Модель системы управления информацией и событиями безопасности

Abstract

The article is focused on the development of a mathematical model of functioning the security information and event management system known as the SIEM system. This model is a formalized analytical description (in terms of a Markov chain in the form of stochastic differential equations) of the dynamics of the changing states of quality indicators characterizing the essential properties of functioning the security information and events management system in the state space. The model is a system of equations of state and observation, traditional for the Markov chain in the form of finite differences. The scientific task is to improve (modify) the algorithms for converting excitation noise used in the model. A mechanism is proposed for determining the values of the mathematical expectation increment of the simulated process, obtained on the basis of a priori data on the Markov chain, in relation to the mathematical expectation of white Gaussian noise exciting this process. Based on simple calculations the mechanism helps to decide what values can be taken by the elements of the vector of compensation additives in the equation of state of the auxiliary indicator vector of this modified model, taking into account the conversion of the excitation noise. This allows simplifying the model and reducing its computational complexity without significant losses in accuracy (adequacy). The practical application of an improved model is possible both in the framework of the research and in the systems of automated control of information security.