Case based analysis in information security incidents management system

Abstract

The article is devoted to solving the urgent practical problem of determining the strategy for responding to information security incidents with the help of case based analysis. The apparatus of case based analysis is proposed to be used to solve the problem of choosing the strategy for responding to information security incidents. Incidents are compared with classes of precedents on the basis of similarities found in each class. An incident is compared with a specific precedent in the class and its associated response strategy according to the degree of similarity. In accordance with the proposed concept of the analysis of incidents a new algorithm of classification of information security incidents in information systems based on the case and statistical analysis was developed. The developed algorithm differs from the known ones due to automatic selection of the optimal cut-off value using the ROC-analysis. The assessment of the efficiency of the developed algorithm on a set of test data was made.