Method for rules forming of incidents extrapolation for network-centric information and telecommunication systems monitoring

Petro Pavlenko, Mykola Vinohradov, Serhii Hnatiuk, Andrii Hizun, Viktor Hnatiuk

Abstract


Security incidents and effective response have become an important component of information and telecommunication standards and guidances. Because performing incident response effectively is a complex undertaking, establishing a successful incident response capability requires substantial planning and resources. Incidents can disrupt regular mode of information and telecommunication systems functioning and cause substantial material and image losses for the company. The main task of incident management is consequense impact containment, quick response and backslide prevention. One of the modern approaches in incident management is usage of network-centric (continuously-evolving, complex community of people, devices, information and services interconnected by a communications network to achieve optimal benefit of resources and better synchronization of events and their consequences) management theory for incidents monitoring. Known method of network-centric incident management provides some advantages in influence forecasting, criticality evaluation and prioritizing. This method combines a set of stages but stage of forming basic rules set is not formalized. In this regard, in this work developed method for forming rule set of incidents extrapolation for network-centric information and telecommunication systems monitoring, which by determining possible types of cyberattacks and incidents categories, forming vector-matrix of incidents probability, incidents ranging by their importance and determining limit values of probability, forming incidents possibility indicators, and also development and establishment of incidents extrapolation rules, allows to automate and increase accuracy operation of network-centric systems for information and telecommunication systems monitoring.


Keywords


Incident, network-centriс monitoring, information security, cyberattack, information and telecommunication system.

References


V.O. Hnatiuk, “Analysis of «incident» definitions and its interpretation in cyberspace”, Bezpeka ìnformacìì, vol. 19, iss. 3. pp. 175-180, 2013.

doi: 10.18372/2225-5036.19.5620.

S. Hnatiuk, V. Hnatiuk, V. Kononovich, and I. Kononovich, “Transformation of Information and Social-Psychological Security Paradigms (Part 1)”, Informatics and Mathematical Methods in Simulation. vol. 6, iss. 3, pp. 227-239, 2016.

International Organization for Standardization. (2011, Aug. 17). ISO/IEC 27035, Information technology. Security techniques. Information security incident management. [Online]. Available: https://www.iso.org/standard/44379.html. Accessed on: Aug., 28, 2016.

S.O. Hnatiuk, Yu.Ye. Khokhlachova, A.O. Okhrimenko, and A.K. Hrebenkova, “The theoretical basis of construction and operation of information security incident management systems”, Zahist ìnformacìï, vol. 14, iss. 1, pp. 121-126, 2012.

doi: 10.18372/2410-7840.14.2073.

A. Hizun, V. Hnatyuk, N. Balyk, and P. Falat, “Approaches to Improve the Activity of Computer Incident Response Teams”, in Proc. 8th International conference. Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS’2015), Warsaw, Poland, September 2015, vol. 1, pp. 442-447.

doi: 10.1109/IDAACS.2015.7340775.

O.H. Korchenko, V.O. Hnatiuk, Ye.V. Ivanchenko, S.O. Hnatiuk, and N.A. Sieilova, “Method for cyberincidents network-centric monitoring in modern information & communication systems”, Zahist ìnformacìï, vol. 18, iss. 3, pp. 229-247, 2016.

doi: 10.18372/2410-7840.18.10852.

A.I. Hizun, V.O. Hnatiuk, and O.M. Suprun, “Formalized model of construction heuristic rules to identify incidents”, Journal of Engineering Academy of Ukraine, no. 1, pp. 110-115, 2015.

A.O. Korchenko, A.I. Hizun, V.V. Volianska, and O.V. Havrylenko, “Heuristic rules based on logical & linguistic connection to detect and identify information security intruders”, Zahist ìnformacìï, vol. 15, iss. 3, pp. 251-257, 2013.

doi: 10.18372/2410-7840.15.4862.

KDD CUP99 [Online]. Available: https://kdd.ics.uci.edu/databases/kddcup99/task.html. Accessed on: Aug., 28, 2016.

A.H. Korchenko, Construction of information security systems on fuzzy sets. Theory and practical solutions. Kyiv, Ukraine: MK-Press, 2006.

V.A. Olutayo, and A.A. Eludire, “Traffic Accident Analysis Using Decision Trees and Neural Networks”, International Journal of Information Technology and Computer Science (IJITCS), vol. 6, № 2, pp. 22-28, 2014.

doi: 10.5815/ijitcs.2014.02.03.

A.O. Korchenko, V.A. Kozachok, and A.I. Hizun, “Method of criticality level assessment for crisis management systems”, Zahist ìnformacìï, vol. 17, iss. 1, pp. 86-98, 2015.

doi: 10.18372/2410-7840.17.8349.

K.K. Sindhu, B.B. Meshram, “Digital Forensic Investigation Tools and Procedures”, International Journal of Computer Network and Information Security (IJCNIS), vol. 4, № 4, pp. 39-48, 2012.

doi: 10.5815/ijcnis.2012.04.05.




ISSN 2411-1031 (Print), ISSN 2518-1033 (Online)