CEDoc-CC: Next-Gen SOC: Enhancing the efficiency of a SOC with Machine Full-time

Introduction:

Mohammed VI Polytechnic University is an institution dedicated to research and innovation in Africa and aims to position itself among world-renowned universities in its fields The University is engaged in economic and human development and puts research and innovation at the forefront of African development. A mechanism that enables it to consolidate Morocco’s frontline position in these fields, in a unique partnership-based approach and boosting skills training relevant to the future of Africa. Located in the municipality of Benguerir, in the very heart of the Green City, Mohammed VI Polytechnic University aspires to leave its mark nationally, continentally, and globally.

Context:

With the rapid advancements of technology and the increasing dependence on interconnected systems, ensuring robust cybersecurity measures has become a critical concern in today’s digital landscape. The emergence of artificial intelligence (AI) offers new possibilities for bolstering security mechanisms, but it also introduces novel challenges and vulnerabilities.

The continued evolution of nation-state-affiliated and criminal adversaries, as well as the increasing sophistication of cyberattacks, are finding new and invasive ways to target even the savviest of targets. This evolution is driving an increase in the number, scale, and impact of cyberattacks, and necessitating the implementation of intelligence-driven cybersecurity to provide dynamic protection against evolving cyberattacks and to manage big data. Advisory organizations are encouraging the use of more proactive and adaptive approaches by shifting towards real-time assessments, continuous monitoring, and data-driven analysis to identify, protect against, detect, respond to, and recover from cyberattacks (e.g. ransomware) to prevent future security incidents.

Security Operation Centers (SOC) together with Cyber Threat Intelligence teams have become a pillar in the defense of an organization. Indeed, they bring a first line of defense for detecting threats and taking immediate response. However, in the last decade, SOC analysts have become submerged with information as data manipulation increases. One way to solve this is by recruiting more SOC analysts. However, this is very difficult because of the lack of security experts in general, and recruiting more analysts does not resolve all the problems. Recently, organizations have started to look for automation and Machine learning capabilities to increase efficiency. Automation reduces the time spent by analysts by applying playbooks for a known threat. Machine Learning (ML) enhances the detection of anomalies by understanding normal behavior. Typically, UEBA technologies are based on ML algorithms designed to detect abnormal behavior of a network. The challenge for Next-Gen SOC is to use Machine learning and automation in an efficient way to assist SOC analysts.

This research project aims to leverage recent initiatives in current state-of-the-art SOC and its component using ML techniques for efficient early detection and analysis of cyber threats and expand it to the most pressing industry challenges in the face of evolving cyber threats. This multidisciplinary work adopts a comprehensive approach by integrating concepts from computer science, machine learning, data analysis, cybersecurity, and real-world industrial case studies.

Research objectives:

The methodology of this research will involve:

• Reviewing current literature to identify gaps and opportunities for Next-Gen SOC.
• Designing and implementing machine learning models tailored for specific types of cyberattacks.
• Applying optimization algorithms to enhance model training and feature selection.
• Testing the models on public cybersecurity datasets and analyzing their performance metrics.
• Testing the models on real data by collaborating with industry partners to gather feedback and refine the models accordingly.

The expected outcome of the project is a scalable, efficient, robust, and effective Next-Gen SOC framework.

Admission Criteria:

• Prospective candidates should possess a strong background in cybersecurity and deep learning.

• Proficiency in programming languages, e.g., Python.

Funding:

• This PhD opportunity is funded by Deloitte.

Candidates are invited to submit their applications, including a detailed CV and academic transcripts. Email: anas.motii@um6p.ma

UM6P.