Модель онтоголіко-реляційного сховища даних для функціонування хмарної SIEM-системи

O.K. Zhyharevych; R.Sh. Berdibayev; V.M. Sydorenko; A.A. Polozhentsev; A.O. Krymska

doi:10.18372/2073-4751.76.18236

Authors

O.K. Zhyharevych National Aviation University https://orcid.org/0000-0002-7154-9733
R.Sh. Berdibayev Almaty University of Power Engineering and Telecommunications https://orcid.org/0000-0002-8341-9645
V.M. Sydorenko National Aviation University https://orcid.org/0000-0002-5910-0837
A.A. Polozhentsev National Aviation University https://orcid.org/0000-0003-0139-0752
A.O. Krymska Chernivtsi Institute of Trade and Economics of State University of Trade and Economics https://orcid.org/0000-0001-6410-9476

DOI:

https://doi.org/10.18372/2073-4751.76.18236

Keywords:

database, database management system, SIEM, ontology-relational model, SQL, NoSQL, NewSQL, load balancing, data replication

Abstract

Information security event management systems (SIEM) are widely used to prevent information loss in computer systems and networks. Currently, there are different approaches to creating data storages (databases) for SIEM systems. The analysis has not revealed a universal type of database, and each of them has its own advantages and disadvantages. This paper is aimed at studying the known types of databases and their management systems that can be useful for implementing your own data storage model in modern SIEM. The paper offers a comparative characterization of their capabilities, as well as advantages and disadvantages. In addition, the paper develops a model of an ontological-relational data warehouse, which, by using two different databases with appropriate characteristics, allows to improve the convenience of storing and classifying data, to ensure high speed of obtaining large amounts of information due to preliminary indexing, as well as load balancing and data replication

References

Vielberth M., Pernul G. A Security Information and Event Management Pattern. 12th Latin American Conference on Pattern Languages of Programs (SugarLoafPLoP) / Valparaíso, Chile, 2018. 12 p.

Agrawal K., Makwana H. A Study on Critical Capabilities for Security Information and Event Management. International Journal of Science and Research (IJSR). V. 4. Iss. 7. P. 1893–1896.

Henrik Karlzén. An Analysis of Security Information and Event Management Systems. Department of Computer Science and Engineering Chalmers University of Technology University of Gothenburg, Göteborg, Sweden, January 2009. URL: http://publications.lib.chalmers.se/records/fulltext/89572.pdf.

Ribolovlev D., Karasov S., Polyakov S. Classification of emergency management systems for incidents without baking. Food of cyber security. 2018. No. 3(27). P. 47–53.

Ariel Query Language Guide. IBM QRadar 7.3.3 (2013 and 2019). URL: https://www.ibm.com/docs/en/SS42VS_7.3.3/com.ibm.qradar.doc/b_qradar_aql.pdf

SIEM Analytcis. URL: http://www.siem.su/compare_SIEM_systems.php

Lee J., Kim Y., Kim J., Kim I. Toward the SIEM architecture for cloud-based security services. 2017 IEEE Conference on Communications and Network Security (CNS) / Las Vegas, USA, 2017. P. 398–399.

Bachane I., Adsi Y.I.K., Adsi H.C. Real time monitoring of security events for forensic purposes in Cloud environments using SIEM. 2016 Third International Conference on Systems of Collaboration (SysCo) / Casablanca, Morocco, 2016. P. 1–3.

AlSabbagh B., Kowalski S. A Framework and Prototype for A Socio-Technical Security Information and Event Management System (ST-SIEM). 2016 European Intelligence and Security Informatics Conference (EISIC) / Uppsala, Sweden, 2016. P. 192–195.

Serckumecka A., Medeiros I., Bessani A. Low-Cost Serverless SIEM in the Cloud. 2019 38th Symposium on Reliable Distributed Systems (SRDS) / Lyon, France, 2019. P. 381–3811.

Nabil M., Soukainat S., Lakbabi A., Ghizlane O. SIEM selection criteria for an efficient contextual security. 2017 International Symposium on Networks, Computers and Communications (ISNCC) / Marrakech, Morocco, 2017. P. 1–6.

Mahmoud R.-V., Kidmose E., Turkmen A., Pilawka O., Pedersen J.M. DefAtt - Architecture of Virtual Cyber Labs for Research and Education. 2021 International Conference on Cyber Situational Awareness Data Analytics and Assessment (CyberSA) / Dublin, Ireland, 2021. P. 1–7.

Danik Yu., Hryschuk R., Gnatyuk S. Synergistic effects of information and cybernetic interaction in civil aviation. Aviation. 2016. V. 20. No. 3. P. 137–144.

Berdibayev R., Gnatyuk S., Yevchenko Yu., Kishchenko V. A concept of the architecture and creation for SIEM system in critical infrastructure. Studies in Systems, Decision and Control. 2021. V. 346. P. 221–242.

Oksiiuk O., Chaikovska V., Fesenko A. Security Technique for Authentication Process in the Cloud Environment. 2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T) / Kyiv, Ukraine, 2019. P. 379–382.

Gnatyuk S., Berdibayev R., Avkurova Z., Verkhovets O., Bauyrzhan M. Studies on cloud-based cyber incidents detection and identification in critical infrastructure. CEUR Workshop Proceedings. 2021. V. 2923. P. 68–80.

Lukova-Chuiko N., Fesenko A., Papirna H., Gnatyuk S. Threat hunting as a method of protection against cyber threats. CEUR Workshop Proceedings. 2021.V. 2833. P. 103–113.

Astapenya V., Buriachok V., Sokolov V., Skladannyi P., Ageyev D. Last mile technique for wireless delivery system using an accelerating lens. 2020 IEEE International Conference on Problems of Infocommunications Science and Technology (PIC S&T) / Kharkiv, Ukraine, 2020. P. 811–814.

Гнатюк С.О., Сидоренко В.М., Жигаревич О.К., та ін. Система корелювання подій та управління інцидентами кібербезпеки на об’єктах критичної інфраструктури. Кібербезпека: освіта, наука, техніка. 2023. Т. 3. № 19. С. 176–196.

Model of ontological-relational data storage for the functioning of a cloud SIEM system

Authors

DOI:

Keywords:

Abstract

References

Downloads

Published

Issue

Section

License

Developed By

Language

Information