A User-Centric Machine Learning Framework for Enhancing Decision-Making and Automation in Cybersecurity Operations Center
DOI:
https://doi.org/10.71366/ijwosKeywords:
Framework, SOC, SIEM, Machine learning.
Abstract
Organizations deploy Security Information and Event Management (SIEM) systems to consolidate diverse security technologies and generate alerts for potential security incidents. Security Operations Center (SOC) analysts examine these alerts to validate their authenticity. The overwhelming volume of false positive alerts exceeds the analytical capacity of SOC teams, potentially allowing genuine threats to go undetected. This research presents a novel user-focused machine learning approach designed to minimize false positive rates while enhancing SOC analyst efficiency.
Our framework integrates behavioral analytics with traditional security monitoring within operational SOC environments. We examine standard data inputs, analytical workflows, and preprocessing methodologies essential for developing robust machine learning solutions. This work addresses two distinct audiences: machine learning practitioners seeking to understand cybersecurity contexts, and cybersecurity professionals interested in implementing ML capabilities within their operations.
The paper demonstrates practical implementation through a comprehensive case study, covering data acquisition, annotation processes, feature development, algorithm selection, and performance assessment using production SOC infrastructure.
Downloads
Published
Issue
Section
License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
