| Applicant Organization | Universitas Tanjungpura |
| Faculty | Mathematics and Natural Science |
| Department | Computer System Department |
| Project Name | MINI SOC with AWS |
| Production System | jurnal.untan.ac.id |
| Proposal Date | December 1, 2025 |
| Requested Duration | 12 months |
| Total Budget Request | $20,000 USD |
| AWS Services Required | Bedrock, SageMaker, S3, Lambda |
The Computer System Department at Universitas Tanjungpura's Faculty of Mathematics and Natural Science proposes establishing a MINI SOC (Security Operations Center) powered by AWS cloud infrastructure. This initiative will protect our academic journal system (jurnal.untan.ac.id) serving researchers, academics, and students across Indonesia.
This 12-month project leverages AWS Bedrock and SageMaker for continuous threat detection, combined with a comprehensive Explainable AI (XAI) framework using SHAP, LIME, and DiCE analysis methods. This multi-method approach ensures that security teams can understand and validate every AI decision from multiple perspectives.
The integration of multiple XAI techniques is critical for a SOC environment, where analysts need deep understanding of threat classifications. SHAP provides feature importance, LIME offers local interpretability, and DiCE generates counterfactual explanations - together forming a complete explainability framework.
Academic journals are increasingly targeted by cyber attacks, including SQL injection, cross-site scripting (XSS), DDoS attempts, and credential stuffing. These attacks can compromise sensitive research data, disrupt service availability, and damage institutional reputation.
Traditional security solutions are reactive and signature-based, failing to detect novel attack patterns or zero-day exploits. They also lack explainability, making it difficult for security teams to understand why certain traffic is flagged as malicious.
Our current infrastructure generates over 1 million security events daily from network flows (Mikrotik NetFlow) and web access logs (Nginx). Manual analysis is impossible, and existing tools provide limited intelligence.
Security incidents directly affect our ability to serve the academic community. Downtime disrupts peer review processes, manuscript submissions, and research dissemination. Data breaches could expose confidential author information and unpublished research. We need an intelligent, proactive security system that scales with our growing user base.
We propose establishing a MINI SOC (Security Operations Center) built on AWS infrastructure, leveraging cloud-native machine learning services for continuous threat detection and multi-method explainable AI analysis over a 12-month period. This MINI SOC will serve as a centralized security intelligence hub for our academic infrastructure.
Our MINI SOC architecture consists of four integrated layers:
Network flows (Mikrotik NetFlow) and application logs (Nginx) collected from production systems and securely streamed to AWS for centralized analysis.
This project requires sustained use of multiple AWS services throughout the 12-month grant period:
| AWS Service | Purpose | Usage Pattern |
|---|---|---|
| Amazon Bedrock (Claude Sonnet) |
Primary AI engine for threat analysis, pattern recognition, and decision-making | Continuous daily analysis (1M+ events/day) |
| Amazon SageMaker | Custom model training, fine-tuning, XAI computation (SHAP+LIME+DiCE), and specialized ML workloads | Weekly training runs (ml.g5.xlarge) |
| Amazon S3 | Centralized log storage, model artifacts, XAI results, and analysis outputs | 800GB+ storage Lifecycle management |
| AWS Lambda | Serverless orchestration, real-time triggers, alert generation, and XAI processing coordination | Event-driven execution (millions of invocations) |
A critical component of our MINI SOC is the integration of a comprehensive Explainable AI (XAI) framework combining three complementary methods: SHAP, LIME, and DiCE. This multi-method approach ensures that security teams can understand AI decisions from multiple perspectives, building trust and enabling effective response.
Traditional machine learning models make predictions without explaining their reasoning. For a Security Operations Center (SOC), this lack of transparency is problematic:
Our multi-method XAI framework solves this by providing three distinct but complementary perspectives on every threat classification, making AI decisions fully transparent and actionable.
Purpose: Global feature importance and contribution analysis
SHAP quantifies how much each feature (IP reputation, request pattern, user agent, etc.) contributed to the threat classification. It provides a mathematically rigorous attribution based on game theory, showing both positive and negative contributions across the entire dataset.
What SOC Team Learns:
Purpose: Local, instance-specific explanations
LIME explains individual predictions by approximating the model locally around a specific instance. For each flagged request, it shows which features were most important for that specific case, even if global patterns differ.
What SOC Team Learns:
Purpose: Counterfactual reasoning and what-if analysis
DiCE generates alternative scenarios showing what would need to change for the classification to flip. For a malicious request, it shows: "If the IP had been from a trusted range, OR if the request pattern matched normal behavior, the classification would have been benign."
What SOC Team Learns:
| Aspect | SHAP | LIME | DiCE |
|---|---|---|---|
| Perspective | Global patterns | Local instance | Counterfactual |
| Answers | What features matter most? | Why this case? | What if changed? |
| Use Case | Feature engineering | Incident investigation | False positive analysis |
| Validation | Model-wide accuracy | Case-specific reasoning | Decision robustness |
Request: GET /admin?id=1' OR '1'='1
SHAP Analysis:
LIME Analysis:
DiCE Analysis:
Result: SOC analyst immediately understands the attack vector from multiple angles, can confidently block the IP, and learns what legitimate queries should look like.
A critical aspect of this proposal is long-term sustainability. The 12-month AWS credits period is not just for operation, but for building sustainable capabilities that continue beyond the grant period.
During the 12-month period, we will train and refine models using AWS infrastructure. By the end of this period, we will have:
After obtaining the trained model from AWS, threat detection will shift to on-premise infrastructure:
| Component | Year 1 (AWS Credits) | Year 2+ (Campus Budget) |
|---|---|---|
| Daily threat analysis | $1,000-1,200/month (AWS Bedrock continuous) |
$0 (Local inference) |
| Model training | $200-300/month (Weekly SageMaker runs) |
$50-80/month (Quarterly updates only) |
| Novel pattern analysis | Included in daily costs | $100-150/month (10% traffic only) |
| Storage & Lambda | $100-150/month | $30-50/month (Minimal usage) |
| MONTHLY TOTAL | $1,400-1,800 | $180-280 (-90%) |
At $180-280/month, the ongoing operational cost is within the Computer System Department's annual IT budget. This 90% cost reduction makes the MINI SOC sustainable indefinitely, ensuring job continuity for trained staff and continuous protection for academic infrastructure.
Key Point: The AWS credits period is an investment in capability building. We're not creating AWS dependency - we're using AWS to bootstrap a sustainable, mostly on-premise solution.
We request $20,000 in AWS credits to support continuous operation of this MINI SOC system for 12 months. Cost estimates are based on processing 1 million security events per day with real-time AI analysis and comprehensive XAI computation.
| AWS Service | Monthly Usage | Est. Cost/Month |
|---|---|---|
| Amazon Bedrock (Claude Sonnet) |
35M requests/month (1M+ events × 30 days) Continuous threat analysis |
$1,000-1,200 |
| Amazon SageMaker | 5-6 training runs/month ml.g5.xlarge instances XAI computation (SHAP+LIME+DiCE) |
$200-280 |
| Amazon S3 | 700GB storage + requests Lifecycle management Archival storage |
$70-100 |
| AWS Lambda | 12M invocations/month Orchestration & triggers Real-time processing |
$40-60 |
| Data Transfer | S3 → Bedrock/SageMaker Cross-region sync API calls |
$25-40 |
| CloudWatch & Monitoring | Logs, metrics, dashboards Alerts and notifications |
$30-50 |
| MONTHLY TOTAL | $1,365-1,730/mo | |
Why AWS Credits Are Critical: As an academic institution, we lack the budget to sustain commercial pricing for enterprise AI services. AWS credits enable us to implement state-of-the-art security using Bedrock and SageMaker, protecting our research community while building sustainable long-term capabilities. The 12-month period allows us to train models, establish baselines, and transition to cost-effective on-premise operation.
A fully functional Security Operations Center capability, even with limited resources. Centralized threat monitoring, analysis, and response for all academic infrastructure.
Every threat detection accompanied by SHAP, LIME, and DiCE analysis providing comprehensive explainability. SOC team can validate, learn from, and trust AI recommendations from multiple complementary perspectives.
Real-time threat detection with 1M+ daily events analyzed. Immediate response to SQL injection, XSS, DDoS, and novel attack patterns. Reduced dwell time from days to minutes.
After 12 months, 90% cost reduction through on-premise inference. Campus budget can sustain ongoing operations at $180-280/month, ensuring job continuity for SOC staff and continuous protection indefinitely.
Implementation findings will contribute to academic knowledge in applied machine learning for cybersecurity, multi-method XAI frameworks, and sustainable SOC models for resource-constrained institutions.
SOC team training on AWS services, machine learning operations (MLOps), multi-method XAI interpretation (SHAP+LIME+DiCE), and cloud security best practices. Long-term capability enhancement for the department with guaranteed job continuity.
| Phase | Duration | Key Activities | AWS Services |
|---|---|---|---|
| Setup & Integration | Month 1 | Infrastructure setup, S3 configuration, data ingestion pipeline, SOC team training begins | S3, Lambda |
| Initial Training | Months 1-2 | Historical data analysis, baseline model training, XAI framework integration (SHAP+LIME+DiCE) | Bedrock, SageMaker, S3 |
| Production Deployment | Month 3 | Real-time analysis activation, alert system, dashboard deployment, full SOC operations | Bedrock, Lambda, S3 |
| Continuous Operation | Months 4-11 | Daily threat detection, weekly model updates, continuous XAI analysis, monthly reporting | Bedrock (primary), SageMaker, S3, Lambda |
| Transition Planning | Month 12 | Model export, on-premise infrastructure setup, final SOC team certification, sustainability handoff | SageMaker (export), minimal AWS |
This proposal presents a compelling use case for AWS credits to establish a MINI SOC that protects critical academic infrastructure. The Computer System Department at Universitas Tanjungpura is committed to leveraging AWS cloud services to build modern, intelligent, and sustainable security capabilities.
By combining AWS Bedrock's continuous threat analysis with a comprehensive multi-method XAI framework (SHAP+LIME+DiCE), we will implement a transparent AI system that security teams can understand, validate, and trust. This explainable AI approach is essential for academic institutions where accountability and understanding matter as much as detection accuracy.
The 12-month grant period with a budget of $20,000 will allow us to:
We are committed to maximizing the impact of AWS credits through rigorous implementation, continuous monitoring, and knowledge sharing. Our findings and methodologies will be published to benefit other institutions facing similar security challenges, particularly in establishing cost-effective MINI SOCs for academic environments.
| Organization | Universitas Tanjungpura |
| Faculty | Mathematics and Natural Science |
| Department | Computer System Department |
| Project | MINI SOC with AWS |
| System URL | jurnal.untan.ac.id |
| Location | Pontianak, West Kalimantan, Indonesia |
| Principal Investigator | [Tedy Rismawan] |
| Technical Lead | [Imam Adhita Virya] |
| [imamav@untan.ac.id] | |
| Phone | [+62 813 52550 551] |
--- End of Proposal ---
Proposal: AWS Credits Grant Application - MINI SOC with AWS
Organization: Universitas Tanjungpura, Computer System Department
Date: December 1, 2025
Budget Request: $20,000 USD (12 months)
This HTML proposal includes high-resolution SVG diagrams for optimal display and printing.