The Task of Detecting Unacceptable Information Security Events in the Information Infrastructure

The Task of Detecting Unacceptable Information Security Events in the Information Infrastructure

The purpose of the study is to develop an advanced approach to solving the task of detecting unacceptable events in the field of information security to improve incident detection accuracy and reduce the number of false positives. An unacceptable event is defined as an event resulting from a cyberat...

Full description

Saved in:
Bibliographic Details
Main Authors: Darya A. Evdokimova, Andrey A. Mikryukov
Format: Article
Language:English
Published: Plekhanov Russian University of Economics 2025-03-01
Series:Открытое образование (Москва)
Subjects:
information security
detection of unacceptable events
machine learning
anomaly analysis
signature analysis
neural network classifier
attributes of unacceptable events
Online Access:https://openedu.rea.ru/jour/article/view/1072
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The purpose of the study is to develop an advanced approach to solving the task of detecting unacceptable events in the field of information security to improve incident detection accuracy and reduce the number of false positives. An unacceptable event is defined as an event resulting from a cyberattack that either makes it impossible to achieve the strategic goals of an organization or significantly disrupts its core activities. The proposed solution for detecting unacceptable events is based on a neural network classifier trained on data related to unacceptable events, including attributes, precursors, and compromise indicators of unacceptable events. This solution provides comprehensive event analysis and reduces the likelihood of missing unacceptable events, making it particularly relevant for protecting critical information infrastructure. The relevance of the study is driven by the rapid increase in the number and complexity of cyberattacks and the necessity to implement automated threat detection methods associated with unacceptable events that lead to negative consequences. As cyber threats grow more complex and diverse, traditional detection methods are becoming increasingly ineffective, necessitating improvements in existing technologies to protect information systems.The novelty of the proposed solutions lies in improving the accuracy of detecting unacceptable events through the use of machine learning methods and a neural network classifier, as well as reducing response time by utilizing the Elastic Stack tool for data collection, processing, aggregation, and visualization.Materials and methods. To address the task of detecting unacceptable events, the Elastic Stack tool was employed, enabling the collection, aggregation, and visualization of event data. The primary analytical tool is a neural network classifier trained on a set of attributes, precursors, and compromise indicators of unacceptable events. The research methods include the application of event correlation mechanisms, anomaly analysis, and machine learning, all integrated into a unified system.Results. A solution for detecting unacceptable events was proposed, based on the use of identified attributes, precursors, and compromise indicators of unacceptable information security events.Conclusion. The identified attributes, precursors, and compromise indicators of unacceptable events provide an effective solution for detecting such events. The application of the proposed solution contributes to improving the protection of information systems and reducing risks associated with cyberattacks, which is particularly critical for ensuring the security of critical information infrastructure.
ISSN:1818-4243
2079-5939

Similar Items