Rule-oriented method of cyber incidents detection by SIEM based on fuzzy logical inference
| Autor: | Subach, Igor, Kubrak, Volodymyr, Mykytiuk, Artem, Korotayev, Stanislav |
|---|---|
| Rok vydání: | 2020 |
| Předmět: | |
| Zdroj: | Scopus-Elsevier |
| DOI: | 10.5281/zenodo.7123656 |
| Popis: | We consider the role of SIEM in the protection circuit of information and telecommunication system for proactive cyber incident management. We provide the main mechanisms of the process of correlation of events on the detection of cyber-attacks, malicious activity, and violations of security policy. We analyze identification methods of signs of deletion, integration, and connection of the processed information, as well as the establishment of its reasons and priorities. We outline the main disadvantages of the rule-oriented method. We propose the implementation of the model and method of cyber incident recognition under incompleteness or inaccuracy of information about the incidents based on the application of fuzzy set theory and fuzzy inference. We present the formal statement of the problem of cyber incident detection by the SIEM and propose its solution. The problem of incident identification is solved by finding a mapping between the set of signs of cyber incidents and the set of their possible classes. Graphical interpretation of the problem of cyber incident identification is presented and the main difficulties that arise during its solution are formulated. Emphasis is placed on the expediency of creating a subsystem of intelligent decision support in the SIEM, which should be based on the model of cyber incident identification based on fuzzy rules and fuzzy inference, where the causal relationship between a cyber incident and its features are described by an expert in natural language, and then formalized as a set of fuzzy logical rules. An algorithm for deciding on cyber incident identification is proposed. The data on the practical effectiveness of the proposed method is presented. {"references":["Information Technologies and Security : Selected Papers of the XX International Scientific and Practical Conference \"Information Technologies and Security\" (ITS 2020) (Kyiv, Ukraine, December 10, 2020.): 2859. Aachen, Germany : CEUR Workshop Proceedings pp. 210–219."]} |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|