Abstract
Modern information infrastructure consists of a large number of systems and components that require constant monitoring and control. To identify, analyze and eliminate possible cyber threats, it is recommended to use a single common solution - the so-called SIEM systems. SIEM technology collects event log data, detects unusual activity through real-time analysis, identifies threats, generates alerts, and suggests appropriate action scenarios. Today, the number and quality of SIEM systems has grown significantly, and the latest technologies of artificial intelligence, the Internet of Things, and cloud technologies are used to ensure fast and effective detection of threats. Thus, the work carried out a study of modern SIEM systems, their functionality, basic principles of operation, as well as a comparative analysis of their capabilities and differences, advantages and disadvantages of use. In addition, a universal system of event correlation and management of cyber security incidents at critical infrastructure facilities was developed and experimentally investigated. Models of the operation of the hybrid security data storage have been developed, which allow the indexing service to access external data storages, to perform scaling when the volume of data increases, to ensure high search speed, etc. Models, methods and algorithms for the operation of a distributed data bus have been developed, which allow for high speed processing of large flows of information, minimal delays in data processing, high resistance to failures, flexibility and expandability of storage. The proposed system is designed to solve a number of current cyber security problems and meets the main requirements of international standards and best global practices regarding the creation of cyber incident management systems.
Publisher
Borys Grinchenko Kyiv University
Reference19 articles.
1. Buriachok, V., Sokolov, V., Skladannyi, P. (2019). Security rating metrics for distributed wireless systems. In Workshop of the 8th International Conference on "Mathematics. Information Technologies. Education": Modern Machine Learning Technologies and Data Science (p. 222-233).
2. Kipchuk, F., Sokolov, V., Buriachok, V., Kuzmenko, L. (2019). Investigation of Availability of Wireless Access Points based on Embedded Systems. In 2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T). IEEE. https://doi.org/10.1109/picst47496.2019.9061551.
3. Bogachuk, I., Sokolov, V., Buriachok, V. (2018). Monitoring Subsystem for Wireless Systems Based on Miniature Spectrum Analyzers. У 2018 International Scientific-Practical Conference Problems of Infocommunications. Science and Technology (PIC S&T). IEEE. https://doi.org/10.1109/infocommst.2018.8632151.
4. Gnatyuk, S., Berdibayev, R., Fesenko, A., Kyryliuk, O., Bessalov, A. (2021). Modern SIEM Analysis and Critical Requirements Definition in the Context of Information Warfare. In Proceedings of the Cybersecurity Providing in Information and Telecommunication Systems (с. 149-166).
5. Berdibayev, R., Gnatyuk, S., Tynymbayev, S., Sydorenko, V. (2022). Advanced Technologies of Cyber Incident Management in Critical Infrastructure: Monograph. "Pro Format" Publishing House.
Cited by
3 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Fuzzy models for cyber incident detection in military information and communication systems databases;Communication, informatization and cybersecurity systems and technologies;2024-06-01
2. Novel Cyber Incident Management System for 5G-based Critical Infrastructures;2023 IEEE 12th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS);2023-09-07
3. RESEARCH OF DEVELOPMENT AND INNOVATION OF CYBER PROTECTION AT CRITICAL INFRASTRUCTURE FACILITIES;Cybersecurity: Education, Science, Technique;2023