Investigation of associative rule search method for detection of cyber incidents in information management systems and security events using CICIDS2018 test data set
Вантажиться...
Дата
2024
Науковий керівник
Назва журналу
Номер ISSN
Назва тому
Видавець
Institute of Special Communication and Information Protection of National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”
Анотація
Automated rule generation for cyber incident identification in information management and security event systems (SIEM, SYSTEM, etc.) plays a crucial role in modern cyberspace defense, where data volumes are exponentially increasing, and the complexity and speed of cyber-attacks are constantly rising. This article explores approaches and methods for automating the process of cyber incident identification rule generation to reduce the need for manual work and ensure flexibility in adapting to changes in threat models. The research highlights the need for utilizing modern techniques of Intelligent Data Analysis (IDA) to process large volumes of data and formulate behavior rules for systems and activities in information systems. The conclusion emphasizes the necessity of integrating multiple research directions, including analyzing existing methods and applying IDA algorithms to search for associative rules from large datasets. Key challenges addressed include the complexity of data modeling, the need to adapt to changes in data from dynamic cyber attack landscapes, and the speed of rule generation algorithms for their identification. The issue of the "dimensionality curse" and the identification of cybersecurity event sequences over time, particularly relevant to SIEM, are discussed. The research objective is defined as the analysis and evaluation of various mathematical methods for automated associative rule generation to identify cyber incidents in SIEM. The most effective strategies for enhancing the efficiency of associative rule generation and their adaptation to the dynamic change of the cybersecurity system state are identified to strengthen the protection of information infrastructure.
Опис
Ключові слова
Intelligent Data Analysis, associative rules, SIEM, cyber incident, cyber threat, cyberspace, data classification, information infrastructure, інтелектуальний аналіз даних, асоціативні правила, кіберінцидент, кіберзагроза, кіберпростір, класифікація даних, інформаціна інфраструктура
Бібліографічний опис
Onishchenko, V. Investigation of associative rule search method for detection of cyber incidents in information management systems and security events using CICIDS2018 test data set / Volodymyr Onishchenko, Oleksandr Puchkov, Ihor Subach // Information Technology and Security. – 2024. – Vol. 12, Iss. 1 (22). – Pp. 91-101. – Bibliogr.: 11 ref.