ANALYSIS OF SECURITY EVENTS PROPERTIES FOR DETECTION OF INFORMATION OBJECTS AND THEIR TYPES IN UNCERTAIN INFRASTRUCTURES
Annotation
The field of event correlation for systems of security information and event management systems is investigated. The purpose of the research is to determine the types of information objects by analyzing the security event log of the infrastructure under study. A correlation approach based on definition of relationships between equivalent events properties by their mutual utilizing is proposed. The study of revealed relationships results in definition of the analyzed infrastructure in the form of types of high-level objects. Results of an experiment on the structural analysis of the Windows security events log are presented. The cases of unstable work of the proposed approach and their possible causes are described. The evaluation and interpretation of the obtained results testifying to the possibility of application of the presented approach in practice are given
Keywords
Постоянный URL
Articles in current issue
- MATHEMATICAL AND SOFTWARE FOR SYNTHESIS OF TECHNOLOGIES AND SCHEDULES OF CYBER-PHYSICAL SYSTEMS
- MODELS AND PROGRAM COMPLEX FOR SOLVING PLANNING PROBLEMS OF MEASURING AND COMPUTING OPERATIONS IN CYBER-PHYSICAL SYSTEMS
- THE PROBLEM OF KNOWLEDGE RETRIEVING WITH THE USE OF PRECEDENT-BASED REASONING
- INTELLECTUAL COMPLEX FOR AUTOMATED DESIGN OF INFORMATION AND ANALYTICAL SYSTEMS SUPPORT OF COMPLEX OBJECTS LIFE CYCLE
- MODEL-ORIENTED APPROACH TO DESIGNING USER INTERFACES FOR INTELLIGENT SYSTEMS
- CLASSIFICATION OF IMAGE SEGMENTATION ALGORITHMS
- SOFTWARE TOOLS FOR COMPLEX MODELING IN MONITORING AND FORECASTING OF EMERGENCIES USING THE EARTH REMOTE SENSING DATA
- ANALYSIS OF SECURITY EVENTS PROPERTIES FOR DETECTION OF INFORMATION OBJECTS AND THEIR TYPES IN UNCERTAIN INFRASTRUCTURES
- COMBINING HADOOP AND SNORT TECHNOLOGIES FOR DETECTION OF NETWORK ATTACKS