Abstract. To solve the problem of information security event correlation, a model for the combined use of intelligent correlation methods is proposed. Intelligent security event correlation methods are able to analyze both historical data and real-time events and automatically detect changing thresholds. The proposed model contains two levels of data processing: the level of knowledge representation and the level of security event correlation. At the level of knowledge representation, structural and semantic analysis of events is carried out. At the correlation level, the similarity assessment of elements of security event vectors, a graph-oriented neural network method and data analysis using recurrent neural networks are used for event processing. The results of the model are the sequence of interrelated security events, the type of the current security state of the system and the predicted states. The performance of the approach based on the proposed model is illustrated by results of an experiment on predicting system security events, showing low values of the error indicator.

Keywords: event correlation, information security, security monitoring, data mining

References:

1. Kotenko I.V., Saenko I.B., Kotsynyak M.A., Lauta O.S. Informatics and Automation, 2017, no. 6(55), pp. 160–184. (in Russ.)
2. Albasheer H., Siraj Md M., Mubarakali A., Elsier Tayfour O., Salih S., Hamdan M., Kamarudeen S. Sensors, 2022, no. 4(22), pp. 1494(1–15).
3. Moskvichev A.D., Dolgachev M. V. Automation of Control Processes, 2020, no. 3, pp. 50–59. (in Russ.)
4. Gaifulina D.A., Kotenko I.V. Information and Control Systems, 2021, no. 1(110), pp. 28–37. (in Russ.)
5. Kovačević I., Groš S., Slovenec K. Electronics, 2020, no. 10(9), pp. 1722(1-32).
6. Kotenko I., Gaifulina D., Zelichenok I. IEEE Access., 2022, vol. 10, рр. 43387–43420.
7. Okhtilev M.Yu. Sistemy iskusstvennogo intellekta i ikh primeneniye v avtomatizirovannykh sistemakh monitoringa sostoyaniya slozhnykh organizatsionno-tekhnicheskikh ob"yektov (Artificial Intelligence Systems and Their Application in Automated Systems for Monitoring the State of Complex Organizational and Technical Objects), St. Petersburg, 2018, 261 р. (in Russ.)
8. Tanwar P., Prasad T.V., Aswal M.S. International Journal on Computer Science and Engineering, 2010, no. 07(2), pp. 2274–2281.
9. Sikos L.F. Wiley Interdisciplinary Reviews: Forensic Science, 2021, no. 3(3), pp. e1394(1-11).
10. Zeng J., Wu S., Chen Y., Zeng R., Wu C. Security and Communication Networks, 2019, vol. 2019, рр. 1–16.
11. Lallie H.S., Debattista K., Bal J. Computer Science Review, 2020, vol. 35, рр. 100219(1-41).
12. Malikov A.V., Avramenko V.S., Saenko I.B. Information and Control Systems, 2019, no. 6(103), pp. 32–42. (in Russ.)
13. Butusov I., Romanov A. Voprosy kiberbezopasnosti, 2020, no. 5(39), pp. 45–51. (in Russ.)
14. Ala-Laurinaho R., Keski-Heikkilä T. Driving smart crane with various loads, https://ieee-dataport.org/documents/driving-smart-crane-various-loads.