Ðóñ Eng During last 365 days Approved articles: 2060,   Articles in work: 298 Declined articles: 785 
Library

Zavodtsev I.V., Gaynov A.E. Developing a mechanisms of collecting initial information and converting its’ presentation format for security events monitoring systems

Published in journal "Software systems and computational methods", 2015-1 in rubric "Forms and methods of information security administration", pages 21-31.

Resume: Mechanisms to collect and convert the format of presentation of the initial information are essential in the functional structure of management systems for information security incidents. Therefore, the paper discusses the development of a module for events translation, which provides merging registration events into one point. And it is also important to have the ability to implement transfer of raw data from single sensors into the consolidated database system of correlation. This requires development of a mechanism of data aggregation with further normalization and prioritization which provides source data compression for subsequent decision making on the presence / absence of information security incident over the current period. The authors carried out the development of the mathematical apparatus for translation events module for perspective management systems for information security incidents, which provides merging registration events from many sources into one point. In this paper the authors propose a mechanism for gathering and converting the format of presentation of the initial information, including: a procedure for data converting before transporting by assigning alpha or numeric identifier to fields of registration logs line by line and splitting these identifiers into groups; procedures of categorization and prioritization;  algorithm for aggregating data about events, based on the calculation of the sample coefficient of correlation between signs of elementary events.

Keywords: event of information security, information security, incident management, management systems for information security incide, data extraction, registration logs, data normalization, events categorization, eventss prioritization, data filtering

DOI: 10.7256/2305-6061.2015.1.14010

This article can be downloaded freely in PDF format for reading. Download article

Bibliography:
Prosmotr sobytiy Windows [Elektronnyy resurs] – Rezhim dostupa: http://windows.microsoft.com/ru-ru/windows/what-information-event-logs-event-viewer#1TC=windows-7
Zavodtsev, I. V. Metody i sposoby upravleniya intsidentami informatsionnoy bezopasnosti : Matematicheskie metody i informatsionno-tekhnicheskie sredstva / I.V. Zavodtsev, A.E. Gaynov // materialy IX Vseros. nauch.-prakt. konf., 21–22 iyunya 2013 g. – Krasnodar: Krasnodar. un-t MVD Rossii, 2013. – 366 s.
Kotenko, I. V. Primenenie tekhnologii upravleniya infor-matsiey i sobytiyami bezopasnosti dlya zashchity informatsii v kriticheski vazhnykh infrastrukturakh / I.V. Kotenko, I.B. Saenko, O.V. Polubelova, A.A. Chechulin // Trudy SPI-IRAN. SPb.: Nauka, 2012. Vyp. 1(20). S.27–56.
Analiticheskiy otchet «Obzor intsidentov informatsionnoy bezopasnosti ASU TP zarubezhnykh gosudarstv» (po materialam Internet-izdaniy za 2008-2010 gg.) M. : NTTs «Stankoinformza-shchita» [Elektronnyy resurs] Rezhim dostupa: http://itdefence.ru
Kotenko, I. V. Postroenie sistemy intellektual'nykh ser-visov dlya zashchity informatsii v usloviyakh kiberneticheskogo protivoborstva / I.V. Kotenko, I.B. Saenko // Trudy SPIIRAN. SPb.: Nauka, 2012. Vyp. 3(22). S.84–100.
GOST R 18044-2007. Informatsionnaya tekhnologiya. Metody i sredstva obespecheniya bezopasnosti. Menedzhment intsidentov informatsionnoy bezopasnosti.

Correct link to this article:
just copy this link to clipboard