Events correlation in the SIEM-systems based on unmonotonous output
DOI:
https://doi.org/10.18372/2410-7840.19.11438Keywords:
The SIEM-system, correlation, signatura, products, unmonotonous conclusion, rules of silencesAbstract
Going near creation of cross-correlation mechanisms is considered in the SIEM-systems. As logical basis of such mechanisms the use non-monotonic rules of silences is offered in combination with the conclusion of resolution type. This approach extends possibilities of classic cross-correlation mechanisms of the SIEM-systems due to possibility of the simultaneous use of both rules of products and rules of silences which allow to describe typical situations. It enables to process exceptions without their preliminary authentication and create more flexible mechanisms of correlation.References
Hanemann, A., Marcu, P. Algorithm design and application of service-oriented event correlation. [Электронный ресурс] URL: http://www.re-searchgate.net/publication/221033552_Algrithm_design_and_application_of_service-oriented_event_correlation (дата обращения 25.05.2014).
Muller, A. Event Correlation Engine. [Электронный ресурс] URL: ftp://ftp.tik.ee.ethz.ch/pub/stu-dents/2009-FS/MA-2009-01.pdf (дата обращения 25.05.2014).
Шелестова, О. Корреляция SIEM – это просто. Сигнатурные методы. [Электронный ресурс] URL: http://www.securitylab.ru/analytics/431459.php (дата обращения 30.03.2014).
Олеся Шелестова. Корреляция SIEM. Сигна-турные методы //исследовательский центр Positive Research [Электронный ресурс] 2012. URL: http://www.securitylab.ru/analytics/431459.php.
Борисов В. И., Шабуров А. С. О Применении сигнатурных методов анализа информации в SIEM-системах/ Безопасность в информационной сфере № 3(17) / 2015 C. 23-27.
Федорченко А.В., Левшун Д.С., Чечулин А.А., Котенко И.В. Анализ методов корреляции событий безопасности в SIEM-системах. Часть 1. // Труды СПИИРАН. 2016. Вып. 47. C. 5-27.
Стандарт ISO/IEC TR 18044:2004 "Information technology - Security techniques - Information secu-rity incident management".
Тей А., Грибомон П., Луи Ж., Лог Ж. Логический подход к искусственному интеллекту. - М.: Мир, 1990. - 429 с.
Самохвалов Ю.Я. Метод проблемно-ориентированного доказательства в нечеткой логике // Кибернетика и системный анализ. - 1995. - № 5. - С. 58-68.
Downloads
Published
Issue
Section
License
Authors who publish with this journal agree to the following terms:- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
