AI-Driven Hybrid Anomaly Detection in SOC Environments Shifa Naaz * Project Mentor(s): Hideki Takei, DBA Security Operations Centers (SOCs) face increasingly sophisticated cyber threats,
requiring timely and accurate anomaly detection across heterogeneous log and network data sources. Traditional rule-based and standalone machine learning approaches often struggle with zero-day attacks, insider threats, and high false-positive rates. This study evaluates the effectiveness of hybrid AI-based anomaly detection techniques that combine rule-based heuristics with unsupervised machine learning models, specifically Isolation Forest, across benchmark datasets CICIDS2017 and UNSW-NB15. The hybrid approach demonstrates improved detection accuracy, particularly in complex traffic environments, and reduces false positives when threshold tuning is applied. While experimenting there were practical challenges with large-scale datasets such as CICIDS 2018, which require substantial memory and computational resources, suggesting the need for controlled SOC environments to evaluate real-time performance. Findings support hybrid models as a promising strategy for enhancing SOC operational efficiency, while emphasizing limitations in scalability, adaptive thresholding, and real-time deployment. Future work will focus on deployment in live SOC environments to validate accuracy,
latency, and operational viability under dynamic conditions. Presentation Type: Oral Presentation (May 20, 9:30am–5:00pm) Keywords: Computer Science, Machine learning, Security SOURCE Form ID: 218
93
Made with FlippingBook interactive PDF creator