INTELLIGENT SYSTEM OF INFORMATION SECURITY INCIDENT ANALYSIS (BASED ON THE METHODOLOGY OF SIEMSYSTEMS USING IMMUNOCOMPUTING MECHANISMS)

The article is devoted to the problem of information security incidents intelligent analysis using the security information and event management system methodology. The essence of such systems, and its ability to interact with the methods of artificial intelligence were analyzed. The developed distributed information security incident analysis system was described, which synthesized the mechanisms of the artificial immune system and the correlation analysis of data to identify known and unknown anomalies, analyze their criticality and determine priorities in response. The modules interaction diagram of the developed system and the mathematical component of the applied method for correlation analysis of data were presented. A series of computational experiments was conducted, which showed a high level of system efficiency in detecting anomalies and the possibility of additional training of each other by client modules, as well as the successful implementation of correlation analysis of data from clients in a given time interval, highlighting the most significant incidents for last analyzed interval, as well as for all the time, both in the complex and for each group of incidents. A graphical display of statistical data by the server allows you to visually assess the criticality of certain incidents and to determine priorities in responding to them.

1. Demidov A. A. Problemy kontrolya bezopasnosti informacii na ob’ektah telekommunikacionnyh sistem organov gosudarstvennogo upravleniya [Information Security Control Problems at the Objects of Telecommunication Systems of Government Bodies], ITMO University Publ., St. Petersburg, 2015, 70 p. (in Russian).

2. GOST R 27000-2012 Information technology. Security techniques. Information security management systems. Overview and vocabulary, Moscow, Standartinform Publ, 2014, 16 p.

3. Kostrecova E., Bínova H. Security Information and Event Management, PARIPEX – Indian Journal of Research, 2015,vol 4, no. 2, pp. 119-120.

4. Goldstein M., Asanger S., Reif M., Hutchison A. Enhancing Security Event Management Systems with Unsupervised Anomaly Detection // ICPRAM. – No 3. – 2013. – pp. 530-538.

5. Shan Z., Liao B. Design and Implementation of a Network Security Management System // Cornell University Library [Electronic resource]. URL: https://arxiv.org/ftp/arxiv/papers/1609/1609.00099.pdf (accessed 20.11.2017). – p. 1-12

6. Kotenko I., Polubelova O., Chechulin A. Design and Implementation of a Hybrid Ontological-Relational Data Repository for SIEM Systems // Future Internet. – No. 5. – 2013. – pp. 355-375.

7. Shelestova O. SIEM Correlation Is Easy. Signature Methods, Securitylab, available at: http://www.securitylab.ru/analytics/431459.php (accessed: 30.03.2018).

8. Hanemann, A., Marcu, P. Algorithm Design and Application of ServiceOriented Event Correlation // ResearchGate [Electronic resource]. URL: http://www.researchgate.net/publication/221033552_Algorithm_design_and _application_of_service-oriented_event_correlation (accessed: 25.05.2018).

9. Muller, A. Event Correlation Engine // Computer Engineering and Networks Laboratory [Electronic resource]. URL: ftp://ftp.tik.ee.ethz.ch/pub/students/2009-FS/MA-2009-01.pdf (accessed 25.05.2018).

10. Shamsutdinov R. R. Development of a Subsystem for Data Analysis and Anomalies Detection Based on the Concept of an Artificial Immune System, Materialy VII Vserossijskoj zaochnoj Internet-konferencii «Problemy informacionnoj bezopasnosti» [Proceedings of the VII All-Russian Correspondence Internet Conference «Problems of Information Security»], Rostov-on-Don, 20-21 February, 2018, pp. 239-243. (in Russian).

11. Vasilyev V. I., Shamsutdinov R. R. Distributed Intrusion Detection System Based on Immune System Mechanisms, Information Technologies for Intelligent Decision-Making Support, vol. 1, Ufa, 28-31 May, 2018, pp. 237- 244. (in Russian).

12. Kotenko I., Fedorchenko A., Saenko I., Kushnerevich A. Big Data Technologies for Security Event Correlation Based on Event Type Accounting // Вопросы кибербезопасности. – № 5(24). – 2017. – С. 2-16

13. KDD Cup 1999 Data [Electronic resource]. URL: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html (accessed 05.02.2018).