Enterprise service bus for efficient functioning of the information security event management system

Authors

DOI:

https://doi.org/10.18372/2073-4751.75.18014

Keywords:

SIEM, incident management, ESB, cyber threat, cloud-based architecture, SOA

Abstract

The number of cyber threats in ICT is increasing and the development of new security oriented instrumental tools is very important and relevant scientific task. SIEM systems are category of such tools, directed on log analysis and incident management to prevent negative consequences minimize damage of cyber threats for end user. In the previous works authors have analyzed existed SIEM systems and DB types for them as well as created new architecture of cloud-based SIEM. Next step of this research project is ESB justification. The paper defines the place of ESB distributed data bus in the concept of SOA architecture, identifies the functions and benefits. Also authors analyzed most popular up-to-date ESB solutions and provides recommendations in context of developed SIEM implementation in the critical infrastructure. The developed ESB component for the effective functioning of SIEM systems at CI facilities will provide a number of advantages, such as a wide range of connectors and solution scalability, flexible data routing, guaranteed delivery of information messages, organization of a secure transmission channel, centralized management, the ability to monitor and diagnose transmission status, as well as the possibility of integration with third-party message queues. Besides, the data sheet for SIEM in critical infrastructure was formed and proposed in this paper.

References

Skendžić A., Kovačić B., Balon B. Management and Monitoring Security Events in a Business Organization – SIEM system. 2022 45th Jubilee International Convention on Information, Communication and Electronic Technology (MIPRO) / Opatija, Croatia, 2022. P. 1203–1208.

Gnatyuk S., Berdibayev R., Fesenko A., Kyryliuk O., Bessalov A. Modern SIEM Analysis and Critical Requirements Definition in the Context of Information Warfare. CEUR Workshop Proceedings. 2021. Vol. 3188. P. 149–166.

Berdibayev R., Gnatyuk S., Yevchenko Yu., Kishchenko V. A concept of the architecture and creation for SIEM system in critical infrastructure. Studies in Systems, Decision and Control. 2021. Vol. 346. P. 221–242.

Gnatyuk S., Berdibayev R., Azarov I., Baisholan N., Lozova I. Modern Types of Databases for SIEM System Development. CEUR Workshop Proceedings. 2021. Vol. 3187. P. 127–138.

Jin Z., Zhu H. A Framework for Agent-Based Service-Oriented Modelling. 2008 IEEE International Symposium on Service-Oriented System Engineering / Jhongli, Taiwan, 2008. P. 160–165.

Li W. Design and Implementation of Software Testing Platform for SOA-Based System. 2021 IEEE 6th International Conference on Computer and Communication Systems (ICCCS) / Chengdu, China, 2021. P. 1094–1098.

ESB (Enterprise Service Bus). URL: https://www.ibm.com/cloud/learn/esb.

Dai P. Design and implementation of ESB based on SOA in power system. 2011 4th International Conference on Electric Utility Deregulation and Restructuring and Power Technologies (DRPT) / Weihai, China, 2011. P. 519–522.

Sreemathy J., Joseph I.V., Nisha S., Prabha C.I., Priya G.R.M. Data Integration in ETL Using TALEND. 2020 6th International Conference on Advanced Computing and Communication Systems (ICACCS) / Coimbatore, India, 2020. P. 1444–1448.

Mkhwanazi X., Le H., Blake E. Clustering between Data Mules for Better Message Delivery. 2012 26th International Conference on Advanced Information Networking and Applications Workshops / Fukuoka, Japan, 2012. P. 209–214.

Kumara I., Gamage C. Towards Reusing ESB Services in Different ESB Architectures. 2010 IEEE 34th Annual Computer Software and Applications Conference Workshops / Seoul, Korea (South), 2010. P. 25–30.

Gnatyuk S., Berdibayev R., Smirnova T., Avkurova Z., Iavich M. Cloud-Based Cyber Incidents Response System and Software Tools. Communications in Computer and Information Science. 2021. Vol. 1486. P. 169–184.

Laue T., Kleiner C., Detken K.-O., Klecker T. A SIEM Architecture for Multidimensional Anomaly Detection. 2021 11th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS) / Cracow, Poland, 2021. P. 136–142.

Asef P., Taheri R., Shojafar M., Mporas I., Tafazolli R. SIEMS: A Secure Intelligent Energy Management System for Industrial IoT applications. IEEE Transactions on Industrial Informatics. 2022. P. 1–12.

Orsós M., Kecskés M., Kail E., Bánáti A. Log collection and SIEM for 5G SOC. 2022 IEEE 20th Jubilee World Symposium on Applied Machine Intelligence and Informatics (SAMI) / Poprad, Slovakia, 2022. P. 000147–000152.

Gnatyuk S., Berdibayev R., Sydorenko V., Polozhentsev A., Ryabyy M. Enterprise Service Bus Construction in SOA Architecture for SIEM Implementation in Critical Information Infrastructure. CEUR Workshop Proceedings. 2022. Vol. 3288. Paper 2. P. 11–20.

Gnatyuk S., Berdibayev R., Sydorenko V., Berdibayeva G., Yudin O. Methodological Bases of Critical Information Infrastructure Identification and Security Assessment: Monograph. Kyiv : “Pro Format” Publishing House, 2023. 129 p.

Published

2023-11-01

Issue

Section

Статті