Abstract
The article presents a method of forming fuzzy associative rules with weighted attributes from the database (DB) of the SIEM to supplement its knowledge base (KB) in order to more effectively detect cyber incidents that occur during the operation of special information and communication systems (SICS). The problems that reduce the effectiveness of the application of existing methods for solving the problem of forming associative rules based on the analysis of information located in the database of cyber protection systems are considered. An analysis of publications devoted to methods in which attempts were made to eliminate these problems was made. The basic idea of eliminating the shortcomings inherent in known methods is formulated, which consists in finding a compromise between reducing the time of the computing algorithm that implements the method in practice and reducing information losses as a result of its operation. An improved method of finding associative rules from SIEM databases is proposed, which is based on the theory of fuzzy sets and linguistic terms. The problem of finding fuzzy associative rules with weighted attributes is formulated. The mathematical apparatus that forms the basis of the implementation of the method is given. An algorithm for finding frequent sets of elements, including the values of the signs of cyber incidents and the classes to which they belong, is proposed, which implements the first stage of the proposed method. The peculiarities of the structure of the test data sets used for training and testing of cyber protection systems were analyzed, and based on its results, a conclusion was drawn about the possibility of improving the considered algorithm. A graphic illustration of the idea of improving the algorithm for finding frequent sets of elements is given and the essence of its improvement is described. An improved algorithm for finding frequent sets of elements of the considered method is proposed and its main advantages are given.
Publisher
Borys Grinchenko Kyiv University
Reference14 articles.
1. Subach, I., Mykytiuk, A., Kubrak, V. (2019). Architecture and functional model of a perspective proactive intellectual siem for cyber protection of objects of critical infrastructure. Collection "Information technology and security", 7(2), 208-215. https://doi.org/10.20535/2411 - 1031.2019.7.2.190570
2. Horng, S. - J., Su, M. - Y., Chen, Y. - H., Kao, T. - W., Chen, R. - J., Lai, J. - L., Perkasa, C. D. (2011). A novel intrusion detection system based on hierarchical clustering and support vector machines. Expert Systems with Applications, 38(1), 306-313. https://doi.org/10.1016/j.eswa.2010.06.066
3. Mbikayi, H. K. (2012). An Evolution Strategy Approach toward RuleSet Generation for Network Intrusion Detection Systems (IDS). International Journal of Soft Computing and Engineering, 2(5), 1-5.
4. Subach, I., Fesokha, V., Fesokha, N. (2017b). Analysis of existing solutions for preventing invasion in information and telecommunication networks. Collection "Information technology and security", 5(1), 29-41. https://doi.org/10.20535/2411 - 1031.2017.5.1.120554
5. Lappas, T., Pelechrinis, K. (2007). Data mining techniques for (network) intrusion detection systems. Department of Computer Science and Engineering UC Riverside, Riverside CA, (92521). https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&doi=720ec75b12f2e08c5297251e29401c337c251621
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献