Architecture of Anomaly Detection Module for the Security Operations Center

The paper presents the preliminary results of the research undertaken within RegSOC project. The goal of the project is initiate a prototype instance of the model Regional Center for Cybersecurity (RegSOC) and to facilitate to the public entities. The outcomes of this project will allow to raise levels of security protection and to present procedures, which can reduce the probability of unwanted events and methods of lowering their consequences. The project aims at developing a comprehensive cybersecurity monitoring platform which will be the software and organizational solution (management models and organizational procedures). The software part of the platform will constitute several modules specialized in various types of security level evaluation. The paper focuses on the module integrated with the RegSOC platform which will support security-related events detection by detecting anomalies. The architecture of the anomaly detection module has been introduced and the functional and non-functional requirements related to this module have been discussed. Also, the role and the way of integrating the module with the general RegSOC architecture has been demonstrated.