METHOD OF INTEGRATING AN UTILITY MODULE WITH SIEM

DOI: 10.47026/1810-1909-2024-4-60-74

УДК 519.876.5:004.056

ББК В182:А68

Mikhail M. MUNTYAN, Irina G. SIDORKINA

Key words: information security, SIEM, middleware, event monitoring, software development, microservices.

The current tool for information security is the use of SIEM-type systems, which allow collecting and processing a large amount of data on the protected infrastructure by defining dependencies between emerging security events. The ways in which such systems used more effectively are therefore equally valuable. This process linked to the development of new algorithms for infrastructure monitoring and the need for its (infrastructure) modernization. Classical analysis methods were used to identify important aspects and stages of the SIEM process, mathematical modelling methods for analytical calculations were used to increase the efficiency of the SIEM interaction – protected infrastructure, methods of comparative analysis in determining the advantages and disadvantages of using current software development architecture, synthesis methods for determining the applicability of intelligent application methods as a means of expansion of the obtained for the calculation of correlation events without-danger information.

The objectives of the study are to increase the level of automation of SIEM decision-making and the efficiency of critical information security parameters: the speed of analysis of incoming events and decision-making, the load on information security resources in the protected infrastructure, the quality of the protection system when separating SIEM functionality into small local network «representative offices».

Materials and methods. Subject of study, the process of functioning SIEM, whose efficiency does not reach optimal for solution given to systems of this type value. Classical analysis methods were used to determine important aspects and stages of the SIEM process, mathematical modeling methods for analytical calculations increase efficiency of interaction construction «SIEM – protected infrastructure», methods of comparative analysis in the determination of pre-advantages and disadvantages of using today’s current architecture for software development, synthesis methods for determining the applicability of mining methods as a means of extending the information security events correlation obtained.

Results. Based on the results of the research, a new architecture of protected infrastructure for implementing SIEM interaction proposed – an infrastructure based on decentralization of information collection and preprocessing processes through delegation of SIEM software functionalities platform. The structural features of the implementation of the program platform as well as its basic functionality defined. In addition, based on the results of a comparative analysis of monolithic, service-oriented and micro-service approach, the most preferred way to implement the proposed software platform was determined, and a list of advanced functionalities, taking into account the need to use information-mining techniques to improve SIEM performance.

Conclusions. The use of the proposed solution increases the performance of SIEM systems when implementing such stages as information collection and pre-processing, expands the capabilities of information security specialists by obtaining new correlated data through the use of intelligent analysis methods, and also allows you to move from a centralized implementation of the protection process to a decentralized one. The implementation of the software platform based on a service-oriented approach makes it possible to increase the level of system integration and its fault tolerance. In addition, the use of the proposed platform in conjunction with second-generation SIEM systems allows you to get an alternative assessment of the state of the infrastructure, which indicates the possibility of improving the accuracy of decision-making.

References

1. Mel’nikov E.A. Tipovye skhemy vzaimodeistviya v sistemakh sbora i analiza sobytii informatsionnoi bezopasnosti SIEM [Typical interaction schemes in SIEM information security event collection and analysis systems]. Elektronnyi nauchnyi zhurnal, 2020, no. 3(32), pp. 21–24.
2. Sizov V.A., Kirov A.D. Problemy vnedreniya SIEM-sistem v praktiku upravleniya informatsionnoi bezopasnost’yu sub»ektov ekonomicheskoi deyatel’nosti [Problems of implementation of SIEM-systems in the information security management practice of economic activity entities]. Otkrytoe obrazovanie, 2020, vol. 1, no. 24, pp. 69–79.
3. Muntyan M.M., Sidorkina I.G. Metod integratsii vspomogatel’nogo modulya v sushchestvuyushchie SIEM-sistemy [Method of integration of the utility module into existing SIEM systems]. In: Inzhenernye kadry – budushchee innovatsionnoi ekonomiki Rossii: materialy IX Vseros. stud. konf. [Proc. of the IX Russ. Conf. «Engineers – future of innovative economy of Russia»]. Yoshkar-Ola, 2023, pp. 567–572.
4. Chernyad’ev I.S., Khamidullin M.R. Sposoby integratsii programmnogo obespecheniya: API, Veb-servisy i promezhutochnoe programmnoe obespechenie [Integration software: API, Web-services and intermadiate software]. In: Shkola molodykh novatorov: sb. nauch. st. 5-i Mezhdunar. nauch. konf. perspektivnykh razrabotok molodykh uchenykh [Proc. of the 5^th Conf. «School of young innovators»]. Kursk, 2024, pp. 266–270.
5. Prosto o mikroservisakh [Simply about micro services]. Available at: https://habr.com/ru/companies/raiffeisenbank/articles/346380/ (Access Date: 2024, Sept. 17).
6. V chem raznitsa mezhdu SOA i mikroservisami [SOA and micro services difference]. Available at: https://aws.amazon.com/ru/compare/the-difference-between-soa-microservices (Access Date: 2024, Sept. 17).
7. Osnovnye protokoly integratsii prilozhenii [Basic protocols for application integration]. Available at: https://dynamicsun.ru/blog/protokoli-inteegrasii-prilozheniy.html (Access Date: 2024, Sept. 17).
8. Integratsiya programmnogo obespecheniya. Opisanie protsessa ot biznes konsul’tanta [Software integration. Description from business conseltant]. Available at: https://habr.com/ru/companies/trinion/articles/245615 (Access Date: 2024, Sept. 17).
9. Tsvetkova O.L., Isak D.A. Primenenie metodov intellektual’nogo analiza dannykh pri testirovanii sistem informatsionnoi bezopasnosti [Application of data mining methods in testing information security systems]. In: Novosti nauki 2024: Gumanitarnye i tochnye nauki: sb. materialov XLIII ochno-zaochnoi nauch.-prakt. konf. [Proc. of XLIII Russ. Conf. «Science news 2024: Humanities and precise sciences»]. Moscow, Empire Publ., 2023, pp. 30–31.
10. Vul’fin A.M. Modeli i metody kompleksnoi otsenki riskov bezopasnosti ob»ektov kriticheskoi informatsionnoi infrastruktury na osnove intellektual’nogo analiza dannykh [Models and methods of integrated security risk assessment of critical information infrastructure objects based on data mining]. Sistemnaya inzheneriya i informatsionnye tekhnologii, 2023, no. 4(13), pp. 50–76.
11. Security Vision. SIEM sistemy (Security information and Event Management) – chto eto i zachem nuzhno? [Security information and event management (SIEM) systems – main appointment]. Available at: https://www.securityvision.ru/blog/siem-chto-eto-i-zachem-nuzhno/ (Access Date: 2024, Sept. 15).
12. Chto takoe promezhutochnoe PO [AWS. What is intermediate software]. Available at: https://aws.amazon.com/ru/what-is/middleware (Access Date: 2024, Sept. 15).

Information about the authors

Mikhail M. Muntyan – Post-Graduate Student, Department of Mathematical and Hardware Support of Information Systems, Chuvash State University, Russia, Cheboksary (muntyanmickhail@gmail.com; ORCID: https://orcid.org/0009-0009-6836-8921).

Irina G. Sidorkina – Doctor of Technical Sciences, Professor, Department of Mathematical and Hardware Support of Information Systems, Chuvash State University, Russia, Cheboksary; Head of the Department of Information Security, Volga State University of Technology, Russia, Yoshkar-Ola (igs592000@mail.ru; ORCID: https://orcid.org/0009-0000-2869-0419).

For citations

Muntyan M.M., Sidorkina I.G. METHOD OF INTEGRATING AN UTILITY MODULE WITH SIEM. Vestnik Chuvashskogo universiteta, 2024, no. 4, pp. 60–74. DOI: 10.47026/1810-1909-2024-4-60-74 (in Russian).

Download the full article