Towards an Operations-Aware Experimentation Methodology

2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2022-06-01 DOI:10.1109/EuroSPW55150.2022.00046

Michael Collins, Alefiya Hussain, S. Schwab

{"title":"Towards an Operations-Aware Experimentation Methodology","authors":"Michael Collins, Alefiya Hussain, S. Schwab","doi":"10.1109/EuroSPW55150.2022.00046","DOIUrl":null,"url":null,"abstract":"Security Operations Centers (SOCs) serve a critical role in protecting enterprise networks and systems. Despite this critical role, only a limited number of researchers in the field have an awareness of the obstacles and challenges in applying cyber ranges and cybersecurity testbeds to the area of SOC training, exercises and evaluation. This paper introduces a systematic approach to incorporating SOCs into cybersecu-rity experiments, including both training and evaluation. We present a reference SOC model, an implementation of that model and downloadable software distributions suitable for deploying on cyber ranges, and guidance towards a methodol-ogy to promote rigorous experiments including those involving human cyber operators. Metrics focused on analyst event load are presented in the context of measuring the impact of new threats, technologies and procedures on SOC performance. Collectively, these contributions serve as a basis for future work to engage the research and operational communities to work together to advance the state-of-the-art of SOC technologies and SOC operators.","PeriodicalId":275840,"journal":{"name":"2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"86 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EuroSPW55150.2022.00046","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Security Operations Centers (SOCs) serve a critical role in protecting enterprise networks and systems. Despite this critical role, only a limited number of researchers in the field have an awareness of the obstacles and challenges in applying cyber ranges and cybersecurity testbeds to the area of SOC training, exercises and evaluation. This paper introduces a systematic approach to incorporating SOCs into cybersecu-rity experiments, including both training and evaluation. We present a reference SOC model, an implementation of that model and downloadable software distributions suitable for deploying on cyber ranges, and guidance towards a methodol-ogy to promote rigorous experiments including those involving human cyber operators. Metrics focused on analyst event load are presented in the context of measuring the impact of new threats, technologies and procedures on SOC performance. Collectively, these contributions serve as a basis for future work to engage the research and operational communities to work together to advance the state-of-the-art of SOC technologies and SOC operators.

查看原文本刊更多论文

面向操作感知实验方法论

安全运营中心(soc)在保护企业网络和系统安全方面发挥着至关重要的作用。尽管这一关键作用，但该领域只有有限数量的研究人员意识到将网络范围和网络安全测试平台应用于SOC训练、演习和评估领域的障碍和挑战。本文介绍了一种将soc纳入网络安全实验的系统方法，包括培训和评估。我们提出了一个参考SOC模型，该模型的实现和适合在网络范围内部署的可下载软件分发版，以及促进严格实验的方法指南，包括涉及人类网络操作员的实验。在衡量新威胁、技术和程序对SOC性能的影响的背景下，提出了关注分析师事件负载的指标。总的来说，这些贡献可以作为未来工作的基础，让研究和运营社区共同努力，推进最先进的SOC技术和SOC运营商。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

自引率

0.00%

发文量