For example,Бобцов

MODEL OF COMBINED APPLICATION OF INTELLIGENT METHODS OF INFORMATION SECURITY EVENTS CORRELATION

Annotation

To solve the problem of information security event correlation, a model for the combined use of intelligent correlation methods is proposed. Intelligent security event correlation methods are able to analyze both historical data and real-time events and automatically detect changing thresholds. The proposed model contains two levels of data processing: the level of knowledge representation and the level of security event correlation. At the level of knowledge representation, structural and semantic analysis of events is carried out. At the correlation level, the similarity assessment of elements of security event vectors, a graph-oriented neural network method and data analysis using recurrent neural networks are used for event processing. The results of the model are the sequence of interrelated security events, the type of the current security state of the system and the predicted states. The performance of the approach based on the proposed model is illustrated by results of an experiment on predicting system security events, showing low values of the error indicator.

Keywords

Articles in current issue