Development of an Integrated Security Monitoring System Based on the Analysis of the Goals of Actions of Subjects of Computer Systems

Abstract

AbstractSecurity monitoring systems for computer systems and networks (CSN) are classified by areas of information infrastructure where security policy violations are detected. At the same time, there are security monitoring systems (SMS) focused on: workstation; applications; database management system (DMS); computer network. SMS of a workstation are executed on the protected node and monitor various security events, collect and analyze information reflecting the activity taking place in the operating system of a separate computer. Application-level SMSs and DMSs collect and analyze information from specific applications such as Web servers, firewalls, or database management systems. Network layer SMSs collect information from network traffic. They can be performed on ordinary or specialized computers, and also can be integrated into routers or switches. The article discusses the features of the practical implementation of SMS in CSN. Based on the analysis of the problems arising during the functioning of security monitoring tools in modern CSN, the main research area is highlighted - the development of methods and means of security monitoring that ensure an increase in the effectiveness of SMS against the actions of malicious intent by: predicting possible actions of intruders; dynamic analysis of risks of implementation of threats to the security of information resources; recommendations to the adaptive security management system for reconfiguring/modifying protection when the threat level changes. The developed complex SMS based on the analysis of the goals of the actions of the subjects of computer systems is described.KeywordsSecurity monitoring systemComputer systems and networksVulnerabilityAttack detection toolsMeans of security