Abstract
The growing number and severity of cybersecurity threats, combined with a shortage of skilled security analysts, has led to an increased focus on cybersecurity research and education. In this article, we describe the design and implementation of an education and research Security Operations Center (SOC) to address these issues. The design of a SOC to meet educational goals as well as perform cloud security research is presented, including a discussion of SOC components created by our lab, including honeypots, visualization tools, and a lightweight cloud security dashboard with autonomic orchestration. Experimental results of the honeypot project are provided, including analysis of SSH brute force attacks (aggregate data over time, attack duration, and identification of well-known botnets), geolocation and attack pattern visualization, and autonomic frameworks based on the observe, orient, decide, act methodology. Directions for future work are also be discussed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Juniper Research Report (2018) The future of cybercrime and security: financial and corporate threats and mitigation. May 12, 2018, https://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillion Last accessed 6 Dec 2018
U.S. Senate hearings on Global Threats and National Security (January 29, 2019), available from https://www.c-span.org/video/?457211-1/national-security-officials-testify-threats-us&live. Last accessed 30 Jan 2019
U.S. Presidential Executive Order, strengthening the cybersecurity of federal networks and critical infrastructure (May 11, 2017) https://www.whitehouse.gov/the-press-office/2017/05/11/presidential-executive-order-strengthening-cybersecurity-federal. Last accessed 18 Dec 2018
Basken P (2017) Innovations in cybersecurity benefit graduates and the nation, Chronicle of Higher Education, February 26, 2017 http://www.chronicle.com/. Last accessed 20 Sept 2017
Eduventure study (2018) Market snapshot: cybersecurity bachelors and masters http://www.eduventures.com/ Last accessed 18 Dec 2018
Federal Cybersecurity Research and Development Strategic Plan (RDSP), 52 pages, National Science and Technology Council (February 2016) https://www.nitrd.gov/cybersecurity/ Last accessed 18 Dec 2018
Marist LongTail SSH Honeypot & Analytic Code available via IEEE Try-CybSi project, part of the IEEE Cybersecurity Initiative launched by the IEEE Computer Society and the IEEE Future Directions Committee http://try.cybersecurity.ieee.org/trycybsi/explore/honeypot (posted March 2016, last accessed Sept 2016)
Marist Innovation Lab GitHub site, https://github.com/Marist-Innovation-Lab. Last accessed 11 Feb 2018
MondoPad homepage, www.mondopad.net. Last accessed 11 Feb 2018
Marist Cybersecurity SOC (2018) Cybersecurity education, geolocation, and IBM QRadar, https://www.youtube.com/watch?v=VZo9TWKIAbI&feature=youtu.be. Last accessed 11 Feb 2018
Marist Cybersecurity SOC (2018) Cloud security and graph analytics https://www.youtube.com/watch?v=Hz_XyIipC2Y&t=1s last accessed 11 Feb 2018
Certified Ethical Hacker (2018) EC Council, https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/. Last accessed 11 Feb 2018
New York State Cybersecurity Certificate, the Institue of Data Center Professionals (IDCP), http://idcp.marist.edu/enterprisesystemseducation/cybersecurity.html. Last accessed 11 Feb 2018
CISSP certification, https://www.isc2.org/Certifications/CISSP. Last accessed 11 Feb 2018
Verizon 2018 data breach report, www.verizonenterprise.com/DBIR/2014. Last accessed 11 Feb 2018
“Staying ahead in the cybersecurity game,” IBM Cybersecurity e-book shared under creative commons license (2014) https://www14.software.ibm.com/webapp/iwm/web/signup.do?source=swg-WW_Security_Organic&S_PKG=ov24572&S_TACT=102PW2CW&ce=ISM0484&ct=SWG&cmp=IBMSocial&cm=h&cr=Security&ccy=US&cm_mc_uid=96215074523614247914094&cm_mc_sid_50200000=1424791409. Last accessed 25 Sept 2017
The Honeypot Project https://www.projecthoneypot.org/. Last accessed 18 Dec 2018
Acalvio Technologies white paper (Fwd. by G. Eschelbeck), “The definitive guide to deception 2.0: cybersecurity manual for definitive deception solutions”, 60 pages (2017)
U.S. Dept. of Homeland Security and U.S. Computer Emergency Readiness Team, Glossary of Common Cybersecurity Terminology (2015)
“Cisco 2015 annual security report”, published by Cisco System Inc., https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf. Last accessed 9 Feb 2015
Joseph V, Liengtiraphan P, Leaden G, DeCusatis C (2017) A Software-Defined Network Honeypot with Geolocation and Analytic Data Collection. In: Proceeding of 12th annual IEEE/ACM information technology professional conference, Trenton, NJ (March 17, 2017)
DeCusatis C, Labouseur A, Famularo T, Heiden J, Leaden G, Magnusson T, Zimmermann M (2017) An API Honeypot for DDoS and XSS Analysis.In: Proceeding of NYIT 7th annual cybersecurity conference, New York, NY; Best Undergraduate Research Paper Award (Sept 23, 2017)
Leaden G, Zimmermann M, DeCusatis C, Labouseur A (2017) An API Honeypot for DDoS and XSS Analysis. Proceeding of IEEE/MIT undergraduate research technology conference, Cambridge, MA (Nov. 3–5 2017)
Labouseur A, Birnbaum J, Olsen P Jr, Spillane S, Vijayan J, Hwang J, Han W (2015) The G-Star graph database: efficiently managing large distributed dynamic graphs. ACM Distrib Parallel Databases 33(4):479–514
Remote Firewall Web Server https://github.com/security-kiss.com/rfw. Last accessed 11 Feb 2018
Graylog open source log parser, https://www.graylog.org. Last accessed 11 Feb 2018
ELK stack (Elastisearch, Logstache, Kibana), https://www.elastic.co/elk-stack. Last accessed 11 Feb 2018
DeCusatis C, Zimmerman M, Sager A (2018) Identity based network security for commercial Blockchain services (IEEE XPlore Feature Article). In Proceeding of 8th annual IEEE Computing and Communications Workshop and Conference, Las Vegas, NV (8–10 Jan 2018)
IBM Qradar Security Software Documentation, http://www-01.ibm.com/support/docview.wss?uid=swg21614644 online document. Last accessed 20 Sept 2017
Cisco Tetration Analytics, https://www.cisco.com/c/en/us/products/data-center-analytics/tetration-analytics/index.html online document. Last accessed 20 Sept 2017
Krzywinski M (2018) Linear layout for visualization of networks: the end of hairballs. Proceeding of Genome Informatics 2010, Hinxton, UK (Sept 17, 2010), http://mkweb.bcgsc.ca/linnet. Last accessed 18 Dec 2018
Longtail in hive plots—J. Ma, “Machine learning applications in computational genomics”, Carnegie Mellon University, https://www.slideshare.net/HiveData/prof-jian-ma. Last accessed 18 Dec 2018
Engle S, Whaelan S (2018) Visualizing distributed memory computations using hive plots. Proceeding of ACM 9th international symposium on visualization for cybersecurity, Seattle, WA (Oct 15, 2012), https://vizsec.org/vizsec2012/. Last accessed 18 Dec 2018
Daubert versus Merrell Dow Pharmaceuticals, Inc., 509 U.S. 579 (1993)
DeCusatis C, Carranza A, Ngaide A, Zafar S, Landaez N, An open digital forensics model based on CAINE. Proceeding of 15th IEEE International Conference on computer and information technology (CIT 2015), October 26–28, Liverpool, UK
Smith R (2014) Elemantary Information Security, 2nd edn. Jones and Bartlett Publishers
Boyd JR (1976) Destruction and creation. U.S. Army Command and General Staff College (3 Sept 1976)
DeCusatis C, Liengtiraphan P, Sager A, Pinelli M (2016) Implementing zero trust cloud networks with transport access control and first packet authentication. In: Proceeding IEEE International Conference on Smart Cloud (SmartCloud 2016), New York, NY (18–20 Nov 2016)
Labouseur A et al (2016) G* Studio: An adventure in graph databases, distributed systems, and software development. Inroads 7(2):58–66
Acknowledgements
We gratefully acknowledge the support of Marist College and the New York State Cloud Computing and Analytic Center (CCAC), as well as support from the National Science Foundation under CC*DNI Integration (Area 4): Application-Aware Software-Defined Networks for Secure Cloud Services (SecureCloud) Award #1541384. We also gratefully acknowledge the support of Marist College IT staff and students in creating the SOC, including Bill Thirsk (former Marist CIO), Harry Williams (Marist CSO), Eric Weeda (former Marist IT staff), Roger Norton (Dean of the School of Computer Science and Mathematics) and Marist undergraduate students V. Joseph, P. Liengtiraphan, G. Leaden, T. Famularo, T. Magnusson, and M. Zimmermann.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
DeCusatis, C., Cannistra, R., Labouseur, A., Johnson, M. (2019). Design and Implementation of a Research and Education Cybersecurity Operations Center. In: Hassanien, A., Elhoseny, M. (eds) Cybersecurity and Secure Information Systems. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-16837-7_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-16837-7_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-16836-0
Online ISBN: 978-3-030-16837-7
eBook Packages: Computer ScienceComputer Science (R0)