DomainPrio: Prioritizing Domain Name Investigations to Improve SOC Efficiency

DomainPrio: Prioritizing Domain Name Investigations to Improve SOC Efficiency

Security Operations Centers (SOCs) are in need of automation for triaging alerts. Current approaches focus on analyzing and enriching individual alerts. We take a different approach and analyze the population of alerts. In an observational study over 24 weeks, we find a surprising pattern: some doma...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE access 2022, Vol.10, p.34352-34368
Hauptverfasser: Chiba, Daiki, Akiyama, Mitsuaki, Otsuki, Yuto, Hada, Hiroki, Yagi, Takeshi, Fiebig, Tobias, Van Eeten, Michel
Format: Artikel
Sprache:eng
Schlagworte:
Automation
Computer crime
Computer security
Domain names
Efficiency
Evaluation
IP networks
Malware
Monitoring
Network security
Pattern analysis
Phishing
Regression models
Security
security operations
security operations centers
SOC
threat analysis
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Schreiben Sie den ersten Kommentar!
Bitte loggen Sie sich zuerst ein