Latin-American Journal of Computing (Dec 2020)
Anomaly detection under cognitive security model
Abstract
Cybersecurity attacks are considered among the top five of risks worldwide, according to the World Economic Forum in the year 2019. This context has generated the need to improve the tasks of cybersecurity defense in organizations. Improving the effectiveness in executing a cybersecurity task requires three pillars: people, processes and technologies. The proposal in this work is to analyze the integration of these three components as a strategy to improve the effectiveness of the execution of operational tasks in cyber defense, specifically the detection of anomalies. Based on the foundation that: cybersecurity operational tasks carried out daily by analysts require the use of cognitive processes, and that the use of techniques based on technologies such as machine learning, data mining and data science have generally been used to automate cybersecurity tasks, we have considered the use of cognitive security, as a strategy to improve the anomaly detection process, taking into account the cognitive processes and skills that are executed by the security analyst.
