Lexical method for solving a multicriteria problem of selecting a SIEM for building a situational center for cybersecurity
DOI:
https://doi.org/10.20535/2411-1031.2023.11.1.283535Keywords:
cybersecurity, cyber defense, SIEM, situation center, decision support system, lexical method, fuzzy set theoryAbstract
The author considers the creation of a Cybersecurity Situation Center (CSC), its tasks and composition, and also provides the main technological tools that should be included in an effective CSC. Particular attention is paid to the information security incident management system (SIEM), which is key to the CSC, and its purpose and main tasks that it should solve are considered. The authors analyzes the peculiarities of solving the problem of rational selection of a SIEM. The groups of indicators characterizing the degree of fulfillment of the requirements for a SIEM are allocated and their examples are given. The use of fuzzy set theory for processing expert information on qualitative indicators characterizing a SIEM is proposed. The features related to making a rational decision on the choice of a SIEM are analyzed. Groups of indicators that can help in assessing the degree of compliance of a SIEM with the requirements are allocated, and examples of these indicators are given. In order to process expert information on the qualitative indicators of a SIEM, the use of fuzzy set theory is proposed. A formal statement of the problem of selecting a SIEM is presented and the main stages of its solution are proposed, including the preparation of initial data, the choice of a method for solving the multi-criteria problem of rational selection of a SIEM and the development of an algorithm. It is proposed to use the method of normalization of quantitative indicators of a SIEM and the method of pairwise comparisons based on rank estimates to process its qualitative indicators. The use of the Saaty scale with 9 point values to obtain membership functions for the qualitative characteristics of a SIEM based on expert evaluation is considered. An algorithm for constructing membership functions of SIEM characteristics for each fuzzy term is developed. Methods for solving multi-criteria problems are described and the use of the lexical method is proposed to solve the problem of rational selection of a SIEM in the course of building a Cybersecurity Situation Center. An algorithm for its implementation has been created and implemented, and to demonstrate its effectiveness, an example of its use for the rational selection of a SIEM is given. In addition, recommendations for the practical use of the obtained results are given.
References
I. Subach, D. Mogylevich, A. Mykytiuk, V. Kubrak, and S. Korotaev, “Design methodology of cybersecurity situational center”, CEUR Workshop Proceedings, vol. 2859, pp. 210-219, 2021, [Online]. Available: http://ceur-ws.org/Vol-3187/paper8.pdf. Accessed on: Apr. 04, 2023.
Was ist ein Security Operations Center (SOC)?, 2017. [Online]. Available: https://www.security-insider.de/was-ist-ein-security-operations-center-soc-a-617980/, Accessed on: Apr. 05, 2023.
I. Subach, A. Mykytiuk, and V. Kubrak, “Architecture and functional model of a perspective proactive intellectual SIEM for cyber protection of objects of critical infrastructure”, Information Technology and Security, vol. 7., iIss. 2., pp. 208-215, 2019, doi: https://doi.org/10.20535/2411-1031.2019.7.2.190570.
Methodology for a Sectoral Cybersecurity Assessment, 2021. [Online]. Available: https://www.enisa.europa.eu/publications/methodology-for-a-sectoralcybersecurity-assessment. Accessed on: Mar. 11, 2023.
What is security incident and event management (SIEM)?, 2020. [Online]. Available: https://blog.eccouncil.org/what-is-security-incident-and-event-management-siem. Accessed on: Feb. 17, 2023.
P. Kirvan, How to select a security analytics platform, plus vendor options, 2023. [Online]. Available: https://www.techtarget.com/searchsecurity/tip/How-to-select-a-security-analytics-platform-plus-vendor-options. Accessed on: Jan. 12, 2023.
Gartner Magic Quadrant, [Online]. Available: https://www.gartner.com/en/research/methodologies/magic-quadrants-research. Accessed on: Apr 04, 2023.
B. Canner, Comparing the Top SIEM Vendors, 2018. [Online]. Available: https://solutionsreview.com/security-information-event-management/comparing-the-top-siem-vendors-solutions-review. Accessed on: Apr. 04, 2023.
B. J. Oltsik, SOAPA: Unifying SIEM and SOAR with IBM security QRadar and IBM security resilient, 2020. [Online]. Available: https://www.ibm.com/security/digital-assets/resilient/unifying-siem-and-soar-with-soapa. Accessed on: May 04, 2023.
M. Vielberth, and G. Pernul, “A Security Information and Event Management Pattern”, in Proc. 12th Latin American conference on pattern languages of programs (SugarLoafPLoP 2018), Brazil, 2018, p. 27.
K. Agrawal, and H. Makwana, “A Study on Critical Capabilities for Security Information and Event Management”, International journal of science and research (IJSR), vol. 4, iss. 7, pp. 1893-1896, 2015.
H. Karlzén, “An analysis of security information and event management systems”, 2009. [Online]. Available: http://publications.lib.chalmers.se/records/fulltext/89572.pdf. Accessed on: Jan. 23, 2023.
SIEM product comparison, 2019. [Online]. Available: https://comminity.softwaregrp.com/dcvta86296. Accessed on: May 20, 2023.
SIEM competitive comparision, 2019 [Online]. Available: https://www.securonix.com/products/competitive-comparison. Accessed on: Apr. 04, 2023.
B. Gerasimov, and I. Subach, “Quality indicators of information support and it impact on the effectiveness of decision support systems”, Bulletin of Taras Shevchenko Kyiv National university of Ukraine, no. 20, pp. 27-29, 2008.
I. Subach, V. Riabtsev, and A. Golub, “Effectiveness indicators model of the informational and analytical support system of the decision making”, Proceedings of the military institute of telecommunications and informatization, vol. 1, pp. 27-37, 2005.
I. Subach, and V. Fesokha, “Anomalies detection model at the information and telecommunication networks of command and control stuffs based on fuzzy sets and fuzzy logic output”, Collection of scientific works of MITI, no. 3. pp.158-164, 2017.
V. Fesokha, I. Subach, V. Kubrak, A. Mykytiuk, and S. Korotaiev, “Zero-day polymorphic cyberattacks detection using fuzzy inference system”, Austrian journal of technical and natural sciences: scientific journal, no. 5-6. pp. 8-13, 2020, doi: https://doi.org/10.29013/AJT-20-5.6-8-13.
A. P. Rotshtein, Intellectual Technologies of Identification: Fuzzy Logic, Genetic Algorithms Neuron Networks. Vinnitsa, Ukraine: UNIVERSUM, 1999.
A. Piegat, Fuzzy modeling and control, Heidelberg, Germany: Springer, 2001.
N. D. Pankratova, and N. I. Nedashkivska, Method and models of hierarchy analysis. Theory. Application: textbook, Kyiv, Ukraine: NTUU “KPI”, 2010.
H. M. Hnatiienko, and V. Ye. Snytiuk, Decision making expert technologies, Kyiv, Ukraune: McLaut, 2008.
R. E. Steuer, Multiple criteria optimization: theory, computations, and application, New York, USA: John Wiley & Sons Inc., 1986.
Y. Sawaragi, Theory of multiobjective optimization. mathematics in science and engineering, vol. 176, Orlando, USA: Academic Press Inc., 1985.
J. Branke, D. Kalyanmoy, K. Miettinen, and R. Slowinski, “Multiobjective optimization: interactive and evolutionary approaches”, in Lecture notes in computer science, Berlin, Heidelberg, Germany: Springer, 2008, pp. 27-57.
I. Subach, V. Kubrak, and A. Mykytiuk, “Methodology of rational choice of security incident management system for building operational security center”, CEUR Workshop Proceedings, vol. 2577, pp. 11-20, 2019, [Online]. Available: http://ceur-ws.org/Vol-2577/paper2.pdf. Accessed on: Feb. 21, 2023.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 Collection "Information Technology and Security"
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors that are published in this collection, agree to the following terms:
- The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
- The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
- Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).
