Open AccessINFORMATION SECURITY EVENT CORRELATION ALGORITHMS
Author(s) -
Anton Moskvichev,
Mikhail V. Dolgachev
Publication year - 2020
Publication title -
avtomatizaciâ processov upravleniâ
Language(s) - English
Resource type - Journals
ISSN - 1991-2927
DOI - 10.35752/1991-2927-2020-3-61-50-59
Subject(s) - computer science , event (particle physics) , algorithm , intrusion detection system , correlation , field (mathematics) , data mining , ideal (ethics) , class (philosophy) , machine learning , artificial intelligence , mathematics , philosophy , physics , geometry , epistemology , quantum mechanics , pure mathematics
An event correlation system is a system that receives events from various intrusion detection systems, reduces the number of false events, detects high-level attacks, raises the value of incidents, predicts future attacks, and detects sources of attacks. Many algorithms have their advantages and disadvantages. This article provides an overview of existing event correlation algorithms. The material presented in the article is focused on the algorithms used in correlation mechanisms. The authors of the article introduce functions related to accuracy, functionality and computational capabilities, and compare the categories of algorithms using these functions. The result of this review shows that each category of algorithms has its own strengths, and ideal event correlation systems should have the strengths of each of the categories. In conclusion, the authors of the article conclude that these algorithms are effective and can be used as a correlator module in systems of the SIEM class. Based on the results, the authors make a choice in favor of knowledge base algorithms because of their high accuracy, which is a prerequisite for the application of the algorithm in the field of information security, and low resource consumption.