Date of Defense

31-10-2025 10:00 AM

Location

Room 1028, E1 Building

Document Type

Dissertation Defense

Degree Name

Doctor of Philosophy in Informatics and Computing

College

College of Information Technology

Department

Computer Science and Software Engineering

First Advisor

Prof. Ezedin Baraka

Keywords

Security Operation Center (SOC), artificial intelligence, machine learning, blockchain, threat intelligence sharing, intrusion detection, reinforcement learning, Internet of Things (IoT) security, deep learning, attention mechanism, fuzzy logic, optimal control, cybersecurity architecture, anomaly detection, SIEM enhancement.

Abstract

This dissertation presents a comprehensive framework for the evolution of Security Operation Centers (SOCs) through the integration of advanced artificial intelligence (AI), blockchain, and optimization techniques. Motivated by the increasing complexity of cyber threats and the limitations of traditional reactive SOC strategies, this work begins with a systematic literature review that identifies critical gaps in current SOC operations. Based on these insights, a reference architecture is proposed to guide the integration of intelligent components into SOC environments. To address the challenge of secure and trustworthy information sharing, a blockchain-based threat intelligence platform is developed, leveraging Byzantine Fault Tolerance and Zero-Knowledge Proofs for integrity and access control. For intelligent threat detection and response, deep learning models—specifically graph convolutional networks and autoencoders—are coupled with reinforcement learning and fuzzy logic to enable adaptive classification, scoring, and continuous model improvement. At the same time, a reinforcement learning–based intrusion detection system (RL-IDS) is put forward for IoT networks that integrates deep neural networks, domain-specific feature extraction, and hybrid metaheuristic optimization for effective and scalable detection. In addition, an ensemble deep learning model is put forward to improve Security Information and Event Management (SIEM) systems with attention mechanisms and priority assignment of alerts using fuzzy inference. This model effectively captures temporal and spatial threat patterns, substantially improving detection accuracy and reducing false alarm rates. Across all components, experimental evaluations demonstrate superior performance, with detection accuracies exceeding 99%, low false positive and negative rates, and high operational efficiency. The proposed architecture and its subsystems collectively offer a modular, intelligent, and secure foundation for next-generation SOCs. This dissertation contributes novel methodologies across detection, response, and intelligence sharing, aligning academic innovation with practical cybersecurity demands and enabling a shift toward autonomous, AI-driven security operations.

Download

Share

COinS
 
Oct 31st, 10:00 AM

FRAMEWORK FOR NEXT GENERATION SECURITY OPERATION CENTER POWERED BY ARTIFICIAL INTELLIGENCE

Room 1028, E1 Building

This dissertation presents a comprehensive framework for the evolution of Security Operation Centers (SOCs) through the integration of advanced artificial intelligence (AI), blockchain, and optimization techniques. Motivated by the increasing complexity of cyber threats and the limitations of traditional reactive SOC strategies, this work begins with a systematic literature review that identifies critical gaps in current SOC operations. Based on these insights, a reference architecture is proposed to guide the integration of intelligent components into SOC environments. To address the challenge of secure and trustworthy information sharing, a blockchain-based threat intelligence platform is developed, leveraging Byzantine Fault Tolerance and Zero-Knowledge Proofs for integrity and access control. For intelligent threat detection and response, deep learning models—specifically graph convolutional networks and autoencoders—are coupled with reinforcement learning and fuzzy logic to enable adaptive classification, scoring, and continuous model improvement. At the same time, a reinforcement learning–based intrusion detection system (RL-IDS) is put forward for IoT networks that integrates deep neural networks, domain-specific feature extraction, and hybrid metaheuristic optimization for effective and scalable detection. In addition, an ensemble deep learning model is put forward to improve Security Information and Event Management (SIEM) systems with attention mechanisms and priority assignment of alerts using fuzzy inference. This model effectively captures temporal and spatial threat patterns, substantially improving detection accuracy and reducing false alarm rates. Across all components, experimental evaluations demonstrate superior performance, with detection accuracies exceeding 99%, low false positive and negative rates, and high operational efficiency. The proposed architecture and its subsystems collectively offer a modular, intelligent, and secure foundation for next-generation SOCs. This dissertation contributes novel methodologies across detection, response, and intelligence sharing, aligning academic innovation with practical cybersecurity demands and enabling a shift toward autonomous, AI-driven security operations.