СИСТЕМА КОРЕЛЮВАННЯ ПОДІЙ ТА УПРАВЛІННЯ ІНЦИДЕНТАМИ КІБЕРБЕЗПЕКИ НА ОБ’ЄКТАХ КРИТИЧНОЇ ІНФРАСТРУКТУРИ

Sergiy Gnatyuk; Rat Berdibayev; Viktoriia Sydorenko; Oksana Zhyharevych; Tetiana Smirnova

doi:10.28925/2663-4023.2023.19.176196

Authors

Sergiy Gnatyuk National Aviation University https://orcid.org/0000-0003-4992-0564
Rat Berdibayev Almaty University of Power Energy and Telecommunication https://orcid.org/0000-0002-8341-9645
Viktoriia Sydorenko National Aviation University https://orcid.org/0000-0002-5910-0837
Oksana Zhyharevych Lesya Ukrainka Volyn National University https://orcid.org/0000-0002-7154-9733
Tetiana Smirnova Central Ukrainian National Technical University https://orcid.org/0000-0001-5093-1581

DOI:

https://doi.org/10.28925/2663-4023.2023.19.176196

Keywords:

SIEM-система, кіберзагроза, кібербезпека, інцидент кібербезпеки, критична інфраструктура, об’єкти критичної інфраструктури, система корелювання подій та управління інцидентами кібербезпеки

Abstract

Modern information infrastructure consists of a large number of systems and components that require constant monitoring and control. To identify, analyze and eliminate possible cyber threats, it is recommended to use a single common solution - the so-called SIEM systems. SIEM technology collects event log data, detects unusual activity through real-time analysis, identifies threats, generates alerts, and suggests appropriate action scenarios. Today, the number and quality of SIEM systems has grown significantly, and the latest technologies of artificial intelligence, the Internet of Things, and cloud technologies are used to ensure fast and effective detection of threats. Thus, the work carried out a study of modern SIEM systems, their functionality, basic principles of operation, as well as a comparative analysis of their capabilities and differences, advantages and disadvantages of use. In addition, a universal system of event correlation and management of cyber security incidents at critical infrastructure facilities was developed and experimentally investigated. Models of the operation of the hybrid security data storage have been developed, which allow the indexing service to access external data storages, to perform scaling when the volume of data increases, to ensure high search speed, etc. Models, methods and algorithms for the operation of a distributed data bus have been developed, which allow for high speed processing of large flows of information, minimal delays in data processing, high resistance to failures, flexibility and expandability of storage. The proposed system is designed to solve a number of current cyber security problems and meets the main requirements of international standards and best global practices regarding the creation of cyber incident management systems.

Downloads

Download data is not yet available.

References

Buriachok, V., Sokolov, V., Skladannyi, P. (2019). Security rating metrics for distributed wireless systems. In Workshop of the 8th International Conference on "Mathematics. Information Technologies. Education": Modern Machine Learning Technologies and Data Science (p. 222–233).

Kipchuk, F., Sokolov, V., Buriachok, V., Kuzmenko, L. (2019). Investigation of Availability of Wireless Access Points based on Embedded Systems. In 2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T). IEEE. https://doi.org/10.1109/picst47496.2019.9061551.

Bogachuk, I., Sokolov, V., Buriachok, V. (2018). Monitoring Subsystem for Wireless Systems Based on Miniature Spectrum Analyzers. У 2018 International Scientific-Practical Conference Problems of Infocommunications. Science and Technology (PIC S&T). IEEE. https://doi.org/10.1109/infocommst.2018.8632151.

Gnatyuk, S., Berdibayev, R., Fesenko, A., Kyryliuk, O., Bessalov, A. (2021). Modern SIEM Analysis and Critical Requirements Definition in the Context of Information Warfare. In Proceedings of the Cybersecurity Providing in Information and Telecommunication Systems (с. 149–166).

Berdibayev, R., Gnatyuk, S., Tynymbayev, S., Sydorenko, V. (2022). Advanced Technologies of Cyber Incident Management in Critical Infrastructure: Monograph. “Pro Format” Publishing House.

Ariel Query Language Guide, IBM QRadar 7.3.3 (2013 and 2019). https://www.ibm.com/docs/en/SS42VS_7.3.3/com.ibm.qradar.doc/b_qradar_aql.pdf.

Vielberth, M., Pernul, G. (2018). A Security Information and Event Management Pattern. In 12th Latin American Conference on Pattern Languages of Programs (SugarLoafPLoP 2018).

Karlzén, H. (2009). An Analysis of Security Information and Event Management Systems. University of Gothenburg, Göteborg. http://publications.lib.chalmers.se/records/fulltext/89572.pdf.

Agrawal, K., Makwana, H. (2015). A Study on Critical Capabilities for Security Information and Event Management. International Journal of Science and Research (IJSR), 4(7), 1893-1896.

Berdibayev, R., Gnatyuk, S., Yevchenko, Yu., Kishchenko, V. (2021). A concept of the architecture and creation for SIEM system in critical infrastructure. Studies in Systems, Decision and Control, 346, 2021, 221-242.

Gnatyuk, S., Berdibayev, R., Avkurova, Z., Verkhovets, O., Bauyrzhan, M. (2021). Studies on cloudbased cyber incidents detection and identification in critical infrastructure. CEUR Workshop Proceedings, 2923, 68-80.

Lee, J.-H., Kim, Y. S., Kim, J. H., Kim, I. K. (2017). Toward the SIEM architecture for cloud-based security services. In 2017 IEEE Conference on Communications and Network Security (CNS). IEEE. https://doi.org/10.1109/cns.2017.8228696.

Miller, D., Harris, Sh., Harper, A., VanDyke, S., Blask, C. (2010). Security Information and Event Management (SIEM) Implementation. McGraw-Hill Osborne Media.

SIEM Analytics. http://www.siem.su/compare_SIEM_systems.php.

Lee, J.-H., Kim, Y. S., Kim, J. H., Kim, I. K. (2017). Toward the SIEM architecture for cloud-based security services. In 2017 IEEE Conference on Communications and Network Security (CNS). IEEE. https://doi.org/10.1109/cns.2017.8228696

Bachane, I., Adsi, Y. I. K., Adsi, H. C. (2016). Real time monitoring of security events for forensic purposes in Cloud environments using SIEM. In 2016 Third International Conference on Systems of Collaboration (SysCo). IEEE. https://doi.org/10.1109/sysco.2016.7831327

AlSabbagh, B., Kowalski, S. (2016). A Framework and Prototype for A Socio-Technical Security Information and Event Management System (ST-SIEM). In 2016 European Intelligence and Security Informatics Conference (EISIC). IEEE. https://doi.org/10.1109/eisic.2016.049.

Serckumecka, A., Medeiros, I., Bessani, A. (2019). Low-Cost Serverless SIEM in the Cloud. У 2019 38th Symposium on Reliable Distributed Systems (SRDS). IEEE. https://doi.org/10.1109/srds47363.2019.00057.

R Mahmoud, R.-V., Kidmose, E., Turkmen, A., Pilawka, O., Pedersen, J. M. (2021). DefAtt - Architecture of Virtual Cyber Labs for Research and Education. In 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). IEEE. https://doi.org/10.1109/cybersa52016.2021.9478236.

SYSTEM FOR CYBER SECURITY EVENTS CORRELATION AND INCIDENT MANAGEMENT IN CRITICAL INFRASTRUCTURE OBJECTS

Authors

DOI:

Keywords:

Abstract

Downloads

References

Downloads

Published

How to Cite

Issue

Section

License

Most read articles by the same author(s)

index

Language

Make a Submission

counter

Information

Developed By

Current Issue