Architecture and functional model of a perspective proactive intellectual SIEM for cyber protection of objects of critical infrastructure

Authors

  • Ihor Subach Institute of special communications and information security National technical university of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv,, Ukraine https://orcid.org/0000-0002-9344-713X
  • Artem Mykytiuk Institute of special communications and information security National technical university of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv,, Ukraine https://orcid.org/0000-0002-8307-9978
  • Volodymyr Kubrak Institute of special communications and information security National technical university of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv,, Ukraine https://orcid.org/0000-0001-8877-5289

DOI:

https://doi.org/10.20535/2411-1031.2019.7.2.190570

Keywords:

Cyber protection, critical infrastructure, SIEM, making decisions.

Abstract

The article deals with the current, nowadays, issues of cyber defense of critical infrastructure, which are becoming increasingly important.  Based on the analysis, it is concluded that the basis of building an effective cyber defense system is the use of information management and security event management (SIEM).  The use of systems of this type allows not only to detect cyber security incidents, but also to predict them based on the accumulated data in the system.  The proposed new architecture for a promising proactive smart SIEM, which, in addition to the traditional levels of data collection, management and analysis, includes the fourth level - the level of decision making and implementation.  The implementation of the proposed architecture is possible through the development and application of new methods of normalization, filtering, classification, aggregation, correlation, prioritization and analysis of events and cyber security incidents, their consequences, generation of various reports, messages and visual presentation of data for operational and substantiated adoption  based on data mining technologies, machine learning, Big Data processing and artificial intelligence.  A new functional model of a promising intelligent SIEM is proposed, which includes: subsystem of collection and primary processing of data from heterogeneous sources; data management subsystem; the data analysis subsystem and the decision and implementation subsystem.  The implementation of the model allows to minimize human participation in solving the problem of responding to cyber incidents, thereby increasing the efficiency and validity of the decisions it makes. The application of the proposed new architecture of a proactive intellectual SIEM and its functional model, allows to take a new step in the evolution of type towards increasing the efficiency of their use in cyber defense systems of critical infrastructure.

Author Biographies

Ihor Subach, Institute of special communications and information security National technical university of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv,

doctor of technical science, associate professor, head of department

Artem Mykytiuk, Institute of special communications and information security National technical university of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv,

postgraduate student

Volodymyr Kubrak, Institute of special communications and information security National technical university of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv,

postgraduate student

References

Verkhovna Rada Information. 7th session. (2017, Okt. 5), Law of Ukraine № 2163-VIII, On the Fundamental Principles of Cyber Security of Ukraine. [Online]. Available: https://zakon.rada.gov.ua/laws/show/2163-19. Accessed on: Sept. 10, 2019.

Cabinet of Ministers of Ukraine. (2019, June 19). Resolution of the Cabinet of Ministers of Ukraine № 518, General requirements for cyber defense of critical infrastructure: official publication. [Online]. Available: https://zakon.rada.gov.ua/laws/show/518-2019-%D0%BF. Accessed on: Sept. 10, 2019.

I.V. Kotenko, V.V. Voroncov, A.A. Chechulin, and A.V. Ulanov, “Proactive security mechanisms against network worms: approach, implementation and results of the experiments”, Information Technology, no. 1, pp. 37–42.

I. Kotenko, I. Saenko, O. Polubelova, and A. Chechulin, “Application of security information and event management technology for information security in critical infrastructures”, SPIIRAS Proceeding, iss. 1 (20), pp. 27–56.

M. Stevens, “Security Information and Event Management (SIEM). Presentation, in Proc. The NEbraska, CERT Conference. [Online]. Available: http://www.certconf.org/presentations/ 2005/files/WC4.pdf. Accessed on: Sept. 09, 2019.

I. Subach, V. Fesokha, and N. Fesokha, “An analysis of existing decisions to prevent intrusion in information and telecommunication networks open on the basis of public licenses”, Information Technology and Security, vol. 5, iss. 1, pp. 29–41, 2017.

R. Shanmugavadivu, and N. Nagarajan, “Network intrusion detection system using fuzzy logic”, Indian Journal of Computer Science and Engineering (IJCSE), vol. 2, №1, pp. 101 – 111, 2011.

K. Kavanagh, T. Bussa, and G. Sadowski, “Magic Quadrant for Security Information and Event Management”. [Online]. Available: https://virtualizationandstorage.files.wordpress.com/ 2018/03/magic-quadrant-for-security-information-and-event-3-dec-2018.pdf. Accessed on: Sept. 17, 2019.

I. Subach, and B. Gerasimov, “Quality indicators of information support and their impact on the effectiveness of decision support systems”, Bulletin of Taras Shevchenko National University of Kiev, no. 20, pp. 27–29, 2008.

I. Subach, B. Gerasimov, E. Nikiforov, “Models of knowledge delivery for use in decision support systems”, Scientific and technical information, №1, pp. 7–11, 2005.

How to Cite

Subach, I., Mykytiuk, A., & Kubrak, V. (2019). Architecture and functional model of a perspective proactive intellectual SIEM for cyber protection of objects of critical infrastructure. Collection "Information Technology and Security", 7(2), 208–215. https://doi.org/10.20535/2411-1031.2019.7.2.190570

Issue

Section

CYBERSECURITY AND CRITICAL INFRASTRUCTURE PROTECTION