Zavodtsev I.V., Gaynov A.E. Developing a mechanisms of collecting initial information and converting its’ presentation format for security events monitoring systems

Abstract: Mechanisms to collect and convert the format of presentation of the initial information are essential in the functional structure of management systems for information security incidents. Therefore, the paper discusses the development of a module for events translation, which provides merging registration events into one point. And it is also important to have the ability to implement transfer of raw data from single sensors into the consolidated database system of correlation. This requires development of a mechanism of data aggregation with further normalization and prioritization which provides source data compression for subsequent decision making on the presence / absence of information security incident over the current period. The authors carried out the development of the mathematical apparatus for translation events module for perspective management systems for information security incidents, which provides merging registration events from many sources into one point. In this paper the authors propose a mechanism for gathering and converting the format of presentation of the initial information, including: a procedure for data converting before transporting by assigning alpha or numeric identifier to fields of registration logs line by line and splitting these identifiers into groups; procedures of categorization and prioritization;  algorithm for aggregating data about events, based on the calculation of the sample coefficient of correlation between signs of elementary events.

Keywords: