NDLTD Global ETD Search
  • Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 2
  • 1
  • Tagged with
  • 3
  • 3
  • 3
  • 3
  • 3
  • 2
  • 2
  • 2
  • 2
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.

Search results

Showing 1 to 3 of 3 (0.135 seconds)

Spelling suggestions: "subject:"asecurity d'operations intenter"" "subject:"asecurity d'operations contenter""

1

SOC-CMM: Designing and Evaluating a Tool for Measurement of Capability Maturity in Security Operations Centers

Van Os, Rob January 2016 (has links)
This thesis addresses the research gap that exists in the area of capability maturity measurement for Security Operations Centers (SOCs). This gap is due to the fact that there is very little formal research done in this area. To address this gap in a scientific manner, a multitude of research methods is used. Primarily, a design research approach is adopted that combines guiding principles for the design of maturity models with basic design science theory and a step by step approach for executing a design science research project. This design research approach is extended with interviewing techniques, asurvey and multiple rounds of evaluation. The result of any design process is an artefact. In this case, the artefact is a self-assessment tool that can be used to establish the capability maturity level of the SOC. This tool was named the SOC-CMM (Security Operations Center Capability Maturity Model). In this tool, maturity is measured across 5 domains: business, people, process, technology and services. Capability is measured across 2 domains: technology and services. The tool provides visual output of results using web diagrams and bar charts. Additionally, an alignment with the National Institute of Standards and Technology Cyber Security Framework (NIST CSF) was also implemented by mapping services and technologies to NIST CSF phases. The tool was tested in several rounds of evaluation. The first round of evaluation was aimed at determining whether or not the setup of the tool would be viable to resolve the research problem. The second round of evaluation was a so-called laboratory experiment performed with several participants in the research. The goal of this second round was to determine whether or not the acreated artefact sufficiently addressed the research question. In this experiment it was determined that the artefact was indeed appropriate and mostly accurate, but that some optimisations were required. These optimisations were implemented and subsequently tested in a third evaluation round. The artefact was then finalised. Lastly, the SOC-CMM self-assessment tool was compared to the initial requirements and research guidelines set in this research. It was found that the SOC-CMM tool meets the quality requirements set in this research and also meets the requirements regarding design research. Thus, it can be stated that a solution was created that accurately addresses the research gap identified in this thesis. The SOC-CMM tool is available from http://www.soc-cmm.com/
Security Operations Center
SOC
Capability
Maturity
SOC-CMM
Computer and Information Sciences
Data- och informationsvetenskap
Social Sciences
Samhällsvetenskap
2

Detecting PowerShell Obfuscation Techniques using Natural Language Processing / Detektering av obfuskeringstekniker för PowerShell med hälp av Natural Language Processing

Klasmark, Jacob January 2022 (has links)
PowerShell obfuscation is often used to avoid getting detected by Anti Virus programs. There are several different techniques to change a PowerShell script and still perform the same tasks. Detecting these obfuscated files is a good addition in order to detect malicious files. Identifying the specific technique used can also be beneficial for an analyst tasked with investigating the detected files. In order to detect these different techniques we are using Natural Language Processing with the idea that each technique will be sort of like a unique language that can be detected. We tried several different models and iterations of data processing and ended up using a Random Forest Classifier and achieved a detection accuracy of 98%. / PowerShell obfuskering används ofta för att undvika att bli upptäckt av Antivirusprogram. Det finns flera olika tekniker för att förändra ett PowerShell script me ändå behålla dess funktionalitet. Att detektera dessa obfuskerade filer är ett bra tillägg för att identifiera skadliga filer. Identifiering av den specifika tekniken som används kan vara en hjälp för analytiker som har som uppgift att utreda den identifierade filen. För att detektera dessa tekniker använder vi Natural Language Processing med idén att varje teknik på något sätt kommer se ut som ett eget språk som då kan detekteras. Vi provade flera olika modeller och kom fram till att Random Forest Classifier presterade bäst med en träffsäkerhet på 98%.
Obfuscation detection
PowerShell
Natural Language Processing
Machine Learning
Security Operations Center
Obfuskeringsdetektion
PowerShell
Natural Language Processing
Maskinlärning
Security Operations Center
Computer Sciences
Datavetenskap (datalogi)
Computer Engineering
Datorteknik
Computer and Information Sciences
Data- och informationsvetenskap
3

Operativ cybersäkerhet: för och nackdelar med AI verktyg : En Förstudie

Jepsson, David, Tillman, Axel January 2023 (has links)
Denna studie undersöker för- och nackdelarna med att implementera artificiell intelligens (AI)som ett verktyg inom en Security Operations Center (SOC). Syftet med studien är att undersökaom och hur AI-verktyg kan underlätta incidenthantering inom en SOC, samt vilka nyautmaningar som uppstår.Studien har genomförts genom kvalitativa intervjuer med fyra personer med expertkunskaperinom både AI och cybersäkerhet. Experterna utfrågades om deras syn på AI som ett verktyg, hurde ser på AI och cybersäkerhet, samt hur AI kan appliceras relaterat till de 4 stegen inom NISTincidenthantering; förberedelser, detektion & analys, Identifiera, utrotning & återhämtning samtpost-incident aktivitet.Resultaten visar på både fördelar och nackdelar med att använda AI-verktyg inom SOC inklusiveeffektivare konfigurering av SIEM, lägre antal falska positiva larm, lättad arbetsbörda förSOC-analytiker och hantering av "zero-day" incidenter. Nackdelar inkluderar lägre förklarbarhetav större AI-modeller, juridiska utmaningar och beroendet av bra indata. Slutligen visar studienatt användningen av AI som ett verktyg i SOC kan vara fördelaktigt och att mer forskningbehövs för att utforska specifika tekniker och verktyg.
Artificial Intelligence
AI Tools
Cybersecurity
IT Security
Explainable Artificial Intelligence
Incident Management
Security Operations Center (SOC)
Artificiell Intelligens
AI-verktyg
Cybersäkerhet
IT-säkerhet
Explainable AI
Incidenthantering
Security Operations Center
SIEM
NIST
Computer Systems
Datorsystem

Page generated in 0.1413 seconds