Architecture of intelligent SIEM for detecting cyber incidents in databases of military information and communication systems.

Abstract

The article looks at the current supply of cyber defense to the databases of information and communication systems. The effectiveness of continuous visits to databases is analyzed. The analysis indicates that existing systems are not immune to security, which is a critical aspect in the field of cybersecurity. A new approach to the architecture of the SIEM system is being introduced, which is aimed at different parts of the protection circuit of the information and communication system. The fragmented architecture makes it possible to effectively detect and respond to cyber attacks at all levels of protection, from the operating system to databases. A new approach is being introduced to ensure cyber security of databases with the benefit of the intelligent capabilities of the SIEM system. The main aspect of this architecture is rich database protection, which allows you to effectively detect and respond to cyber attacks. The registration approach includes the addition of data from different levels to the security circuit of the information and communication system, the module for analyzing data about categories in the database, which operates on the basis of The use of fuzzy multiplicity theory methods, fuzzy logic inference and rule correlation module to improve the detection of cyber incidents. And also the integration of OLAP technologies to provide a deep and analytical view of the database security system. The architecture for identifying cyber incidents has been designed to improve the efficiency of identifying cyber incidents related to the functioning of the database of information and communication systems and. The result of the investigation is a reduction in the capabilities of the SIEM system in identifying and responding to cyber identities in the database of the military information system. Further, we directly monitor the operational model of the cybersecurity system of the information and communication system database.