Development of a two-stage method of fuzzy clustering of information security events in the cyber security monitoring system of economic activities subjects
Abstract
The work is aimed at improving the efficiency of managing the cyber security of economic entities (EDS) by organizing effective cyber security (CS) monitoring, taking into account such features of its process as the heterogeneity of sources of initial data for monitoring CB, their presentation in different data formats, their inaccuracy, in many respects uncertainty and noise, as well as a large number of information security (IS) events processed by heterogeneous components of the EDMS KB monitoring system. The paper proposes a comprehensive two-stage method for fuzzy clustering of IS events, considering the assessment of the criticality of IS events and the functionality of the monitoring system of KB EDMS. At the first stage, the IS event clustering model is used in the EDMS KB monitoring system based on the fuzzy c-means method. This model allows clustering a set of IS events into 3 fuzzy clusters: a fuzzy cluster of IS events that are IS incidents, a fuzzy cluster of IS events that are not IS incidents, and a fuzzy cluster of IS events that require additional analysis. At the second stage, to refine the results of IS event clustering obtained at the first stage, the IS event clustering model is used in the EDMS KB monitoring system based on the method of extracting α-kernels of fuzzy clusters. This model allows you to manually select the thresholds for the degree of belonging of IS events to fuzzy clusters, considering additional information and features of processing IS events in the IS monitoring system of a particular EDMS. The paper provides an assessment of the performance of the developed two-stage method of fuzzy clustering of IS events in the monitoring system of KB EDMS using a specific example. The proposed approach makes it possible to increase the efficiency of ERMS IS monitoring and reduce the period of time required to decide on the management of IS EDMS due to the complex consideration of the features of processing IS events in the IS monitoring system of a particular EDMS.
Downloads
References
2. Onyango Oscar. Artificial Intelligence and its Application to Information Security Management. DOI
3. Sizov V. A. and Kirov A. D. (2020) Problems of implementing SIEM systems in the practice of managing information security of Economic Entities. Open Education. 24(1). P. 69–79. (In Russian) DOI
4. Vulfin A. M. (2022) Detection of network attacks in a heterogeneous industrial network based on machine learning. Programmnaya Ingeneria. 13(2). P. 68–80. (In Russian) DOI
5. Kotenko Igor and Igor Parashchuk (2020). Model of security information and event management system. Vestnik of Astrakhan State Technical University. Series: Management, computer science and informatics. P. 84–94. DOI
6. Eryshov V. G. and Ilina D. V. (2020) Method of the information security monitoring process in information and telecommunication systems based on the application of methods of Markov Random Processes. 2020 Wave Electronics and its Application in Information and Telecommunication Systems (WECONF) [Preprint]. (In Russian) DOI
7. Korolev V. I. (2020) Protsessnaia model’ monitoringa i reagirovaniia na intsidenty informatsionnoi bezopasnosti. Informatsionnaia bezopasnost’: vchera, segodnia, zavtra : Sbornik statei po materialam III Mezhdunarodnoi nauchno-prakticheskoi konferentsii, Moskva, 23 aprelia 2020 goda [Information Security: Yesterday, Today, Tomorrow: Collection of articles based on the materials of the III International Scientific and Practical Conference, Moscow, April 23, 2020]. Moskva: Rossiiskii gosudarstvennyi gumanitarnyi universitet. P. 18–25. (In Russian) – EDN APZTCW.
8. Kirov A. and Sizov V. (2022) Development of a method for targeted monitoring and processing of information security incidents of economic entities. J Comput Virol Hack Tech. P. 1–6. DOI
9. Kaffah F. M., Irfan M., Slamet C., Berhat C., Rahman A. B. A. (2021) Implementation of the fuzzy logic for measuring instrument evaluation results in Information Security Index. IOP Conference Series Materials Science and Engineering. 1098.062003. P. 1–8. DOI
10. Lee Ming-Chang (2014) Information Security Risk Analysis Methods and Research Trends: AHP and Fuzzy Comprehensive Method. International Journal of Computer Science and Information Technology. № 6. P. 29–45.
11. Sidorova D. N., Pivkin E. N. (2022) Algoritmy i metody klasterizatsii dannykh v analize zhurnalov sobytii informatsionnoi bezopasnosti [Algorithms and methods of data clustering in the analysis of information security event logs]. Bezopasnost’ tsifrovykh tekhnologii = Digital Technology Security. No 1 (104). P. 41–60. (In Russian) DOI
12. Viattchenin D. A. (2009) Methodology of Data Analysis Based on Multistage Fuzzy Clustering. United Institute of Informatics Problems of the National Academy of Sciences of Belarus. Artificial intelligence. (In Russian)
13. Al’-Rammakhi Ali Abidalkarim Khabib Kh., Sari Farakh Abbas A. and Minin Iu. V. (2019) Modifikatsiia metoda nechetkoi klasterizatsiia s-srednikh s ispol’zovaniem metoda roia chastits dlia obrabotki bol’shikh dannykh. Sovremennaia nauka: teoriia, metodologiia, praktika : Materialy 1-i Vserossiiskoi (natsional’noi) nauchno-prakticheskoi konferentsii, Tambov, 26–27 noiabria 2019 goda [Modern science: theory, methodology, practice: Proceedings of the 1st All-Russian (national) scientific and practical conference, Tambov, November 26–27, 2019.]. Tambov : Izdatel’stvo Pershina R.V., P. 231–233. (In Russian) – EDN RTAOOJ.
14. Tran Khang, Vuong Nguyen, Tran ManhKien and Fowler Michael (2020) Fuzzy C-Means Clustering Algorithm with Multiple Fuzzification Coefficients. Algorithms. V. 13. P. 158. DOI
15. Viattchenin D. A. (2004) Fuzzy automatic classification methods. Minsk : Techno print. 219 p.
16. Sizov V. A. and Kirov A. D. (2021) The development of models of an analytical data processing system for monitoring information security of an informatization object using cloud infrastructure. Russian Technological Journal. 9(6). P. 16–25. (In Russian) DOI
17. James C. Bezdek, Ehrlich Robert and Full William. FCM: The fuzzy c-means clustering algorithm. Computers & Geosciences. No 10. P. 191–203.
Условия передачи авторских прав in English
