Architecture and functional model of a perspective proactive intellectual SIEM for cyber protection of objects of critical infrastructure
Keywords:Cyber protection, critical infrastructure, SIEM, making decisions.
AbstractThe article deals with the current, nowadays, issues of cyber defense of critical infrastructure, which are becoming increasingly important. Based on the analysis, it is concluded that the basis of building an effective cyber defense system is the use of information management and security event management (SIEM). The use of systems of this type allows not only to detect cyber security incidents, but also to predict them based on the accumulated data in the system. The proposed new architecture for a promising proactive smart SIEM, which, in addition to the traditional levels of data collection, management and analysis, includes the fourth level - the level of decision making and implementation. The implementation of the proposed architecture is possible through the development and application of new methods of normalization, filtering, classification, aggregation, correlation, prioritization and analysis of events and cyber security incidents, their consequences, generation of various reports, messages and visual presentation of data for operational and substantiated adoption based on data mining technologies, machine learning, Big Data processing and artificial intelligence. A new functional model of a promising intelligent SIEM is proposed, which includes: subsystem of collection and primary processing of data from heterogeneous sources; data management subsystem; the data analysis subsystem and the decision and implementation subsystem. The implementation of the model allows to minimize human participation in solving the problem of responding to cyber incidents, thereby increasing the efficiency and validity of the decisions it makes. The application of the proposed new architecture of a proactive intellectual SIEM and its functional model, allows to take a new step in the evolution of type towards increasing the efficiency of their use in cyber defense systems of critical infrastructure.
Verkhovna Rada Information. 7th session. (2017, Okt. 5), Law of Ukraine № 2163-VIII, On the Fundamental Principles of Cyber Security of Ukraine. [Online]. Available: https://zakon.rada.gov.ua/laws/show/2163-19. Accessed on: Sept. 10, 2019.
Cabinet of Ministers of Ukraine. (2019, June 19). Resolution of the Cabinet of Ministers of Ukraine № 518, General requirements for cyber defense of critical infrastructure: official publication. [Online]. Available: https://zakon.rada.gov.ua/laws/show/518-2019-%D0%BF. Accessed on: Sept. 10, 2019.
I.V. Kotenko, V.V. Voroncov, A.A. Chechulin, and A.V. Ulanov, “Proactive security mechanisms against network worms: approach, implementation and results of the experiments”, Information Technology, no. 1, pp. 37–42.
I. Kotenko, I. Saenko, O. Polubelova, and A. Chechulin, “Application of security information and event management technology for information security in critical infrastructures”, SPIIRAS Proceeding, iss. 1 (20), pp. 27–56.
M. Stevens, “Security Information and Event Management (SIEM). Presentation, in Proc. The NEbraska, CERT Conference. [Online]. Available: http://www.certconf.org/presentations/ 2005/files/WC4.pdf. Accessed on: Sept. 09, 2019.
I. Subach, V. Fesokha, and N. Fesokha, “An analysis of existing decisions to prevent intrusion in information and telecommunication networks open on the basis of public licenses”, Information Technology and Security, vol. 5, iss. 1, pp. 29–41, 2017.
R. Shanmugavadivu, and N. Nagarajan, “Network intrusion detection system using fuzzy logic”, Indian Journal of Computer Science and Engineering (IJCSE), vol. 2, №1, pp. 101 – 111, 2011.
K. Kavanagh, T. Bussa, and G. Sadowski, “Magic Quadrant for Security Information and Event Management”. [Online]. Available: https://virtualizationandstorage.files.wordpress.com/ 2018/03/magic-quadrant-for-security-information-and-event-3-dec-2018.pdf. Accessed on: Sept. 17, 2019.
I. Subach, and B. Gerasimov, “Quality indicators of information support and their impact on the effectiveness of decision support systems”, Bulletin of Taras Shevchenko National University of Kiev, no. 20, pp. 27–29, 2008.
I. Subach, B. Gerasimov, E. Nikiforov, “Models of knowledge delivery for use in decision support systems”, Scientific and technical information, №1, pp. 7–11, 2005.
How to Cite
Copyright (c) 2020 Collection "Information technology and security"
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors that are published in this collection, agree to the following terms:
- The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
- The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
- Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).