METHOD OF FORMING ASSOCIATIVE RULES FROM THE SIEM DATABASE BASED ON FUZZY SET THEORY AND LINGUISTIC TERMS
DOI:
https://doi.org/10.28925/2663-4023.2023.19.2033Keywords:
cyber protection; cyber incident; SIEM; theory of fuzzy sets; data mining; associative rules.Abstract
The article presents a method of forming fuzzy associative rules with weighted attributes from the database (DB) of the SIEM to supplement its knowledge base (KB) in order to more effectively detect cyber incidents that occur during the operation of special information and communication systems (SICS). The problems that reduce the effectiveness of the application of existing methods for solving the problem of forming associative rules based on the analysis of information located in the database of cyber protection systems are considered. An analysis of publications devoted to methods in which attempts were made to eliminate these problems was made. The basic idea of eliminating the shortcomings inherent in known methods is formulated, which consists in finding a compromise between reducing the time of the computing algorithm that implements the method in practice and reducing information losses as a result of its operation. An improved method of finding associative rules from SIEM databases is proposed, which is based on the theory of fuzzy sets and linguistic terms. The problem of finding fuzzy associative rules with weighted attributes is formulated. The mathematical apparatus that forms the basis of the implementation of the method is given. An algorithm for finding frequent sets of elements, including the values of the signs of cyber incidents and the classes to which they belong, is proposed, which implements the first stage of the proposed method. The peculiarities of the structure of the test data sets used for training and testing of cyber protection systems were analyzed, and based on its results, a conclusion was drawn about the possibility of improving the considered algorithm. A graphic illustration of the idea of improving the algorithm for finding frequent sets of elements is given and the essence of its improvement is described. An improved algorithm for finding frequent sets of elements of the considered method is proposed and its main advantages are given.
Downloads
References
Subach, I., Mykytiuk, A., Kubrak, V. (2019). Architecture and functional model of a perspective proactive intellectual siem for cyber protection of objects of critical infrastructure. Collection "Information technology and security", 7(2), 208–215. https://doi.org/10.20535/2411 – 1031.2019.7.2.190570
Horng, S. – J., Su, M. – Y., Chen, Y. – H., Kao, T. – W., Chen, R. – J., Lai, J. – L., Perkasa, C. D. (2011). A novel intrusion detection system based on hierarchical clustering and support vector machines. Expert Systems with Applications, 38(1), 306–313. https://doi.org/10.1016/j.eswa.2010.06.066
Mbikayi, H. K. (2012). An Evolution Strategy Approach toward RuleSet Generation for Network Intrusion Detection Systems (IDS). International Journal of Soft Computing and Engineering, 2(5), 1–5.
Subach, I., Fesokha, V., Fesokha, N. (2017b). Analysis of existing solutions for preventing invasion in information and telecommunication networks. Collection "Information technology and security", 5(1), 29–41. https://doi.org/10.20535/2411 – 1031.2017.5.1.120554
Lappas, T., Pelechrinis, K. (2007). Data mining techniques for (network) intrusion detection systems. Department of Computer Science and Engineering UC Riverside, Riverside CA, (92521). https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&doi=720ec75b12f2e08c5297251e29401c337c251621
Srikant, R., Agrawal, R. (1996). Mining quantitative association rules in large relational tables. ACM SIGMOD Record, 25(2), 1–12. https://doi.org/10.1145/235968.233311
Gyenesei, A. (2001). A fuzzy approach for mining quantitative association rules. Acta Cybernetica, 15(2), 305–320.
Subach, I. Y., Zdorenko, Y. M., Fesiokha, V. V. (2018). The method of detecting the JS (HTML)/Scrinject type on the basis of the stop of mathematical aparat theory of non-thematic multiplications. Zbirnik naukovikh prats [Viiskogo institutu telecommunications and informatizatsii], (4), 125 – 131. [9] Gyenesei, A. (2000). Fuzzy partitioning of quantitative attribute domains by a cluster goodness index. Turku Centre for Computer Science.
Gyenesei, A. (2000). Mining weighted association rules for fuzzy quantitative items. In Principles of Data Mining and Knowledge Discovery: 4th European Conference, PKDD 2000 Lyon, France, September 13–16, 2000 Proceedings 4 (pp. 416 – 423). Springer Berlin Heidelberg.
Subach, I. Y. (2005). Finding fuzzy associative rules in the relational databases of a telecommunications company. Communications, (3), 54–57.
Gerasimov, B., Subach, I. (2005). In addition to the best social rules on the basis of information in the databases of data information systems. National Technical University "Podillya", (4), 266–270.
Au, W. H., Chan, K. C. (1998, May). An effective algorithm for discovering fuzzy rules in relational databases. In 1998 IEEE International Conference on Fuzzy Systems Proceedings. IEEE World Congress on Computational Intelligence (Cat. No. 98CH36228) (Vol. 2, pp. 1314 – 1319). IEEE.
Chan, K. C., Au, W. H. (2001). Mining fuzzy association rules in a database containing relational and transactional data. Data mining and computational intelligence, 95 – 114.
Newman, D. (1999). KDD Cup'99 Data Sets. Retrieved February, 7, 2010.
