Skip to main content
SpringerLink
Log in

Design and Implementation of a Research and Education Cybersecurity Operations Center

  • Chapter
  • First Online:
Cybersecurity and Secure Information Systems

Abstract

The growing number and severity of cybersecurity threats, combined with a shortage of skilled security analysts, has led to an increased focus on cybersecurity research and education. In this article, we describe the design and implementation of an education and research Security Operations Center (SOC) to address these issues. The design of a SOC to meet educational goals as well as perform cloud security research is presented, including a discussion of SOC components created by our lab, including honeypots, visualization tools, and a lightweight cloud security dashboard with autonomic orchestration. Experimental results of the honeypot project are provided, including analysis of SSH brute force attacks (aggregate data over time, attack duration, and identification of well-known botnets), geolocation and attack pattern visualization, and autonomic frameworks based on the observe, orient, decide, act methodology. Directions for future work are also be discussed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 159.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Juniper Research Report (2018) The future of cybercrime and security: financial and corporate threats and mitigation. May 12, 2018, https://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillion Last accessed 6 Dec 2018

  2. U.S. Senate hearings on Global Threats and National Security (January 29, 2019), available from https://www.c-span.org/video/?457211-1/national-security-officials-testify-threats-us&live. Last accessed 30 Jan 2019

  3. U.S. Presidential Executive Order, strengthening the cybersecurity of federal networks and critical infrastructure (May 11, 2017) https://www.whitehouse.gov/the-press-office/2017/05/11/presidential-executive-order-strengthening-cybersecurity-federal. Last accessed 18 Dec 2018

  4. Basken P (2017) Innovations in cybersecurity benefit graduates and the nation, Chronicle of Higher Education, February 26, 2017 http://www.chronicle.com/. Last accessed 20 Sept 2017

  5. Eduventure study (2018) Market snapshot: cybersecurity bachelors and masters http://www.eduventures.com/ Last accessed 18 Dec 2018

  6. Federal Cybersecurity Research and Development Strategic Plan (RDSP), 52 pages, National Science and Technology Council (February 2016) https://www.nitrd.gov/cybersecurity/ Last accessed 18 Dec 2018

  7. Marist LongTail SSH Honeypot & Analytic Code available via IEEE Try-CybSi project, part of the IEEE Cybersecurity Initiative launched by the IEEE Computer Society and the IEEE Future Directions Committee http://try.cybersecurity.ieee.org/trycybsi/explore/honeypot (posted March 2016, last accessed Sept 2016)

  8. Marist Innovation Lab GitHub site, https://github.com/Marist-Innovation-Lab. Last accessed 11 Feb 2018

  9. MondoPad homepage, www.mondopad.net. Last accessed 11 Feb 2018

  10. Marist Cybersecurity SOC (2018) Cybersecurity education, geolocation, and IBM QRadar, https://www.youtube.com/watch?v=VZo9TWKIAbI&feature=youtu.be. Last accessed 11 Feb 2018

  11. Marist Cybersecurity SOC (2018) Cloud security and graph analytics https://www.youtube.com/watch?v=Hz_XyIipC2Y&t=1s last accessed 11 Feb 2018

  12. Certified Ethical Hacker (2018) EC Council, https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/. Last accessed 11 Feb 2018

  13. New York State Cybersecurity Certificate, the Institue of Data Center Professionals (IDCP), http://idcp.marist.edu/enterprisesystemseducation/cybersecurity.html. Last accessed 11 Feb 2018

  14. CISSP certification, https://www.isc2.org/Certifications/CISSP. Last accessed 11 Feb 2018

  15. Verizon 2018 data breach report, www.verizonenterprise.com/DBIR/2014. Last accessed 11 Feb 2018

  16. “Staying ahead in the cybersecurity game,” IBM Cybersecurity e-book shared under creative commons license (2014) https://www14.software.ibm.com/webapp/iwm/web/signup.do?source=swg-WW_Security_Organic&S_PKG=ov24572&S_TACT=102PW2CW&ce=ISM0484&ct=SWG&cmp=IBMSocial&cm=h&cr=Security&ccy=US&cm_mc_uid=96215074523614247914094&cm_mc_sid_50200000=1424791409. Last accessed 25 Sept 2017

  17. The Honeypot Project https://www.projecthoneypot.org/. Last accessed 18 Dec 2018

  18. Acalvio Technologies white paper (Fwd. by G. Eschelbeck), “The definitive guide to deception 2.0: cybersecurity manual for definitive deception solutions”, 60 pages (2017)

    Google Scholar 

  19. U.S. Dept. of Homeland Security and U.S. Computer Emergency Readiness Team, Glossary of Common Cybersecurity Terminology (2015)

    Google Scholar 

  20. “Cisco 2015 annual security report”, published by Cisco System Inc., https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf. Last accessed 9 Feb 2015

  21. Joseph V, Liengtiraphan P, Leaden G, DeCusatis C (2017) A Software-Defined Network Honeypot with Geolocation and Analytic Data Collection. In: Proceeding of 12th annual IEEE/ACM information technology professional conference, Trenton, NJ (March 17, 2017)

    Google Scholar 

  22. DeCusatis C, Labouseur A, Famularo T, Heiden J, Leaden G, Magnusson T, Zimmermann M (2017) An API Honeypot for DDoS and XSS Analysis.In: Proceeding of NYIT 7th annual cybersecurity conference, New York, NY; Best Undergraduate Research Paper Award (Sept 23, 2017)

    Google Scholar 

  23. Leaden G, Zimmermann M, DeCusatis C, Labouseur A (2017) An API Honeypot for DDoS and XSS Analysis. Proceeding of IEEE/MIT undergraduate research technology conference, Cambridge, MA (Nov. 3–5 2017)

    Google Scholar 

  24. Labouseur A, Birnbaum J, Olsen P Jr, Spillane S, Vijayan J, Hwang J, Han W (2015) The G-Star graph database: efficiently managing large distributed dynamic graphs. ACM Distrib Parallel Databases 33(4):479–514

    Article  Google Scholar 

  25. Remote Firewall Web Server https://github.com/security-kiss.com/rfw. Last accessed 11 Feb 2018

  26. Graylog open source log parser, https://www.graylog.org. Last accessed 11 Feb 2018

  27. ELK stack (Elastisearch, Logstache, Kibana), https://www.elastic.co/elk-stack. Last accessed 11 Feb 2018

  28. DeCusatis C, Zimmerman M, Sager A (2018) Identity based network security for commercial Blockchain services (IEEE XPlore Feature Article). In Proceeding of 8th annual IEEE Computing and Communications Workshop and Conference, Las Vegas, NV (8–10 Jan 2018)

    Google Scholar 

  29. IBM Qradar Security Software Documentation, http://www-01.ibm.com/support/docview.wss?uid=swg21614644 online document. Last accessed 20 Sept 2017

  30. Cisco Tetration Analytics, https://www.cisco.com/c/en/us/products/data-center-analytics/tetration-analytics/index.html online document. Last accessed 20 Sept 2017

  31. Krzywinski M (2018) Linear layout for visualization of networks: the end of hairballs. Proceeding of Genome Informatics 2010, Hinxton, UK (Sept 17, 2010), http://mkweb.bcgsc.ca/linnet. Last accessed 18 Dec 2018

  32. Longtail in hive plots—J. Ma, “Machine learning applications in computational genomics”, Carnegie Mellon University, https://www.slideshare.net/HiveData/prof-jian-ma. Last accessed 18 Dec 2018

  33. Engle S, Whaelan S (2018) Visualizing distributed memory computations using hive plots. Proceeding of ACM 9th international symposium on visualization for cybersecurity, Seattle, WA (Oct 15, 2012), https://vizsec.org/vizsec2012/. Last accessed 18 Dec 2018

  34. Daubert versus Merrell Dow Pharmaceuticals, Inc., 509 U.S. 579 (1993)

    Google Scholar 

  35. DeCusatis C, Carranza A, Ngaide A, Zafar S, Landaez N, An open digital forensics model based on CAINE. Proceeding of 15th IEEE International Conference on computer and information technology (CIT 2015), October 26–28, Liverpool, UK

    Google Scholar 

  36. Smith R (2014) Elemantary Information Security, 2nd edn. Jones and Bartlett Publishers

    Google Scholar 

  37. Boyd JR (1976) Destruction and creation. U.S. Army Command and General Staff College (3 Sept 1976)

    Google Scholar 

  38. DeCusatis C, Liengtiraphan P, Sager A, Pinelli M (2016) Implementing zero trust cloud networks with transport access control and first packet authentication. In: Proceeding IEEE International Conference on Smart Cloud (SmartCloud 2016), New York, NY (18–20 Nov 2016)

    Google Scholar 

  39. Labouseur A et al (2016) G* Studio: An adventure in graph databases, distributed systems, and software development. Inroads 7(2):58–66

    Article  Google Scholar 

Download references

Acknowledgements

We gratefully acknowledge the support of Marist College and the New York State Cloud Computing and Analytic Center (CCAC), as well as support from the National Science Foundation under CC*DNI Integration (Area 4): Application-Aware Software-Defined Networks for Secure Cloud Services (SecureCloud) Award #1541384. We also gratefully acknowledge the support of Marist College IT staff and students in creating the SOC, including Bill Thirsk (former Marist CIO), Harry Williams (Marist CSO), Eric Weeda (former Marist IT staff), Roger Norton (Dean of the School of Computer Science and Mathematics) and Marist undergraduate students V. Joseph, P. Liengtiraphan, G. Leaden, T. Famularo, T. Magnusson, and M. Zimmermann.

Author information

Authors and Affiliations

  1. School of Computer Science and Mathematics, Marist College, New York, USA

    C. DeCusatis, R. Cannistra, A. Labouseur & M. Johnson

Authors
  1. C. DeCusatis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. R. Cannistra
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. A. Labouseur
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. M. Johnson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to C. DeCusatis .

Editor information

Editors and Affiliations

  1. Faculty of Computers and Information, Cairo University, Giza, Egypt

    Aboul Ella Hassanien

  2. Faculty of Computer and Information Sciences, Mansoura University, Mansoura, Egypt

    Mohamed Elhoseny

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

DeCusatis, C., Cannistra, R., Labouseur, A., Johnson, M. (2019). Design and Implementation of a Research and Education Cybersecurity Operations Center. In: Hassanien, A., Elhoseny, M. (eds) Cybersecurity and Secure Information Systems. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-16837-7_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-16837-7_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-16836-0

  • Online ISBN: 978-3-030-16837-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation