Radiotekhnika
Publishing house Radiotekhnika

"Publishing house Radiotekhnika":
scientific and technical literature.
Books and journals of publishing houses: IPRZHR, RS-PRESS, SCIENCE-PRESS


Тел.: +7 (495) 625-9241

 

Application of security information and event management system for protection in enterprise information infrastructure

DOI 10.18127/j19997493-201804-12

Keywords:

A.V. Proletarsky – Dr.Sc.(Eng.), Professor, Department «Computer systems and networks», Dean of Faculty, Bauman Moscow State Technical University
E-mail: pav@bmstu.ru
A.A. Mitkovsky – Post-graduate Student, Department «Computer systems and networks», Bauman Moscow State Technical University
E-mail: alexey.mitkovskiy@yandex.ru
A.D. Ponomarev – Post-graduate Student, Department «Computer systems and networks», Bauman Moscow State Technical University
E-mail: ponomarevad@bmstu.ru


To date, there has been an active growth in the amount of data that must be processed to determine the real state of protection of the information infrastructure. To solve this problem, a SIEM-system was developed that allows for the collection, storage and analysis of information in real time from various sources of events to take specific actions to prevent to information security threats. The aim of this work was to study the approach to collecting heterogeneous information, analyzing it, and identifying security incidents based on the principles of data correlation in SIEM systems. In this paper the main tasks of SIEM-systems is described, a model for representing normalized data for aggregation and event filtering is proposed. A technique for detecting bruteforce attacks based on the correlation mechanisms of the MaxPatrol SIEM system has been developed. The conclusion is made that the proposed approach to the implementation of SIEM-systems based on the rule-based reasoning (RBR) allows solving the problems of detecting security incidents with strict observance of the conditions for making decisions.

References:
  1. Miller D.R., Harris Sh., Harper A.A., VanDyke S., Black Ch. Security Information and Event Management (SIEM) Implementation. McGraw–Hill Companies. 2011. 430 p.
  2. Kotenko I.V., Saenko I.B., Polubelova O.V., Chechulin A.A. Primenenie texnologii upravleniya informacziej i soby'tiyami bezopasnosti dlya zashhity' informaczii v kriticheski vazhny'x infrastrukturax // Tr. SPIIRAN. 20 (2012). 27−56.
  3. Tiffany M. A survey of event correlation techniques and related topics. URL = http://www.tiffman.com/netman/netman.html.
  4. Fedorchenko A.V., Kotenko I.V. Korrelyacziya informaczii v SIEM-sistemax na osnove grafa svyazej tipov soby'tij // Informaczionno-upravlyayushhie sistemy'. 2018. № 1. S. 58−67.
  5. Fedorchenko A.V., Levshun D.S., Chechulin A.A., Kotenko I.V. Analiz metodov korrelyaczii soby'tij bezopasnosti v SIEM-sistemax. Chast' 1 // Tr. SPIIRAN. 47 (2016). 5−27.
  6. Proletarskij A.V., Berezkin D.V., Terexov V.I. Vy'yavlenie informaczionny'x ugroz bezopasnosti RF, prognozirovanie ix posledstvij i vy'rabotka predlozhenij po ix predotvrashheniyu // Dinamika slozhny'x sistem. 2017. T. 11. № 4. S. 22−31.
  7. Monaxov Yu.M., Monaxov M.Yu. Modeli ugrozy' rasprostraneniya zapreshhennoj informaczii v informaczionno-telekommunikaczionny'x setyax // Dinamika slozhny'x sistem. 2015. T. 9. № 2. S. 65−69.
  8. Monaxov M.Yu. Matematicheskaya model' analiticheskoj deyatel'nosti administratora bezopasnosti informaczionno telekommunikaczionnoj sistemy' // Dinamika slozhny'x sistem. 2015. T. 9. № 1. S. 13−17.
  9. Hanemann A., Marcu P. Algorithm Design and Application of Service-Oriented Event Correlation // Proc. of 3rd IEEE/IFIP Intern. Workshop on Business-Driven IT Management (BDIM). 2008. P. 61−70.
  10. Kruegel C., Valeur F., Vigna G. Intrusion Detection and Correlation. Challenges and Solutions. Springer. 2004. 118 p.

© Издательство «РАДИОТЕХНИКА», 2004-2017            Тел.: (495) 625-9241                   Designed by [SWAP]Studio