The purpose of the study is to develop an approach for identifying and processing invalid events in critical information infrastructure (CII) based on the concepts of taxonomy and categorization. The approach aims to improve the efficiency of identifying, classifying, and managing information security (IS) incidents. The article addresses the current tasks of ensuring the required level of CII protection and minimizing the negative consequences of information security incidents resulting from invalid events. The identification of these events is associated with the complexity of detecting such events, the need to process large volumes of data, insufficient speed in detecting IS events, as well as technological limitations.The relevance of identifying and classifying invalid events in information security, especially for CII, is driven by the need for timely detection and response to incidents that could lead to negative consequences. Understanding the nature and characteristics of such events allows for effective system protection and prevention of significant damage. To enhance the effectiveness of ensuring security, it is necessary to identify the class of invalid events among the numerous information security events by considering the characteristics that define invalid events.The novelty of the proposed approach lies in solving the task of identifying the class of invalid information security events based on taxonomy methods, involving the use of event categorization tools with the attributes of invalid events.Materials and methods. The approach to identifying invalid events in CII, based on the principles of information security event taxonomy, was used to solve the task. It was shown that identifying invalid information security events is directly related to solving the problem of searching for and analyzing their attributes, which represent the characteristics or parameters used to describe and classify security incidents. Based on the key principles of taxonomy, a model of the structure of the set of invalid events was developed to determine the characteristics that can be the basis for classifying invalid events. The process of identifying invalid information security events includes a sequence of stages: taxonomy, categorization, and classification, with appropriate methods and tools implemented at each stage.Results. Approaches to identifying invalid events in CII have been analyzed. Problems related to large data volumes, the complexity of event processing, the considerable time required for their detection, and technological limitations were considered. It was shown that the concept of taxonomy and categorization allows for effective identification and classification of information security incidents, ensuring efficient processing and response. The feasibility of applying taxonomy for describing and identifying the attributes of invalid events was justified, contributing to the development of effective protection strategies and improving security levels. A generalized scheme for processing invalid events was proposed, including a set of interconnected stages of identification, categorization, impact assessment, response, documentation, and analysis. An algorithm for structured description and classification of incidents was developed, allowing for more accurate and timely responses to information security threats.Conclusion. The results obtained increase the effectiveness of solving the task of classifying information security incidents by identifying invalid events, which reduces the level of negative consequences of incidents and enhances the security of CII objects.
Read full abstract