Architecture and functional model of a perspective proactive intellectual siem for cyber protection of objects of critical infrastructure

Abstract

The article deals with the current, nowadays, issues of cyber defense of critical infrastructure, which are becoming increasingly important. Based on the analysis, it is concluded that the basis of building an effective cyber defense system is the use of information management and security event management (SIEM). The use of systems of this type allows not only to detect cyber security incidents, but also to predict them based on the accumulated data in the system. The proposed new architecture for a promising proactive smart SIEM, which, in addition to the traditional levels of data collection, management and analysis, includes the fourth level - the level of decision making and implementation. The implementation of the proposed architecture is possible through the development and application of new methods of normalization, filtering, classification, aggregation, correlation, prioritization and analysis of events and cyber security incidents, their consequences, generation of various reports, messages and visual presentation of data for operational and substantiated adoption based on data mining technologies, machine learning, Big Data processing and artificial intelligence. A new functional model of a promising intelligent SIEM is proposed, which includes: subsystem of collection and primary processing of data from heterogeneous sources; data management subsystem; the data analysis subsystem and the decision and implementation subsystem. The implementation of the model allows to minimize human participation in solving the problem of responding to cyber incidents, thereby increasing the efficiency and validity of the decisions it makes. The application of the proposed new architecture of a proactive intellectual SIEM and its functional model, allows to take a new step in the evolution of type towards increasing the efficiency of their use in cyber defense systems of critical infrastructure.