services, and Mandiant consulting services for incident response and strategic advisory work.
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...Edureka!
** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training **
This Edureka PPT on "What is Ethical Hacking" (Blog: https://bit.ly/2rmFo9p) will give you an introduction to Ethical Hacking. This is a beginners tutorial covering all the fundamentals of Ethical Hacking. Below are the topics covered in this PPT:
What is Ethical Hacking
Types of Hackers
Types of Hacking
Phases of Ethical Hacking
Reconnaissance
FootPrinting
FingerPrinting
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
The document defines security attacks and threats. It describes different types of attacks like passive attacks, active attacks, insider attacks, phishing attacks, spoofing attacks, hijack attacks, exploit attacks and password attacks. It also discusses two common threats - Cross Site Scripting (XSS) and SQL injection. XSS involves injecting malicious code snippets while SQL injection embeds malicious code in a poorly-designed app passed to the backend database.
Security Information and Event Management (SIEM)k33a
This document provides an overview of security information and event management (SIEM). It defines SIEM as software and services that combine security information management (SIM) and security event management (SEM). The key objectives of SIEM are to identify threats and breaches, collect audit logs for security and compliance, and conduct investigations. SIEM solutions centralize log collection, correlate events in real-time, generate reports, and provide log retention, forensics and compliance reporting capabilities. The document discusses typical SIEM features, architecture, deployment options, and reasons for SIEM implementation failures.
https://www.enoinstitute.com/training-tutorials-courses/cyber-threat-hunting-training-ccthp/ Learn how to find, assess, and remove threats from your organization in our Certified Cyber Threat Hunting Training (CCTHP) designed to prepare you for the Certified Cyber Threat Hunting Professional (CCTHP) exam.
In this Cyber Threat Hunting Training (CCTHP) course, we will deep dive into “Threat hunting” and searching for threats and mitigate before the bad guy pounce. And we will craft a series of attacks to check Enterprise security level and hunt for threats. An efficient Threat hunting approach towards Network, Web, Cloud, IoT Devices, Command & Control Channel(c2), Web shell, memory, OS, which will help you to gain a new level of knowledge and carry out all tasks with complete hands-on.
RESOURCES:
Cyber Threat Hunting Training: Cyber Threat Hunting A Complete Guide – 2020 Edition By Gerardus Blokdyk/vitalsource.com
Cyber Threat Hunting Training: Cyber Threat Hunting A Complete Guide – 2019 Edition By: Gerardus Blokdyk/vitalsource.com
Cyber Threat Hunting Training: Hunting Cyber Criminals: A Hacker’s Guide to Online Intelligence Gathering Tools and Techniques 1st Edition by Vinny Troia/Amazon.com
Cyber Threat Hunting Training: Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer by Muniz Joseph and Lakhani Aamir/Amazon.com
CUSTOMIZE It:
We can adapt this Cyber Threat Hunting Training (CCTHP) course to your group’s background and work requirements at little to no added cost.
If you are familiar with some aspects of this Cyber Threat Hunting (CCTHP) course, we can omit or shorten their discussion.
We can adjust the emphasis placed on the various topics or build the Cyber Threat Hunting Training (CCTHP) around the mix of technologies of interest to you (including technologies other than those included in this outline).
If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Cyber Threat Hunting Training (CCTHP) course in manner understandable to lay audiences.
Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan
This document provides an overview of threat modeling practices and tools. It begins with an introduction that defines threat modeling and outlines its benefits. It then covers threat modeling basics like principles, approaches and reasons it is avoided. The main threat modeling process is described, including creating diagrams, identifying threats and planning mitigations. Popular threat modeling tools and a demo are discussed. Standard mitigation techniques and a sample threat model appendix are also included.
This document provides a summary of an industrial training lab report on ethical hacking. It discusses key topics including:
- An introduction to ethical hacking terminology, different types of hackers, and the job role of an ethical hacker.
- Information gathering techniques like footprinting and using search engines. It also discusses web server architecture.
- An introduction to web vulnerability assessment and penetration testing (VAPT), the Open Web Application Security Project (OWASP), and SQL injections.
- Other topics covered include bypassing client-side filters, client-side attacks like cross-site scripting, security misconfigurations, and documenting vulnerabilities.
This document discusses application threat modeling (ATM) as a systematic approach to identifying security risks in software applications. It describes how ATM can be used at different stages of the software development lifecycle, from requirements to design to testing. The key steps of ATM include decomposing the application, identifying threats and vulnerabilities, analyzing attack vectors, and determining mitigation strategies. ATM helps prioritize risks and supports decision making around risk acceptance, avoidance, or mitigation.
Digital Certificate Verification using BlockchainIRJET Journal
This document proposes a system for validating digital certificates using blockchain technology. The system would address the problem of fake certificates by storing authentic certificates issued by universities on the blockchain, making them immutable and easily verifiable. Universities would enroll and be able to issue certificates stored as files on IPFS with unique hashes recorded on the blockchain. This would allow employers to quickly and reliably validate certificates. Diagrams show the proposed system architecture, classes, activities, and use cases involved in certificate issuance and validation through the blockchain network.
This document summarizes a research paper on an airport management system using face recognition. It discusses:
1) Developing a face recognition-based attendance tracking system to improve efficiency over previous systems.
2) Creating face databases to train the recognition algorithm to identify passengers during check-in.
3) The system automatically records attendance by identifying faces, displaying passenger IDs and names, and saving records.
Endpoint security is the cybersecurity approach to defending devices like desktops, laptops, and mobile devices from malicious activity. It works by examining files, processes, and system activity for suspicious indicators from a centralized management console. While endpoint security usually refers to an on-premise solution, endpoint protection refers to a cloud-based solution. Endpoint security is important because every remote endpoint can be the entry point for an attack as organizations have increased their use of remote work and BYOD policies. Top endpoint security vendors include ESET, CrowdStrike, Check Point, and Kaspersky, which offer features like endpoint protection, email security, cloud-based control, sandboxing, and security awareness training.
This document is a seminar report submitted by students Krina and Kiran in partial fulfillment of requirements for a Bachelor of Engineering degree. It discusses ethical hacking, including an introduction defining key terms like threats, exploits, vulnerabilities, and targets of evaluation. It describes the job role of an ethical hacker and different types of hackers like white hats, black hats, and grey hats. The report is presented to satisfy degree requirements and obtain certification from their institute and guides.
This PPT help you to present the topic Hacking at collage level and professional level. If you need more please share an email rashed_ec2012@rediffmail.com
A zero day vulnerability is an unknown hole in software that is exploited by hackers before the vendor becomes aware of it. These exploits can go undetected for months, allowing malicious activities like monitoring or theft. There is high demand for zero day exploits due to their ability to go undetected for long periods, with the average exploit remaining undetected for over 300 days. Once a vulnerability is publicly known, patches can be released and it is no longer considered a zero day exploit.
This document describes a file security system that uses encryption to secure files. It discusses the objectives of securing files from unauthorized users and maintaining confidentiality. The system uses encryption and decryption techniques, including symmetric-key and asymmetric-key encryption. It implements these techniques across three modules: input, process, and output. The system encrypts files using the AES encryption algorithm before outputting the encrypted file.
security
,
system
,
introduction
,
threats to computer system
,
computer
,
security
,
types of software
,
system software
,
bios
,
need of an operating system
,
major functions of operating system
,
types of operating system
,
language
,
processor
,
application software
,
thank you
MindMap - Forensics Windows Registry Cheat SheetJuan F. Padilla
This document summarizes information about the Windows Registry including its structure, tools used to access it, locations of hive files, and types of evidence that can be extracted including search history, recent documents, dialog boxes used, commands executed, and software/OS versions. It explains registry hives like HKEY_LOCAL_MACHINE, keys with MRU lists that track recently used items, and how timestamps and MRU lists can help determine the order and time of user activity on a system.
The document discusses updates to the ATT&CK for ICS framework. It summarizes two recent incidents, the Colonial Pipeline ransomware attack and the Oldsmar water treatment plant hack, and highlights techniques used in each. It previews upcoming additions to ATT&CK for ICS in April 2022 and beyond, including new mapped mitigation objects, integration with other frameworks, mapping of ICS attacks to the enterprise ATT&CK, and the addition of detections for techniques. Future plans outlined include revisions to asset definitions based on ICS verticals and a blog series on technique sequences.
Cyber security is important to protect electronic data and online services from criminal or unauthorized use. There are various security problems in the cyber field like cyber attacks, viruses, hackers, malware, and trojan horses. Some major cyber attacks in India include the Cosmos Bank attack, Aadhaar software hack, ATM system hack, and personal data breaches at companies like JustDial. To prevent cyber attacks, organizations should educate employees, keep software updated, perform security testing, and limit employee access to sensitive data. Careers in cyber security include roles like cyber security engineers, penetration testers, and security analysts.
The document summarizes FireEye's cybersecurity products and services. It discusses how the evolving threat landscape is dissolving security perimeters and creating skills shortages. It then outlines FireEye's network security, email security, endpoint security, and Helix security operations platform products. It also describes FireEye's threat intelligence, managed defense services, and Mandiant consulting services for incident response and strategic advisory work.
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...Edureka!
** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training **
This Edureka PPT on "What is Ethical Hacking" (Blog: https://bit.ly/2rmFo9p) will give you an introduction to Ethical Hacking. This is a beginners tutorial covering all the fundamentals of Ethical Hacking. Below are the topics covered in this PPT:
What is Ethical Hacking
Types of Hackers
Types of Hacking
Phases of Ethical Hacking
Reconnaissance
FootPrinting
FingerPrinting
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
The document defines security attacks and threats. It describes different types of attacks like passive attacks, active attacks, insider attacks, phishing attacks, spoofing attacks, hijack attacks, exploit attacks and password attacks. It also discusses two common threats - Cross Site Scripting (XSS) and SQL injection. XSS involves injecting malicious code snippets while SQL injection embeds malicious code in a poorly-designed app passed to the backend database.
Security Information and Event Management (SIEM)k33a
This document provides an overview of security information and event management (SIEM). It defines SIEM as software and services that combine security information management (SIM) and security event management (SEM). The key objectives of SIEM are to identify threats and breaches, collect audit logs for security and compliance, and conduct investigations. SIEM solutions centralize log collection, correlate events in real-time, generate reports, and provide log retention, forensics and compliance reporting capabilities. The document discusses typical SIEM features, architecture, deployment options, and reasons for SIEM implementation failures.
https://www.enoinstitute.com/training-tutorials-courses/cyber-threat-hunting-training-ccthp/ Learn how to find, assess, and remove threats from your organization in our Certified Cyber Threat Hunting Training (CCTHP) designed to prepare you for the Certified Cyber Threat Hunting Professional (CCTHP) exam.
In this Cyber Threat Hunting Training (CCTHP) course, we will deep dive into “Threat hunting” and searching for threats and mitigate before the bad guy pounce. And we will craft a series of attacks to check Enterprise security level and hunt for threats. An efficient Threat hunting approach towards Network, Web, Cloud, IoT Devices, Command & Control Channel(c2), Web shell, memory, OS, which will help you to gain a new level of knowledge and carry out all tasks with complete hands-on.
RESOURCES:
Cyber Threat Hunting Training: Cyber Threat Hunting A Complete Guide – 2020 Edition By Gerardus Blokdyk/vitalsource.com
Cyber Threat Hunting Training: Cyber Threat Hunting A Complete Guide – 2019 Edition By: Gerardus Blokdyk/vitalsource.com
Cyber Threat Hunting Training: Hunting Cyber Criminals: A Hacker’s Guide to Online Intelligence Gathering Tools and Techniques 1st Edition by Vinny Troia/Amazon.com
Cyber Threat Hunting Training: Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer by Muniz Joseph and Lakhani Aamir/Amazon.com
CUSTOMIZE It:
We can adapt this Cyber Threat Hunting Training (CCTHP) course to your group’s background and work requirements at little to no added cost.
If you are familiar with some aspects of this Cyber Threat Hunting (CCTHP) course, we can omit or shorten their discussion.
We can adjust the emphasis placed on the various topics or build the Cyber Threat Hunting Training (CCTHP) around the mix of technologies of interest to you (including technologies other than those included in this outline).
If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Cyber Threat Hunting Training (CCTHP) course in manner understandable to lay audiences.
Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan
This document provides an overview of threat modeling practices and tools. It begins with an introduction that defines threat modeling and outlines its benefits. It then covers threat modeling basics like principles, approaches and reasons it is avoided. The main threat modeling process is described, including creating diagrams, identifying threats and planning mitigations. Popular threat modeling tools and a demo are discussed. Standard mitigation techniques and a sample threat model appendix are also included.
This document provides a summary of an industrial training lab report on ethical hacking. It discusses key topics including:
- An introduction to ethical hacking terminology, different types of hackers, and the job role of an ethical hacker.
- Information gathering techniques like footprinting and using search engines. It also discusses web server architecture.
- An introduction to web vulnerability assessment and penetration testing (VAPT), the Open Web Application Security Project (OWASP), and SQL injections.
- Other topics covered include bypassing client-side filters, client-side attacks like cross-site scripting, security misconfigurations, and documenting vulnerabilities.
This document discusses application threat modeling (ATM) as a systematic approach to identifying security risks in software applications. It describes how ATM can be used at different stages of the software development lifecycle, from requirements to design to testing. The key steps of ATM include decomposing the application, identifying threats and vulnerabilities, analyzing attack vectors, and determining mitigation strategies. ATM helps prioritize risks and supports decision making around risk acceptance, avoidance, or mitigation.
Digital Certificate Verification using BlockchainIRJET Journal
This document proposes a system for validating digital certificates using blockchain technology. The system would address the problem of fake certificates by storing authentic certificates issued by universities on the blockchain, making them immutable and easily verifiable. Universities would enroll and be able to issue certificates stored as files on IPFS with unique hashes recorded on the blockchain. This would allow employers to quickly and reliably validate certificates. Diagrams show the proposed system architecture, classes, activities, and use cases involved in certificate issuance and validation through the blockchain network.
This document summarizes a research paper on an airport management system using face recognition. It discusses:
1) Developing a face recognition-based attendance tracking system to improve efficiency over previous systems.
2) Creating face databases to train the recognition algorithm to identify passengers during check-in.
3) The system automatically records attendance by identifying faces, displaying passenger IDs and names, and saving records.
This document summarizes a research paper on a fingerprint-based voting system. The proposed system uses fingerprint recognition via the SIFT algorithm to authenticate voters on a mobile app. Voters would register by submitting their fingerprint, which would be stored in a database. On voting day, voters can cast their ballot from home by submitting their fingerprint for verification through the app. This avoids public gatherings that could spread disease. The system design involves fingerprint image capture, database storage, verification of stored prints, and electronic ballot casting. Testing showed fingerprint matching rates over 80% using this approach. The system aims to increase accessibility, security and efficiency of voting.
This document discusses cloning an organization to allow testing and manipulation without affecting the original site. It defines cloning as creating an exact copy that can be used for tasks without risk to the original. Types of clones include the frontend design, backend design, and database. Benefits of cloning for software testing are that it is cost-effective, improves security and product quality, and increases customer satisfaction. The document then discusses various software testing types, reverse engineering, and software development life cycles like waterfall, RAD, spiral, V-model, incremental, agile, iterative, big bang and prototype models. The conclusion is that cloning can help test and learn new features without interrupting the original organization's data and business.
This document describes an Android-based smart department system that allows users to control home appliances like lights and fans remotely using a smartphone. The system includes an Android application, an Arduino microcontroller board connected to home devices via relays, and a web server to facilitate communication between the app and microcontroller. The microcontroller acts as the central hub to receive commands from the app over the internet and switch devices on or off accordingly. The proposed system aims to provide a low-cost way to automate home device control and monitoring using a mobile phone.
This document describes a six-week industrial training report submitted by Gaurav Gopal Gupta at the Indian Institute of Science. The report focuses on implementing a system for the real-time graphical representation of data from IoT devices. The data is transmitted wirelessly and stored on a server, where it is processed and used to continuously update line graphs. Users can access a website to monitor their data, compare it to historical records, and better understand the information captured by their devices. The system was created using technologies like XAMPP, MySQL, PHP, FusionCharts, and frameworks like MVC and Bootstrap. Devices like Raspberry Pi and Arduino were also used to capture and transmit sensor data.
IRJET- Biometric Vehicle Starter and SecurityIRJET Journal
This document proposes a biometric vehicle security system using fingerprint recognition to prevent unauthorized access. The system would store fingerprint data during enrollment and only start the vehicle if the detected fingerprint matches the stored data. Additional security features include a keypad for backup access, automatic engine shutdown if idle too long, disconnecting the spark plug for remote locking, and a buzzer alert triggered by ultrasonic height detection. The system aims to provide affordable, user-friendly vehicle protection using fingerprint biometrics which are inexpensive, easy to maintain and difficult to duplicate compared to other biometric methods.
This document is a project report submitted by three students for their Bachelor of Technology degree. It describes a project to develop an RFID and biometrics-based system for secure educational testing. The system will use RFID chips in ID cards and fingerprint biometrics to authenticate student identities during exams. It will have a mobile app interface for invigilators and a web interface for administrators. The goals are to reduce errors, maintain integrity of the testing process, and archive exam data. The system design involves an intermediary server to interface with the institution's system and a mobile client app with sensors for authentication.
Digital Intelligence, a walkway to Chirologyjgd2121
This document is a project report on developing a digital intelligence system to predict palmistry details. It was prepared by four students and guided by Mr. Vishwesh A. Patel of BITS edu Campus. The report includes sections on project management, system analysis, system design, implementation, and testing of the palmistry prediction software. It aims to develop a web-based system that takes an uploaded palm image as input and applies image processing and artificial intelligence techniques to analyze the image and generate an automated palmistry report.
The document discusses Securonix, a cybersecurity company that provides next-generation security analytics solutions. It describes Securonix's mission to help organizations detect and respond to cyber threats through its SNYPR Security Analytics Platform. The platform uses big data technologies like Apache Hadoop and Kafka to collect and analyze billions of security events per day to identify advanced persistent threats, insider threats, and other risks. It also provides log management, security information and event management, and user and entity behavior analytics capabilities on a single platform.
Advance security in cloud computing for military weaponsIRJET Journal
This document proposes a system to securely transmit military weapon launch codes through cloud storage using multiple security techniques. The system uses steganography to hide launch codes in image captchas. Visual cryptography is then used to split the captcha images into shares distributed to authorized users. Each share undergoes image encryption and watermarking before being sent via email. To obtain the launch code, users decrypt their shares, verify the watermarks through de-watermarking, and use visual cryptography to reconstruct the original captcha and extract the hidden launch code text. The proposed multi-layered approach aims to securely transmit sensitive military information through cloud storage.
Semi-Automated Security Testing of Web applicationsRam G Athreya
Market research survey on Internet attacks reports that more than 70% of the attacks are on the application layer. This is because 1. More valuable information (electronic money details) is at the application level and 2. Relatively there are more unaddressed vulnerabilities. Considering the fact that there are still inadequate adoption of security development practices across the numerous application development communities, the security testing of the web applications becomes highly critical and rigorous.
In our project we have created a penetration testing tool (Black Box Testing Tool) that will check for vulnerabilities in a semi – automated fashion on a target web application. We have tested and demonstrated the functionality and effectiveness of our tool by running this tool on 1. On a target vulnerable web application created by us and 2. On live web sites of a customer organization. The results have been revealing and have been documented appropriately in the following report. We have also provided recommendations as part of corrective action against the discovered vulnerabilities and statements of best practices based on ISO27002 and such other organizations as a preventive action in order to avoid recurrence of such vulnerabilities.
IRJET-Analyzing user Behavior using Keystroke DynamicsIRJET Journal
This document discusses using keystroke dynamics to analyze user behavior and provide security. It describes how keystroke dynamics captures detailed timing information about when keys are pressed and released during typing. The document outlines work done in this field, including using typing rhythm and patterns to identify users. It states that insider attacks are difficult to detect since insiders have full system knowledge. The proposed approach uses keystroke dynamics for user profiling and authentication in cloud environments. If abnormal user behavior is detected, the system locks to prevent unauthorized access.
This document discusses a seminar report on using honeypots in network security. It provides background on honeypots, describing them as virtual machines that emulate real systems and services to detect unauthorized access. The goal of the report is to provide an explanation of honeypots and how they can be deployed to enhance security across organizational networks. It allows system administrators to trace back the source of hackers. In the past few years, honeypot technology has rapidly developed with concepts such as honeypot farms, commercial and open source solutions, and documented findings.
- Embedded systems now contain sensitive personal data and perform safety-critical functions in devices like mobile phones, cars, and medical equipment. Unless embedded system security is adequately addressed, it could impede adoption.
- There are many challenges to security in embedded systems and IoT devices, including vulnerabilities in hardware, software, and networks. Effective security requires building security in at all stages of the design process.
- Various attacks like physical intrusion, side channel attacks, software exploits, and denial of service attacks threaten embedded systems. Countering these threats requires mechanisms at different levels including prevention, detection, and recovery techniques applied in hardware, software, and networks.
The document describes a proposed web-based student assessment data processing system using the CodeIgniter framework. The system aims to address issues with the current semi-computerized assessment process at SMK Negeri 1 Pandeglang, including errors during data entry and a time-consuming report generation process. The proposed system was analyzed using SWOT and other methods. It would feature a teacher interface to enter grades and an admin interface to manage data masters. Diagrams including use case, activity, class, and sequence diagrams were created to design the system's functionality and interactions. The system aims to streamline the assessment process and make it more efficient.
BitLocker is drive encryption software included with Windows that encrypts the entire contents of the drive to protect against unauthorized access to data even if the drive is removed from the device. It stores the encryption key in the computer's Trusted Platform Module (TPM) chip or on an external USB drive for added security. BitLocker requires a Trusted Platform Module version 1.2 or higher, or the ability to store the recovery key on an external drive in order to encrypt the system drive.
This document summarizes a project for a Bachelor of Computer Applications degree submitted by Mehul Jain and Hardik Bhandari in 2013-2014. The project is for an Apartment Management system developed under the guidance of Deepti Shrimal at University College of Science. The system was developed using HTML, DHTML, JavaScript, JSP, CSS, MySQL database and Apache Tomcat server. It allows users to manage apartment information and transactions online. The project was tested using white box and black box testing methods to ensure all functions and requirements were met.
Securezy - A Penetration Testing ToolboxIRJET Journal
This document presents a toolbox called Securezy that aims to make penetration testing and ethical hacking more approachable for beginners. It contains three tools integrated into a graphical user interface: a port scanner for reconnaissance, a text encryption/decryption tool, and a password cracker. The tools correspond to different phases of the cyber kill chain model and aim to streamline the workflow for penetration testers by providing commonly used tools in one program. The document discusses the need for tools that lower the barrier of entry for those interested in cybersecurity and the motivation to design Securezy for beginners to more easily learn penetration testing techniques.
Analyzing and implementing of network penetration testingEngr Md Yusuf Miah
The primary objective for a analysis of network penetration test is to identify exploitable vulnerabilities in applications before hackers are able to discover and exploit them. Network penetration testing will reveal real-world opportunities for hackers to be able to compromise applications in such a way that allows for unauthorized access to sensitive data or even take-over systems for malicious/non-business purposes.
Similar to User centric machine learning for cyber security operation center (20)
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024Sinan KOZAK
Sinan from the Delivery Hero mobile infrastructure engineering team shares a deep dive into performance acceleration with Gradle build cache optimizations. Sinan shares their journey into solving complex build-cache problems that affect Gradle builds. By understanding the challenges and solutions found in our journey, we aim to demonstrate the possibilities for faster builds. The case study reveals how overlapping outputs and cache misconfigurations led to significant increases in build times, especially as the project scaled up with numerous modules using Paparazzi tests. The journey from diagnosing to defeating cache issues offers invaluable lessons on maintaining cache integrity without sacrificing functionality.
A SYSTEMATIC RISK ASSESSMENT APPROACH FOR SECURING THE SMART IRRIGATION SYSTEMSIJNSA Journal
The smart irrigation system represents an innovative approach to optimize water usage in agricultural and landscaping practices. The integration of cutting-edge technologies, including sensors, actuators, and data analysis, empowers this system to provide accurate monitoring and control of irrigation processes by leveraging real-time environmental conditions. The main objective of a smart irrigation system is to optimize water efficiency, minimize expenses, and foster the adoption of sustainable water management methods. This paper conducts a systematic risk assessment by exploring the key components/assets and their functionalities in the smart irrigation system. The crucial role of sensors in gathering data on soil moisture, weather patterns, and plant well-being is emphasized in this system. These sensors enable intelligent decision-making in irrigation scheduling and water distribution, leading to enhanced water efficiency and sustainable water management practices. Actuators enable automated control of irrigation devices, ensuring precise and targeted water delivery to plants. Additionally, the paper addresses the potential threat and vulnerabilities associated with smart irrigation systems. It discusses limitations of the system, such as power constraints and computational capabilities, and calculates the potential security risks. The paper suggests possible risk treatment methods for effective secure system operation. In conclusion, the paper emphasizes the significant benefits of implementing smart irrigation systems, including improved water conservation, increased crop yield, and reduced environmental impact. Additionally, based on the security analysis conducted, the paper recommends the implementation of countermeasures and security approaches to address vulnerabilities and ensure the integrity and reliability of the system. By incorporating these measures, smart irrigation technology can revolutionize water management practices in agriculture, promoting sustainability, resource efficiency, and safeguarding against potential security threats.
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsVictor Morales
K8sGPT is a tool that analyzes and diagnoses Kubernetes clusters. This presentation was used to share the requirements and dependencies to deploy K8sGPT in a local environment.
Literature Review Basics and Understanding Reference Management.pptxDr Ramhari Poudyal
Three-day training on academic research focuses on analytical tools at United Technical College, supported by the University Grant Commission, Nepal. 24-26 May 2024
Using recycled concrete aggregates (RCA) for pavements is crucial to achieving sustainability. Implementing RCA for new pavement can minimize carbon footprint, conserve natural resources, reduce harmful emissions, and lower life cycle costs. Compared to natural aggregate (NA), RCA pavement has fewer comprehensive studies and sustainability assessments.
Introduction- e - waste – definition - sources of e-waste– hazardous substances in e-waste - effects of e-waste on environment and human health- need for e-waste management– e-waste handling rules - waste minimization techniques for managing e-waste – recycling of e-waste - disposal treatment methods of e- waste – mechanism of extraction of precious metal from leaching solution-global Scenario of E-waste – E-waste in India- case studies.
Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...University of Maribor
Slides from talk presenting:
Aleš Zamuda: Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapter and Networking.
Presentation at IcETRAN 2024 session:
"Inter-Society Networking Panel GRSS/MTT-S/CIS
Panel Session: Promoting Connection and Cooperation"
IEEE Slovenia GRSS
IEEE Serbia and Montenegro MTT-S
IEEE Slovenia CIS
11TH INTERNATIONAL CONFERENCE ON ELECTRICAL, ELECTRONIC AND COMPUTING ENGINEERING
3-6 June 2024, Niš, Serbia
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELgerogepatton
As digital technology becomes more deeply embedded in power systems, protecting the communication
networks of Smart Grids (SG) has emerged as a critical concern. Distributed Network Protocol 3 (DNP3)
represents a multi-tiered application layer protocol extensively utilized in Supervisory Control and Data
Acquisition (SCADA)-based smart grids to facilitate real-time data gathering and control functionalities.
Robust Intrusion Detection Systems (IDS) are necessary for early threat detection and mitigation because
of the interconnection of these networks, which makes them vulnerable to a variety of cyberattacks. To
solve this issue, this paper develops a hybrid Deep Learning (DL) model specifically designed for intrusion
detection in smart grids. The proposed approach is a combination of the Convolutional Neural Network
(CNN) and the Long-Short-Term Memory algorithms (LSTM). We employed a recent intrusion detection
dataset (DNP3), which focuses on unauthorized commands and Denial of Service (DoS) cyberattacks, to
train and test our model. The results of our experiments show that our CNN-LSTM method is much better
at finding smart grid intrusions than other deep learning algorithms used for classification. In addition,
our proposed approach improves accuracy, precision, recall, and F1 score, achieving a high detection
accuracy rate of 99.50%.
Batteries -Introduction – Types of Batteries – discharging and charging of battery - characteristics of battery –battery rating- various tests on battery- – Primary battery: silver button cell- Secondary battery :Ni-Cd battery-modern battery: lithium ion battery-maintenance of batteries-choices of batteries for electric vehicle applications.
Fuel Cells: Introduction- importance and classification of fuel cells - description, principle, components, applications of fuel cells: H2-O2 fuel cell, alkaline fuel cell, molten carbonate fuel cell and direct methanol fuel cells.
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...IJECEIAES
Climate change's impact on the planet forced the United Nations and governments to promote green energies and electric transportation. The deployments of photovoltaic (PV) and electric vehicle (EV) systems gained stronger momentum due to their numerous advantages over fossil fuel types. The advantages go beyond sustainability to reach financial support and stability. The work in this paper introduces the hybrid system between PV and EV to support industrial and commercial plants. This paper covers the theoretical framework of the proposed hybrid system including the required equation to complete the cost analysis when PV and EV are present. In addition, the proposed design diagram which sets the priorities and requirements of the system is presented. The proposed approach allows setup to advance their power stability, especially during power outages. The presented information supports researchers and plant owners to complete the necessary analysis while promoting the deployment of clean energy. The result of a case study that represents a dairy milk farmer supports the theoretical works and highlights its advanced benefits to existing plants. The short return on investment of the proposed approach supports the paper's novelty approach for the sustainable electrical system. In addition, the proposed system allows for an isolated power setup without the need for a transmission line which enhances the safety of the electrical network
Manufacturing Process of molasses based distillery ppt.pptx
User centric machine learning for cyber security operation center
1. USER CENTRIC MACHINE LEARNING FRAMEWORK FOR
CYBER SECURITY OPERATION CENTER
Major Project Report submitted to
Jawaharlal Nehru Technological University Hyderabad
in partial fulfillment for the award of degree of
Bachelor of Technology
in
Computer Science & Engineering
by
CHITTULURI SAI CHANDRA
Roll No: 16X31A0531
Under the Guidance of
Mr. VEERA KISHORE KADAM
ASSOCIATE PROFESSOR
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING
SRI INDU INSTITUTE OF ENGINEERING &TECHNOLOGY
(Affiliated to JNTUH, Hyderabad, Approved by AICTE, New Delhi)
Sheriguda (V), Ibrahimpatnam (M), R.R.Dist., Telangana- 501510.
2019-2020
2. SRI INDU INSTITUTE OF ENGINEERING AND TECHNOLOGY
(Affiliated to JNTUH, Kukatpally, Hyderabad)
Sheriguda (V), Ibrahimpatnam (M), R.R.Dist. 501510.
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING
This is to certify that the report entitled “USER CENTRIC MACHINE
LEARNING FRAMEWORK FOR CYBER SECURITY OPERATION
CENTER”, being submitted by CHITTULURI SAI CHANDRA, bearing Roll No:
16X31A0531, to Jawaharlal Nehru Technological University Hyderabad in partial
fulfillment of the requirements for the award of the degree of Bachelor of Technology
in Computer Science & Engineering, is a record of bonafide work carried out by
him. The results of investigations enclosed in this report have been verified and found
satisfactory. The results embodied in this report have not been submitted to any other
University or Institute for the award of any other degree.
INTERNAL GUIDE HEAD OF THE DEPARTMENT
PRINCIPAL EXTERNAL EXAMINER
3. SRI INDU INSTITUTE OF ENGINEERING &TECHNOLOGY
(Affiliated to JNTUH, Hyderabad, Approved by AICTE, New Delhi)
Sheriguda (V), Ibrahimpatnam (M), R.R.Dist., Telangana- 501510.
DECLARATION
I, CHITTULURI SAI CHANDRA, bearing Roll No 16X31A0531, hereby
certify that the dissertation entitled “USER CENTRIC MACHINE LEARNING
FRAMEWORK FOR CYBER SECURITY OPERATION CENTER”, carried out
under the guidance of Mr. VEERA KISHORE KADAM, ASSOCIATE
PROFESSOR is submitted to Jawaharlal Nehru Technological University
Hyderabad in partial fulfillment of the requirements for the award of the degree of
Bachelor of Technology in Computer Science & Engineering. This is a record of
bonafide work carried out by me and the results embodied in this dissertation have not
been reproduced or copied from any source. The results embodied in this dissertation
have not been submitted to any other University or Institute for the award of any other
degree.
Date:
CHITTULURI SAI CHANDRA
Roll No: 16X31A0531
Department of CSE, SIIET
4. CERTIFICATE
This is to certify that Mr. CHITTULURI SAI CHANDRA,
student of “SRI INDU INSTITUTE OF ENGINEERING &
TECHNOLOGY” with H.T.NO: 16X31A0531 had successfully
completed major project entitled “USER CENTRIC MACHINE
LEARNING FRAMEWORK FOR CYBER SECURITY
OPERATION CENTER” as part of his academic project.
He has completed the assigned project well within time frame. He
is sincere, hardworking and his conduct during project is commendable.
We wish him all the best in future endeavors.
Conscience Technologies
Project Manager
5. i
ACKNOWLEDGEMENT
With great pleasure I take this opportunity to express my heartfelt gratitude to
all the persons who helped me in making this project work a success.
First of all I am highly indebted to Principal, Dr. I. SATYANARAYANA for
giving me the permission to carry out this project.
I would like to thank Dr. C. THIRUMALAI SELVAN Professor & Head of
the Department (CSE), for giving support throughout the period of my study in SIIET.
I am grateful for his valuable suggestions and guidance during the execution of this
project work.
My sincere thanks to project guide Mr. VEERA KISHORE KADAM for
potentially explaining the entire system and clarifying the queries at every stage of the
project.
My whole hearted thanks to the staff of SIIET who co-operated us for the
completion of the project in time.
Last but not the least, I express my sincere thanks to Mr. R. VENKAT RAO,
Chairman, Sri Indu Group of Institutions, for his continuous encouragement.
I also thank my parents and friends who aided me in completion of the project.
CHITTULURI SAI CHANDRA
16X31A0531
6. ii
ABSTRACT
In order to ensure a company's Internet security, SIEM (Security Information
and Event Management) system is in place to simplify the various preventive
technologies and flag alerts for security events. Inspectors (SOC) investigate warnings
to determine if this is true or not. However, the number of warnings in general is
wrong with the majority and is more than the ability of SCO to handle all awareness.
Because of this, malicious possibility, Attacks and compromised hosts may be wrong.
Machine learning is a possible approach to improving the wrong positive rate and
improving the productivity of SOC analysts. In this article, we create a user-centric
engineer learning framework for the Internet Safety Functional Center in the real
organizational context. We discuss regular data sources in SOC, their work flow, and
how to process this data and create an effective machine learning system. This article
is aimed at two groups of readers. The first group is intelligent researchers who have
no knowledge of data scientists or computer safety fields but who engineer should
develop machine learning systems for machine safety. The second groups of visitors
are Internet security practitioners that have deep knowledge and expertise in Cyber
Security, but do Machine learning experiences do not exist and I'd like to create one
by them. At the end of the paper, we use the account as an example to demonstrate
full steps from data collection, label creation, feature engineering, machine learning
algorithm and sample performance evaluations using the computer built in the SOC
production of Seyondike.
7. iii
CONTENTS
Page No
Acknowledgement i
Abstract ii
Contents iii
List of Figures v
List of Screens vi
1. INTRODUCTION 1
1.1 Motivation 2
1.2 Objective 3
1.3 Limitations 3
1.4 Problem Definition 3
2. LITERATURE SURVEY 4
2.1 Introduction 4
2.2 Existing System 4
2.2.1 Drawbacks in Existing System 5
2.3 Proposed System 5
2.3.1 Advantages of Proposed System 6
2.4 Feasibility Study 6
2.4.1 Technical Feasibility 6
2.4.2 Operational Feasibility 7
2.4.3 Economic Feasibility 7
3. ANALYSIS 8
3.1 Introduction 8
3.2 User Requirements 8
3.2.1 Study of the System 8
3.2.2 Input & Output Representation 9
3.2.3 Process Model Used With Justification 11
3.2.4 System Requirement Specification 18
3.3 Functional Requirements 19
3.3.1 Software Requirements 19
3.3.2 Hardware Requirements 19
9. v
LIST OF FIGURES
Following are the list of figures used in this project documentation at various
locations.
Diagrams Page No
Fig: 1.1 SIEM Architecture 02
Fig: 1.2 Security Event View 03
Fig: 3.1 SDLC 11
Fig: 3.2 Requirement Gathering Stage 12
Fig: 3.3 Analysis Stage 13
Fig: 3.4 Designing Stage 14
Fig: 3.5 Development Stage 15
Fig: 3.6 Integration & Testing Stage 16
Fig: 3.7 Installation & Acceptance 17
Fig: 4.1 System Architecture 22
Fig: 4.2 ER Diagram of User 23
Fig: 4.3 ER Diagram of Admin 23
Fig: 4.4 Class Diagram 26
Fig: 4.5 User Usecase Diagram 27
Fig: 4.6 Admin Usecase Diagram 27
Fig: 4.7 Sequence Diagram 28
Fig: 4.8 Collaboration Diagram 29
Fig: 4.9 User Activity Diagram 30
Fig: 4.10 Admin Activity Diagram 30
Fig: 4.11 Deployment Diagram 31
Fig: 5.1 Internal working of Python 33
Fig: 5.2 Django Architecture 34
Fig: 5.3 Basic Architecture View 35
Fig: 5.4 SVM Algorithm Block Diagram 36
10. vi
LIST OF SCREENS
Following are the list of Screens developed in this project at various stages.
Screens Page No
Screen: 5.5.1 User Login Page 50
Screen: 5.5.2 User Transaction Page 50
Screen: 5.5.3 User Analyze Page 51
Screen: 5.5.4 User Receive Alerts Page 51
Screen: 5.5.5 Admin Analyze Page 52
Screen: 5.5.6 Admin Risk User Page 52
Screen: 5.5.7 Admin Send Query Page 53
Screen: 5.5.8 Admin Charts Page 53
11. 1
1. INTRODUCTION
Cyber security incidents will cause significant financial and reputation impacts
on enterprise. In order to detect malicious activities, the SIEM (Security Information
and Event Management) system is built in companies or government. The system
correlates event logs from endpoint, firewalls, IDS/IPS (Intrusion
Detection/Prevention System), DLP (Data Loss Protection), DNS (Domain Name
System), DHCP (Dynamic Host Configuration Protocol), Windows/Unix security
events, VPN logs etc. The security events can be grouped into different categories.
The logs have terabytes of data each day.
If any pre-defined use case is triggered, SIEM system will generate an alert in
real time. SOC analysts will then investigate the alerts to decide whether the user
related to the alert is risky (a true positive) or not (false positive). If they find the
alerts to be suspicious from the analysis, SOC analysts will create OTRS (Open Source
Ticket Request System) tickets. After initial investigation, certain OTRS tickets will
be escalated to tier 2 investigation system (e.g., Co3 System) as severe security
incidents for further investigation and remediation by Incident Response Team.
However, SIEM typically generates a lot of the alerts, but with a very high false
positive rate. The machine learning system sits in the middle of SOC work flow,
incorporates different event logs, SIEM alerts and SOC analysis results and generates
comprehensive user risk score for security operation center. Instead of directly digging
into large amount of SIEM alerts and trying to find needle in a haystack, SOC analysts
can use the risk scores from machine learning system to prioritize their investigations,
starting from the users with highest risks. This will greatly improve their efficiency
optimize their job queue management, and ultimately enhance the enterprise’s
security. Specifically, our approach constructs a framework of user- centric machine
learning system to evaluate user risk based on alert information.
To the best of our knowledge, there is no previous research on building a
complete systematic solution for this application. The main contribution of this paper
is as follows:
An advanced user-centric machine learning system is proposed and evaluated
by real industry data to evaluate user risks. The system can effectively reduce the
12. 2
resources to analyze alerts manually while at the same time enhance enterprise
security.
A novel data engineering process is offered which integrates alert
information, security logs, and SOC analysts’ investigation notes to generate features
and propagate labels for machine learning models.
Fig: 1.1SIEM Architecture
1.1 MOTIVATION
Cyber security is the set of technologies and processes designed to protect
computers, networks, programs, and data from attack, unauthorized access, change, or
destruction. Cyber security systems are composed of network security systems and
computer (host) security systems. Each of these has, at a minimum, a firewall,
antivirus software, and an intrusion detection system (IDS). IDSs help discover,
determine, and identify unauthorized use, duplication, alteration, and destruction of
information systems. The security breaches include external intrusions (attacks from
outside the organization) and internal intrusions (attacks from within the organization).
Misuse-based techniques are designed to detect known attacks by using
signatures of those attacks. They are effective for detecting known type of attacks
without generating an overwhelming number of false alarms. They require frequent
manual updates of the database with rules and signatures.
13. 3
Fig: 1.2 Security Event View
1.2 OBJECTIVE
An advanced user-centric machine learning system is proposed and evaluated
by real industry data to evaluate user risks. The system can effectively reduce the
resources to analyze alerts manually while at the same time enhance enterprise
security.
This framework gives users an effortlessly explore through the application for
more data in a most secure way. This framework gives simple access. The users can
do transaction safe & secure manner. And to get complete information about the risk
of particular transactions respectively.
1.3 LIMITATIONS
1. Majority of the users without annotations are left out of model, but they may
have valuable information.
2. Many machine learning models do not work well for highly unbalanced
classification problem.
1.4 PROBLEM DEFINITION
Our approach constructs a framework of user centric machine learning system
to evaluate user risk based on alert information. This approach can provide security
analyst a comprehensive risk score of a user and security analyst can focus on those
users with high risk scores.
14. 4
2. LITERATURE SURVEY
2.1 INTRODUCTION
Literature survey is the most important step in software development process.
Before developing the tool it is necessary to determine the time factor, economy and
company strength. Once these things are satisfied, ten next steps are to determine
which operating system and language can be used for developing the tool. Once the
programmers start building the tool the programmers need lot of external support. This
support can be obtained from senior programmers, from book or from websites.
Before building the system the above consideration are taken into account for
developing the proposed system.
2.2 EXISTING SYSTEM
Most approaches to security in the enterprise have focused on protecting the
network infrastructure with no or little attention to end users. As a result, traditional
security functions and associated devices, such as firewalls and intrusion detection
and prevention devices, deal mainly with network level protection. Although still part
of the overall security story, such an approach has limitations in light of the new
security challenges described in the previous section.
Data Analysis for Network Cyber-Security focuses on monitoring and
analyzing network traffic data, with the intention of preventing, or quickly
identifying, malicious activity. Risk values were introduced in an Information
Security Management System (ISMS) and quantitative evaluation was conducted for
detailed risk assessment. The quantitative evaluation showed that the proposed
countermeasures could reduce risk to some extent. Investigation into the cost-
effectiveness of the proposed countermeasures is an important future work. It
provides users with attack information such as the type of attack, frequency, and
target host ID and source host ID. Ten et al. proposed a cyber-security framework of
the SCADA system as a critical infrastructure using real-time monitoring, anomaly
detection, and impact analysis with an attack tree-based methodology, and mitigation
strategies.
15. 5
2.2.1 Drawbacks of Existing system:
1. Firewalls can be difficult to configure correctly.
2. Incorrectly configured firewalls may block users from performing
actions on the Internet, until the firewall configured correctly.
3. Makes the system slower than before.
4. Need to keep updating the new software in order to keep security up to
date.
5. Could be costly for average user.
6. The user is only the constant.
2.3 PROPOSED SYSTEM
User-centric cyber security helps enterprises reduce the risk associated with
fast-evolving end-user realities by reinforcing security closer to end users. User-
centric cyber security is not the same as user security. User-centric cyber security is
about answering peoples’ needs in ways that preserve the integrity of the enterprise
network and its assets. User security can almost seem like a matter of protecting the
network from the user — securing it against vulnerabilities that user needs introduce.
User-centric security has the greater value for enterprises.
Cyber-security systems are real-time and robust independent systems with high
performances requirements. They are used in many application domains, including
critical infrastructures, such as the national power grid, transportation, medical, and
defense. These applications require the attainment of stability, performance, reliability,
efficiency, and robustness, which require tight integration of computing,
communication, and control technological systems. Critical infrastructures have
always been the target of criminals and are affected by security threats because of their
complexity and cyber-security connectivity. These CPSs face security breaches when
people, processes, technology, or other components are being attacked or risk
management systems are missing, inadequate, or fail in any way. The attackers target
confidential data. Main scope of this project in reduce the unwanted data for the
dataset.
16. 6
2.3.1 Advantages of Proposed System
1. Gives privacy to users.
2. Managing user-centric security.
3. Protection against data from theft.
4. Securing the user-aware network edge.
5. Securing mobile users’ communications.
6. Minimizes computer freezing and crashes.
7. Protects the computer from being hacked.
8. Protects system against viruses, worms, spyware.
2.4 FEASIBILITY STUDY
Preliminary investigation examines project feasibility, the likelihood the
system will be useful to the organization. The main objective of the feasibility study is
to test the Technical, Operational and Economical feasibility for adding new modules
and debugging old running system. All systems are feasible if they are given
unlimited resources and infinite time. There are aspects in the feasibility study portion
of the preliminary investigation:
1. Technical Feasibility
2. Operation Feasibility
3. Economical Feasibility
2.4.1 Technical Feasibility
The technical issue usually raised during the feasibility stage of the
investigation includes the following:
1. Does the necessary technology exist to do what is suggested.
2. Do the proposed equipments have the technical capacity to hold the
data required to use the new system.
3. Will the proposed system provides adequate response to inquiries,
regardless of the nu mber or the location of the user.
4. Can the system be upgraded if developed.
5. Are the technical guarantees of accuracy, reliability, ease of access of
data security.
17. 7
2.4.2 Operational Feasibility
To determine the operational feasibility of the system we should take
into consideration the awareness level of the users. This system is operational
feasible since the user are familiar with the technologies and hence there is no
need of gear up the personal to use system. Also the system is very friendly
and to use.
2.4.3 Economic Feasibility
To describe whether a project is economically feasible, we have to
consider various factors like
1. Cost benefit analysis.
2. Long-term returns.
3. Maintenance cost.
2.5 FEATURES OF PROJECT
We use “Support Vector Machine” (SVM) algorithm, it was supervised machine
learning algorithm which can be used for both classification and regression
challenges.
Cyber threat analysis in which the knowledge of internal and external
information vulnerabilities pertinent to a particular organization is matched
against real-world cyber-attacks.
Improve storage efficiency through data reduction techniques and capacity
optimization using data reduplication, compression.
User can analyze the security for their cyber transactions.
System Operation Center (SOC) will calculate the risk in the users transactions
that can help in reducing risk in cyber attacks.
18. 8
3. ANALYSIS
3.1 INTRODUCTION
In this chapter we discuss about the requirement needed in building up the
system. First we analyze the requirements needed for the system. The user
requirements are the most important aspect in analyzing the requirements.
These are the following requirements in the system:
User requirements
Functional requirements
Non-functional Requirements
3.2 USER REQUIREMENTS
Depending on the user requirements the system is designed according to it. If
it is out of the box then the client will not satisfy with the product.
3.2.1 Study of the System
To provide flexibility to the users, the interfaces have been developed that
are accessible through a browser. The GUI’S at the top level have been
categorized as
1.Administrative user interface
2.The operational or generic user interface
The ‘administrative user interface’ concentrates on the consistent
information that is practically, part of the organizational activities and which
needs proper authentication for the data collection. These interfaces help the
administrators with all the transactional states like Data insertion, Data deletion
and Date updation along with the extensive data search capabilities.
The ‘operational or generic user interface’ helps the end users of the
system in transactions through the existing data and required services. The
operational user interface also helps the ordinary users in managing their own
information in a customized manner as per the included flexibilities.
19. 9
3.2.2 Input & Output Representation
INPUT DESIGN
The input design is the link between the information system and the user. It
comprises the developing specification and procedures for data preparation and those
steps are necessary to put transaction data in to a usable form for processing can be
achieved by inspecting the computer to read data from a written or printed document
or it can occur by having people keying the data directly into the system. The design
of input focuses on controlling the amount of input required, controlling the errors,
avoiding delay, avoiding extra steps and keeping the process simple. The input is
designed in such a way so that it provides security and ease of use with retaining the
privacy. Input Design considered the following things:
What data should be given as input?
How the data should be arranged or coded?
The dialog to guide the operating personnel in providing input.
Methods for preparing input validations and steps to follow when error
occur.
OBJECTIVES
1. Input Design is the process of converting a user-oriented description of the
input into a computer-based system. This design is important to avoid errors in
the data input process and show the correct direction to the management for
getting correct information from the computerized system.
2. It is achieved by creating user-friendly screens for the data entry to handle
large volume of data. The goal of designing input is to make data entry easier
and to be free from errors. The data entry screen is designed in such a way that
all the data manipulates can be performed. It also provides record viewing
facilities.
3. When the data is entered it will check for its validity. Data can be entered with
the help of screens. Appropriate messages are provided as when needed so that
the user will not be in maize of instant. Thus the objective of input design is to
create an input layout that is easy to follow
20. 10
OUTPUT DESIGN
A quality output is one, which meets the requirements of the end user and
presents the information clearly. In any system results of processing are
communicated to the users and to other system through outputs. In output design it is
determined how the information is to be displaced for immediate need and also the
hard copy output. It is the most important and direct source information to the user.
Efficient and intelligent output design improves the system’s relationship to help user
decision-making.
1. Designing computer output should proceed in an organized, well thought out
manner; the right output must be developed while ensuring that each output
element is designed so that people will find the system can use easily and
effectively. When analysis design computer output, they should Identify the
specific output that is needed to meet the requirements.
2. Select methods for presenting information.
3. Create document, report, or other formats that contain information produced
by the system.
The output form of an information system should accomplish one or more of the
following objectives.
1. Convey information about past activities, current status or projections of the
2. Future.
3. Signal important events, opportunities, problems, or warnings.
4. Trigger an action.
5. Confirm an action.
21. 11
3.2.3 Process Model Used With Justification
SDLC (Umbrella Model)
SDLC is nothing but Software Development Life Cycle. It is a standard which is used
by the software industry to develop good software.
Fig: 3.1 SDLC
Stages of SDLC:
Requirement Gathering
Analysis
Designing
Coding
Testing
Maintenance
Requirements Gathering stage:
The requirements gathering process takes as its input the goals identified in the
high-level requirements section of the project plan. Each goal will be refined into a set
of one or more requirements. These requirements define the major functions of the
intended application, define operational data areas and reference data areas, and
define the initial data entities. Major functions include critical processes to be
22. 12
managed, as well as mission critical inputs, outputs and reports. A user class hierarchy
is developed and associated with these major functions, data areas, and data entities.
Each of these definitions is termed a Requirement. Requirements are identified by
unique requirement identifiers and, at minimum, contain a requirement title and
textual description.
Fig: 3.2 Requirement Gathering Stage
These requirements are fully described in the primary deliverables for this
stage: the Requirements Document and the Requirements Traceability Matrix (RTM).
The requirements document contains complete descriptions of each requirement,
including diagrams and references to external documents as necessary. Note that
detailed listings of database tables and fields are not included in the requirements
document.
The title of each requirement is also placed into the first version of the RTM,
along with the title of each goal from the project plan. The purpose of the RTM is to
show that the product components developed during each stage of the software
development lifecycle are formally connected to the components developed in prior
stages. In the requirements stage, the RTM consists of a list of high-level
requirements, or goals, by title, with a listing of associated requirements for each goal,
listed by requirement title. In this hierarchical listing, the RTM shows that each
23. 13
requirement developed during this stage is formally linked to a specific product goal.
In this format, each requirement can be traced to a specific product goal, hence the
term requirements traceability.
Analysis Stage:
The planning stage establishes a bird's eye view of the intended software
product, and uses this to establish the basic project structure, evaluate feasibility and
risks associated with the project, and describe appropriate management and technical
approaches. The most critical section of the project plan is a listing of high-level
product requirements, also referred to as goals. All of the software product
requirements to be developed during the requirements definition stage flow from one
or more of these goals.
The minimum information for each goal consists of a title and textual
description, although additional information and references to external documents
may be included. The outputs of the project planning stage are the configuration
management plan, the quality assurance plan, and the project plan and schedule, with
a detailed listing of scheduled activities for the upcoming Requirements stage, and
high level estimates of effort for the out stages.
Fig: 3.3 Analysis Stage
24. 14
Designing Stage:
The design stage takes as its initial input the requirements identified in the
approved requirements document. For each requirement, a set of one or more design
elements will be produced as a result of interviews, workshops, and/or prototype
efforts. Design elements describe the desired software features in detail, and generally
include functional hierarchy diagrams, screen layout diagrams, tables of business
rules, business process diagrams, pseudo code, and a complete entity-relationship
diagram with a full data dictionary. These design elements are intended to describe
the software in sufficient detail that skilled programmers may develop the software
with minimal additional input.
Fig: 3.4 Designing Stage
When the design document is finalized and accepted, the RTM is updated to show
that each design element is formally associated with a specific requirement. The
outputs of the design stage are the design document, an updated RTM, and an updated
project plan.
Development (Coding) Stage:
The development stage takes as its primary input the design elements
described in the approved design document. For each design element, a set of one or
more software artifacts will be produced. Software artifacts include but are not limited
25. 15
to menus, dialogs, data management forms, data reporting formats, and specialized
procedures and functions. Appropriate test cases will be developed for each set of
functionally related software artifacts, and an online help system will be developed to
guide users in their interactions with the software.
The RTM will be updated to show that each developed artifact is linked to a
specific design element, and that each developed artifact has one or more
corresponding test case items. At this point, the RTM is in its final configuration.
Fig: 3.5 Development Stage
The outputs of the development stage include a fully functional set of software that
satisfies the requirements and design elements previously documented, an online help
system that describes the operation of the software, an implementation map that
identifies the primary code entry points for all major system functions, a test plan that
describes the test cases to be used to validate the correctness and completeness of the
software, an updated RTM, and an updated project plan.
Integration & Test Stage:
During the integration and test stage, the software artifacts, online help, and
test data are migrated from the development environment to a separate test
environment. At this point, all test cases are run to verify the correctness and
completeness of the software. Successful execution of the test suite confirms a robust
26. 16
and complete migration capability. During this stage, reference data is finalized for
production use and production users are identified and linked to their appropriate
roles. The final reference data (or links to reference data source files) and production
user list are compiled into the Production Initiation Plan.
Fig:3.6 Integration & Testing Stage
The outputs of the integration and test stage include an integrated set of software, an
online help system, an implementation map, a production initiation plan that describes
reference data and production users, an acceptance plan which contains the final suite
of test cases, and an updated project plan.
Installation & Acceptance Test:
During the installation and acceptance stage, the software artifacts, online
help, and initial production data are loaded onto the production server. At this point,
all test cases are run to verify the correctness and completeness of the software.
Successful execution of the test suite is a prerequisite to acceptance of the software by
the customer.
27. 17
After customer personnel have verified that the initial production data load is
correct and the test suite has been executed with satisfactory results, the customer
formally accepts the delivery of the software.
Fig:3.7 Installation & Acceptance
The primary outputs of the installation and acceptance stage include a production
application, a completed acceptance test suite, and a memorandum of customer
acceptance of the software. Finally, the PDR enters the last of the actual labor data
into the project schedule and locks the project as a permanent project record. At this
point the PDR "locks" the project by archiving all software items, the implementation
map, the source code, and the documentation for future reference.
Maintenance:
Outer rectangle represents maintenance of a project, Maintenance team will
start with requirement study, understanding of documentation later employees will be
assigned work and they will under go training on that particular assigned category.For
this life cycle there is no end, it will be continued so on like an umbrella (no ending
point to umbrella sticks).
28. 18
3.2.4 System Requirements Specification
A Software Requirements Specification (SRS) – a requirements specification for a
software system is a complete description of the behaviour of a system to be
developed. It includes a set of use cases that describe all the interactions the users will
have with the software. In addition to use cases, the SRS also contains non-functional
requirements. Non functional requirements are requirements which impose constraints
on the design or implementation (such as performance engineering requirements,
quality standards, or design constraints).
System requirements specification: A structured collection of information that
embodies the requirements of a system. A business analyst, sometimes titled system
analyst, is responsible for analyzing the business needs of their clients and
stakeholders to help identify business problems and propose solutions. Within the
systems development life cycle domain, typically performs a liaison function between
the business side of an enterprise and the information technology department or
external service providers. Projects are subject to three sorts of requirements:
Business requirements describe in business terms what must be delivered or
accomplished to provide value.
Product requirements describe properties of a system or product (which could
be one of several ways to accomplish a set of business requirements.)
Process requirements describe activities performed by the developing
organization. For instance, process requirements could specify specific
methodologies that must be followed, and constraints that the organization must
obey.
Product and process requirements are closely linked. Process requirements often
specify the activities that will be performed to satisfy a product requirement. For
example, a maximum development cost requirement (a process requirement) may be
imposed to help achieve a maximum sales price requirement (a product requirement);
a requirement that the product be maintainable (a Product requirement) often is
addressed by imposing requirements to follow particular development styles.
29. 19
Role of SRS:
The purpose of the Software Requirement Specification is to reduce the
communication gap between the client and the developers. Software Requirement
Specification is the medium through which the client and the user needs are
accurately specified. It forms the basic of the software development. A good SRS
should satisfy all the parties involved in the system.
Scope:
This document is the only one that describes the requirements of the system. It
is meant for the user by the developers, and also be the basic for validating the final
delivery system. Any changes made to the requirements in the future will have to go
through a formula change approval process. The developer is responsible for asking
for clarification, where necessary, and will not make any alterations without the
permission of the client.
3.3 FUNCTIONAL REQUIREMENTS
3.3.1 Software Requirements:
Operating System : Windows XP/7/8/10
User Interface : HTML/CSS
Programming Language : Python
Web Framework : Django
Database : MYSQL
3.3.2 Hardware Requirements:
System : Pentium IV 2.4 GHz
Hard Disk : 40 Gb
Monitor : 14’ Colour Monitor
Ram : 512Mb
30. 20
3.4 NON FUNCTIONAL REQUIREMENTS:
Performance:
The performance of the developed applications can be calculated by using following
methods:
Measuring enables you to identify how the performance of your application
stands in relation to your defined performance goals and helps you to identity the
bottlenecks that affect your application performance. It helps you identify whether
your application is moving toward or away from your performance goals. Defining
what you will measure, that is, your metrics, and defining the objectives for each
metric is a critical part of your testing plan.
Performance objectives include the following:
Response time or latency
Throughput
Resource utilization
Safety & Security:
The security design process is cyclical. The security of an application depends
upon the vigilance of the developers and administrators not just during the design
phase but also for the life of the application. Since new threats arise almost daily, an
application must be scrutinized constantly for potential security flaws. However, the
initial design of the application determines how often those flaws are likely to occur.
Security threats are any potential occurrence, malicious or otherwise, that can
have an undesirable effect of application. Vulnerabilities in the application or
operating system make a threat possible. The risk involved in the potential damage
that attack can inflict on the application or even the business.
Maintainability:
The increased complexity of modern software applications also increases the
difficulty of making the code reliable and maintainable. In recent years , many
software measures, known as code metrics, have been developed that can help the
developers understands where the code needs rework or increased testing.
31. 21
Developer can use Visual Studio Application Lifecycle Management to
generate code metrics data that measures the complexity and maintainability of their
managed code. Code metrics data can be generated from entire solution or a single
project.
Scalability:
The algorithm used in this project serves the purpose of analysing the
sentiments of large data sets and new data sets until the words in the datasets
constitute of the standard dictionary terms.
Availability:
All the resources which were used in the development of the application are
mostly open-source and widely available. Anyone with basic internet connectivity
canaccess these resources.
Reliability:
Though it falls short before the accuracy of analyzing sentiments when
compared to human beings. This algorithm makes sure that most of the
unambiguous sentences are analyzed very accurately.
Data integrity:
The reviews and the sentiments are stored in a CSV file such that each and
every entry has a unique field which henceforth is securely encapsulated and sent
after analysis.
32. 22
4. DESIGN
4.1 INTRODUCTION
Software design is the process by which an agent creates a specification of a
software artifact, intended to accomplish goals, using a set of primitive components
and subject to constraints. Software design may refer to either "all the activity
involved in conceptualizing, framing, implementing, commissioning, and ultimately
modifying complex systems" or "the activity following requirements specification
and before programming, as in a stylized software engineering process." Software
design usually involves problem solving and planning a software solution. This
includes both a low-level component design and a high-level, architecture design.
4.2 SYSTEM ARCHITECTURE
ARCHITECTURE:-
Fig: 4.1System Architecture
34. 24
4.3 MODULE DESIGN & ORGANIZATION
1. Cyber Analysis
2. Dataset Modification
3. Data Reduction
4. Risky User Detection
CYBER ANALYSIS:-
Cyber threat analysis is a process in which the knowledge of internal and
external information vulnerabilities pertinent to a particular organization is matched
against real-world cyber-attacks. With respect to cyber security, this threat-oriented
approach to combating cyber-attacks represents a smooth transition from a state of
reactive security to a state of proactive one.
Moreover, the desired result of a threat assessment is to give best practices on
how to maximize the protective instruments with respect to availability,
confidentiality and integrity, without turning back to usability and functionality
conditions. A threat could be anything that leads to interruption, meddling or
destruction of any valuable service or item existing in the firm’s repertoire. Whether
of “human” or “nonhuman” origin, the analysis must scrutinize each element that may
bring about conceivable security risk.
DATASET MODIFICATION:-
If a dataset in your dashboard contains many dataset objects, you can hide
specific dataset objects from display in the Datasets panel. For example, if you decide
to import a large amount of data from a file, but do not remove every unwanted data
column before importing the data into Web, you can hide the unwanted attributes and
metrics.
To hide dataset objects in the Datasets panel, To show hidden objects in the
Datasets panel, To rename a dataset object, To create a metric based on an attribute,
To create an attribute based on a metric, To define the geo role for an attribute, To
create an attribute with additional time information, To replace a dataset object in the
dashboard.
35. 25
DATA REDUCTION:-
Improve storage efficiency through data reduction techniques and capacity
optimization using data reduplication, compression, snapshots and thin
provisioning. Data reduction via simply deleting unwanted or unneeded data is the
most effective way to reduce the storage of data.
RISKY USER DETECTION:-
False alarm immunity to prevent customer embarrassment, High detection rate
to protect all kinds of goods from theft, Wide-exit coverage offers greater flexibility
for entrance/exit layouts, Wide range of attractive designs complement any store
décor, Sophisticated digital controller technology for optimum system performance.
4.4 UML DIAGRAMS
We prepare UML diagrams to understand the system in a better and simple
way. A single diagram is not enough to cover all the aspects of the system. UML
defines various kinds of diagrams to cover most of the aspects of a system. You can
also create your own set of diagrams to meet your requirements. There are two broad
categories of diagrams and they are again divided into subcategories −
1. STRUCTURAL DIAGRAMS:-
These static parts are represented by classes, interfaces, objects,
components, and nodes. The four structural diagrams are −
Class diagram
Object diagram
Component diagram
Deployment diagram
2. BEHAVIORAL DIAGRAMS:-
Behavioural diagrams basically capture the dynamic aspect of a
system. Dynamic aspect can be further described as the changing/moving
parts of a system.
Use case diagram
Sequence diagram
Collaboration diagram
State chart diagram
Activity diagram
36. 26
4.4.1 Class Diagram:-
Class diagram is a static diagram. It represents the static view of an
application. Class diagram is not only used for visualizing, describing, and
documenting different aspects of a system but also for constructing executable
code of the software application.
Class diagram describes the attributes and operations of a class and also
the constraints imposed on the system. The class diagrams are widely used in the
modelling of object-oriented systems because they are the only UML diagrams,
which can be mapped directly with object-oriented languages.
The purpose of class diagram is to model the static view of an application.
Class diagrams are the only diagrams which can be directly mapped with object-
oriented languages and thus widely used at the time of construction.
Fig: 4.4 Class Diagram
37. 27
4.4.2 Use Case Diagram:-
To model a system, the most important aspect is to capture the dynamic
behavior. Dynamic behavior means the behavior of the system when it is running
/operating. Only static behavior is not sufficient to model a system rather dynamic
behavior is more important than static behavior. In UML, there are five diagrams
available to model the dynamic nature and use case diagram is one of them. Now as
we have to discuss that the use case diagram is dynamic in nature, there should be
some internal or external factors for making the interaction.
USER:-
Fig: 4.5 User Use Case Diagram
ADMIN:-
Fig: 4.6 Admin Use Case Diagram
38. 28
4.4.3 Sequence Diagram:-
A sequence diagram simply depicts interaction between objects in a sequential
order i.e. the order in which these interactions take place. We can also use the terms
event diagrams or event scenarios to refer to a sequence diagram. Sequence diagrams
describe how and in what order the objects in a system function. These diagrams are
widely used by businessmen and software developers to document and understand
requirements for new and existing systems.
It represents the detail of a UML use case. Model the logic of a sophisticated
procedure, function, or operation. See how objects and components interact with each
other to complete a process. Plan and understand the detailed functionality of an
existing or future scenario.
Fig: 4.7 Sequence Diagram
39. 29
4.4.4 Collaboration Diagram:-
The second interaction diagram is the collaboration diagram. It shows the
object organization as seen in the following diagram. In the collaboration diagram, the
method call sequence is indicated by some numbering technique. The number
indicates how the methods are called one after another. We have taken the same order
management system to describe the collaboration diagram.
Method calls are similar to that of a sequence diagram. However, difference
being the sequence diagram does not describe the object organization, whereas the
collaboration diagram shows the object organization.
Fig: 4.8 Collaboration Diagram
4.4.5 Activity Diagram:-
Activity diagram is basically a flowchart to represent the flow from one
activity to another activity. The activity can be described as an o0peration of the
system. The control flow is drawn from one operation to another. This flow can be
40. 30
sequential, branched, or concurrent. Activity diagrams deal with all type of flow
control by using different elements such as fork, join, etc.
USER:-
Fig: 4.9 User Activity Diagram
ADMIN:-
Fig: 4.10 Admin Activity Diagram
41. 31
4.4.6 Deployment Diagram:-
Deployment diagrams are used to visualize the topology of the physical
components of a system, where the software components are deployed. Deployment
diagrams are used to describe the static deployment view of a system. Deployment
diagrams consist of nodes and their relationships.
The term Deployment itself describes the purpose of the diagram. Deployment
diagrams are used for describing the hardware components, where software
components are deployed. Component diagrams and deployment diagrams are
closely related. Component diagrams are used to describe the components and
deployment diagrams shows how they are deployed in hardware.
Fig: 4.11 Deployment Diagram
42. 32
5. IMPLEMENTATION
5.1 INTRODUCTION
This project is developed using Python as front end and MySQL as back end
in Windows environment. The web framework used for this project is Django. This
system provides optimized utilization of resources, improved productivity, and
efficient management of resources as it is completely computerized and has
centralized database maintenance.
Implementation is the most crucial stage in achieving a successful system and
giving the user’s confidence that the new system is workable and effective.
Implementation of the modified application to replace an existing one. This type of
conversation is relatively easy to handle, provide there are no major changes in the
system.
Each program is tested individually at the time of development using the data
and has verified that this program linked together in the way specified in the programs
specification, the computer system and its environment is tested to the satisfaction of
the user. The system that has been developed is accepted and proved to be satisfactory
for the user. And so the system is going to be implemented very soon. A simple
operating procedure is included so that the user can understand the different functions
clearly and quickly.
5.2 TECHNOLOGIES REQUIRED
5.2.1 Overview of Python
Python is an interpreter, object-oriented, high-level programming
language with dynamic semantics. Its high-level built in data structures, combined
with dynamic typing and dynamic binding, make it very attractive for Rapid
Application Development, as well as for use as a scripting or glue language to connect
existing components together. Python's simple, easy to learn syntax emphasizes
readability and therefore reduces the cost of program maintenance. Python supports
modules and packages, which encourages program modularity and code reuse. The
Python interpreter and the extensive standard library are available in source or binary
form without charge for all major platforms, and can be freely distributed.
43. 33
Fig: 5.1 Internal Working of Python
Features of Python:-
Easy-to-learn: Python has few keywords, simple structure, and a clearly
defined syntax. This allows the student to pick up the language quickly.
Easy-to-read: Python code is more clearly defined and visible to the eyes.
Easy-to-maintain: Python's source code is fairly easy-to-maintain.
A broad standard library: Python's bulk of the library is very portable and
cross-platform compatible on UNIX, Windows, and Macintosh.
Interactive Mode: Python has support for an interactive mode which allows
interactive testing and debugging of snippets of code.
Portable: Python can run on a wide variety of hardware platforms and has the
same interface on all platforms.
Extendable: You can add low-level modules to the Python interpreter. These
modules enable programmers to add to or customize their tools to be more
efficient.
Databases: Python provides interfaces to all major commercial databases.
44. 34
GUI Programming: Python supports GUI applications that can be created
and ported to many system calls, libraries and windows systems, such as
Windows MFC, Macintosh, and the X Window system of Unix.
Scalable: Python provides a better structure and support for large programs
than shell scripting.
5.2.2. Overview of Django
Django is a free and open source web application framework written in
Python. A framework is nothing more than a collection of modules that make
development easier. They are grouped together, and allow you to create applications
or websites from an existing source, instead of from scratch. Django offers a big
collection of modules which you can use in your own projects. Primarily, frameworks
exist to save developers a lot of wasted time and headaches and Django is no
different.
Fig: 5.2 Django Architecture
Django web applications typically group the code that handles each of these steps into
separate files:
URLs: While it is possible to process requests from every single URL via a
single function, it is much more maintainable to write a separate view
function to handle each resource. A URL mapper is used to redirect HTTP
requests to the appropriate view based on the request URL. The URL
mapper can also match particular patterns of strings or digits that appear in
a URL and pass these to a view function as data.
45. 35
View: A view is a request handler function, which receives HTTP requests
and returns HTTP responses. Views access the data needed to satisfy
requests via models, and delegate the formatting of the response
to templates.
Models: Models are Python objects that define the structure of
an application's data, and provide mechanisms to manage (add, modify,
delete) and query records in the database.
Templates: A template is a text file defining the structure or layout of a file
(such as an HTML page), with placeholders used to represent actual
content. A view can dynamically create an HTML page using an HTML
template, populating it with data from a model. A template can be used to
define the structure of any type of file; it doesn't have to be HTML
Fig: 5.3 Basic Architecture View
46. 36
5.3 ALGORITHM:
SUPPORT VECTOR MACHINE (SVM)
“Support Vector Machine” (SVM) is a supervised machine learning algorithm
which can be used for both classification and regression challenges. However, it is
mostly used in classification problems. In this algorithm, we plot each data item as a
point in n-dimensional space (where n is number of features you have) with the value
of each feature being the value of a particular coordinate. Then, we perform
classification by finding the hyper-plane that differentiate the two classes very well.
Fig: 5.4 SVM Algorithm Block Diagram
The SVM algorithm is implemented in practice using a kernel. The learning of
the hyper plane in linear SVM is done by transforming the problem using some linear
algebra, which is out of the scope of this introduction to SVM. A powerful insight is
that the linear SVM can be rephrased using the inner product of any two given
observations, rather than the observations themselves. The inner product between two
vectors is the sum of the multiplication of each pair of input values.
For example, the inner product of the vectors [2, 3] and [5, 6] is 2*5 + 3*6 or
28. The equation for making a prediction for a new input using the dot product
between the input (x) and each support vector (xi) is calculated as follows:
f(x) = B0 + sum(ai * (x,xi))
47. 37
This is an equation that involves calculating the inner products of a new input vector
(x) with all support vectors in training data. The coefficients B0 and ai (for each
input) must be estimated from the training data by the learning algorithm.
48. 38
5.4 SAMPLE CODE:
Url.py (cyber_security_alert)
"""cyber_security_alert URL Configuration
The `urlpatterns` list routes URLs to views. For more information please see:
https://docs.djangoproject.com/en/1.11/topics/http/urls/
Examples:
Function views
1. Add an import: from my_app import views
2. Add a URL to urlpatterns: url(r'^$', views.home, name='home')
Class-based views
1. Add an import: from other_app.views import Home
2. Add a URL to urlpatterns: url(r'^$', Home.as_view(), name='home')
Including another URLconf
1. Import the include() function: from django.conf.urls import url, include
2. Add a URL to urlpatterns: url(r'^blog/', include('blog.urls'))
"""
from django.conf.urls import url
from django.contrib import admin
from cyber_alert import views as alert_view
from admins import views as admin_view
50. 40
Settings.py (cyber_security_alert)
"""
Django settings for cyber_security_alert project.
Generated by 'django-admin startproject' using Django 1.11.5.
For more information on this file, see
https://docs.djangoproject.com/en/1.11/topics/settings/
For the full list of settings and their values, see
https://docs.djangoproject.com/en/1.11/ref/settings/
"""
import os
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/1.11/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'gn-jzi2u3%gw+olpxfrd%ye6210z3=$+(r@c5ly(%8j2$5)k77'
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
64. 54
6. TESTING, VALIDATION AND RESULT
6.1 INTRODUCTION TO TESTING
Testing is a process, which reveals errors in the program. It is the major
quality measure employed during software development. During testing, the program
is executed with a set of test cases and the output of the program for the test cases is
evaluated to determine if the program is performing as it is expected to perform.
The purpose of testing is to discover errors. Testing is the process of trying to
discover every conceivable fault or weakness in a work product. It provides a way to
check the functionality of components, sub assemblies, assemblies and/or a finished
product It is the process of exercising software with the intent of ensuring that the
Software system meets its requirements and user expectations and does not fail in an
unacceptable manner. There are various types of test. Each test type addresses a
specific testing requirement.
6.2 TESTING IN STRATEGIES
Unit Testing
Unit testing involves the design of test cases that validate that the internal
program logic is functioning properly, and that program inputs produce valid outputs.
All decision branches and internal code flow should be validated. It is the testing of
individual software units of the application .it is done after the completion of an
individual unit before integration. This is a structural testing, that relies on knowledge
of its construction and is invasive. Unit tests perform basic tests at component level
and test a specific business process, application, and/or system configuration. Unit
tests ensure that each unique path of a business process performs accurately to the
documented specifications and contains clearly defined inputs and expected results.
Integration Testing
Integration tests are designed to test integrated software components to
determine if they actually run as one program. Testing is event driven and is more
concerned with the basic outcome of screens or fields. Integration tests demonstrate
that although the components were individually satisfaction, as shown by successfully
65. 55
unit testing, the combination of components is correct and consistent. Integration
testing is specifically aimed at exposing the problems that arise from the combination
of components.
Functional Test
Functional tests provide systematic demonstrations that functions tested are
available as specified by the business and technical requirements, system
documentation, and user manuals.
Functional testing is centred on the following items:
Valid Input : identified classes of valid input must be accepted.
Invalid Input : identified classes of invalid input must be rejected.
Functions : identified functions must be exercised.
Output : identified classes of application must be o/p exercised.
Procedures : interfacing systems or procedures must be invoked.
Organization and preparation of functional tests is focused on requirements,
key functions, or special test cases. In addition, systematic coverage pertaining to
identify Business process flows; data fields, predefined processes, and successive
processes must be considered for testing. Before functional testing is complete,
additional tests are identified and the effective value of current tests is determined.
System Test
System testing ensures that the entire integrated software system meets
requirements. It tests a configuration to ensure known and predictable results. An
example of system testing is the configuration oriented system integration test.
System testing is based on process descriptions and flows, emphasizing pre-driven
process links and integration points.
66. 56
White Box Testing
White Box Testing is a testing in which in which the software tester has
knowledge of the inner workings, structure and language of the software, or at least its
purpose. It is purpose. It is used to test areas that cannot be reached from a black box
level.
Black Box Testing
Black Box Testing is testing the software without any knowledge of the inner
workings, structure or language of the module being tested. Black box tests, as most
other kinds of tests, must be written from a definitive source document, such as
specification or requirements document, such as specification or requirements
document. It is a testing in which the software under test is treated, as a black box
.you cannot “see” into it. The test provides inputs and responds to outputs without
considering how the software works.
6.3 DESIGN OF TEST CASES AND SCENARIOS:
Quality Assurance:
The aim of this step is to maintain or to ensure the quality of the system
developed. The quality assurance goals in the system life cycle involves
1. Quality factors specification: - This was done to determine the factors that lead to
high quality of a system.
i. Correctness- The extent to which a program meets System specification.
ii. Reliability – The degree to which a program meets system specification.
iii. Efficiency - The amount of computer resources required by the entire program
perform a function.
iv. Usability – The effort required learning and operating the system.
v. Maintainability – The ease with which the program errors are located and
corrected.
67. 57
vi. Test-ability - The effort required to test a program to ensure its correct
performance.
vii. Portability – The ease of transporting a program from one hardware
configuration to another.
viii. Accuracy - The required precision in input editing, computation and output.
ix. Error Tolerance – Error detection and correction versus error avoidance.
x. Expand-ability - Ease of adding or expanding existing databases.
xi. Access Controls and Audit – Control of access to the system and the extent
to which that access can be audited.
2. Communication – How useful the input and output of the system are.
i. Software Requirements Specification: - This was done to generate the
required documents that provide the technical specification for the design and
development of the software.
ii. Software Design Specification: - This was done in order to provide the
functions and features described in the previous stage.
3. Software Testing and Implementation: - This was done to provide necessary
software adjustment for the system to continue to comply with the original
specifications.
Quality Assurance is the review of software and related documentation for
correctness, accuracy, maintainability, reliability, and expendable. This also includes
assurances that the system meets the specifications and requirements for its intended
use performance.
68. 58
6.4 VALIDATION:
6.4.1Unit Testing
Unit testing is usually conducted as part of a combined code and unit test phase of the
software lifecycle, although it is not uncommon for coding and unit testing to be
conducted as two distinct phases.
Test strategy and approach
Field testing will be performed manually and functional tests will be written in
detail.
Test objectives
All field entries must work properly.
Pages must be activated from the identified link.
The entry screen, messages and responses must not be delayed.
Features to be tested
Verify that the entries are of the correct format
No duplicate entries should be allowed
All links should take the user to the correct page.
6.4.2 Integration Testing
Software integration testing is the incremental integration testing of two or
more integrated software components on a single platform to produce failures caused
by interface defects.
The task of the integration test is to check that components or software applications,
e.g. components in a software system or – one step up – software applications at the
company level – interact without error.
Test Results: All the test cases mentioned above passed successfully. No defects
encountered.
69. 59
6.4.3 Acceptance Testing
User Acceptance Testing is a critical phase of any project and requires
significant participation by the end user. It also ensures that the system meets the
functional requirements.
Test Results: All the test cases mentioned above passed successfully. No defects
encountered.
70. 60
7. CONCLUSION
7.1 CONCLUSION
Machine learning is an effective tool that can be employed in many areas of
information security. There exist some robust anti-phishing algorithms and network
intrusion detection systems. Machine learning can be successfully used for
developing authentication systems, evaluating the protocol implementation,
assessing the security of human interaction proofs, smart meter data profiling, etc.
In this work, we present a user-centric machine learning system which
leverages big data of various security logs, alert information, and analyst insights to
the identification of risky user. This system provides a complete framework and
solution to risky user detection for enterprise security operation center. We describe
briefly how to generate labels from SOC investigation notes, to correlate IP, host,
and users to generate user-centric features, to select machine learning algorithms
and evaluate performances, as well as how to such a machine learning system in
SOC production environment.
We also demonstrate that the learning system is able to learn more insights
from the data with highly unbalanced and limited labels, even with simple machine
learning algorithms. The average lift on top 20% predictions for multi neural
network model is over 5 times better than current rule-based system. The whole
machine learning system is implemented in production environment and fully
automated from data acquisition, daily model refreshing, to real time scoring, which
greatly improve SOC analyst’s efficiency and enhance enterprise risk detection and
management.
7.2 FUTURE ENHANCEMENT
As to the future work, we will research other learning algorithms to further
improve the detection accuracy. We will increase the security with more new ways
for securing the users operations. In SOC analyst we keep our efforts to add more
new ways of finding the attack.
71. 61
8. BIBLIOGRAPHY
8.1 REFERENCES
1. SANS Technology Institute. “The 6 Categories of Critical Log
Information.” 2013.
2. X. Li and B. Liu. “Learning to classify text using positive and unlabeled
data”, Proceedings of the 18th international joint conference on Artificial
intelligence, 2003
3. A. L. Buczak and E. Guven. “A survey of data mining and machine
learning methods for cyber security intrusion detection”, IEEE
Communications Surveys & Tutorials 18.2 (2015): 1153-1176.
4. S. Choudhury and A. Bhowal. “Comparative analysis of machine learning
algorithms along with classifiers for network intrusion detection”, Smart
Technologies and Management for Computing, Communication,
Controls, Energy and Materials (ICSTM), 2015.
5. N. Chand et al. “A comparative analysis of SVM and its stacking with
other classification algorithm for intrusion detection”, Advances in
Computing, Communication, & Automation (ICACCA), 2016.
6. K. Goeschel. “Reducing false positives in intrusion detection systems
using data-mining techniques utilizing support vector machines, decision
trees, and naive Bayes for off-line analysis”, Southeast Con, 2016.
7. M. J. Kang and J. W. Kang. “A novel intrusion detection method using
deep neural network for in-vehicle network security”, Vehicular
Technology Conference, 2016.
8.2 WEBSITES REFFERED
1. https://www.w3schools.com/python/
2. https://www.tutorialspoint.com/python/
3. https://developer.mozilla.org/en-US/docs/Learn/Server-side/Django/Introduction
4. https://towardsdatascience.com/support-vector-machine-introduction-to-machine-
learning-algorithms-934a444fca47