信息安全事件管理系统中的案例分析

Proceedings of the 8th International Conference on Security of Information and Networks Pub Date : 2015-09-08 DOI:10.1145/2799979.2799990

Andrey Shalyapin, V. Zhukov

{"title":"信息安全事件管理系统中的案例分析","authors":"Andrey Shalyapin, V. Zhukov","doi":"10.1145/2799979.2799990","DOIUrl":null,"url":null,"abstract":"The article is devoted to solving the urgent practical problem of determining the strategy for responding to information security incidents with the help of case based analysis. The apparatus of case based analysis is proposed to be used to solve the problem of choosing the strategy for responding to information security incidents. Incidents are compared with classes of precedents on the basis of similarities found in each class. An incident is compared with a specific precedent in the class and its associated response strategy according to the degree of similarity. In accordance with the proposed concept of the analysis of incidents a new algorithm of classification of information security incidents in information systems based on the case and statistical analysis was developed. The developed algorithm differs from the known ones due to automatic selection of the optimal cut-off value using the ROC-analysis. The assessment of the efficiency of the developed algorithm on a set of test data was made.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Case based analysis in information security incidents management system\",\"authors\":\"Andrey Shalyapin, V. Zhukov\",\"doi\":\"10.1145/2799979.2799990\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The article is devoted to solving the urgent practical problem of determining the strategy for responding to information security incidents with the help of case based analysis. The apparatus of case based analysis is proposed to be used to solve the problem of choosing the strategy for responding to information security incidents. Incidents are compared with classes of precedents on the basis of similarities found in each class. An incident is compared with a specific precedent in the class and its associated response strategy according to the degree of similarity. In accordance with the proposed concept of the analysis of incidents a new algorithm of classification of information security incidents in information systems based on the case and statistical analysis was developed. The developed algorithm differs from the known ones due to automatic selection of the optimal cut-off value using the ROC-analysis. The assessment of the efficiency of the developed algorithm on a set of test data was made.\",\"PeriodicalId\":293190,\"journal\":{\"name\":\"Proceedings of the 8th International Conference on Security of Information and Networks\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-09-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 8th International Conference on Security of Information and Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2799979.2799990\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 8th International Conference on Security of Information and Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2799979.2799990","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

本文致力于用案例分析的方法来解决信息安全事件应对策略的确定这一迫切的现实问题。提出了一种基于案例分析的方法来解决信息安全事件响应策略的选择问题。根据在每一类中发现的相似性，将事件与不同类别的先例进行比较。根据相似程度，将事件与类中的特定先例及其相关的响应策略进行比较。根据所提出的事件分析概念，提出了一种基于案例分析和统计分析的信息系统信息安全事件分类算法。该算法利用roc分析自动选择最佳截止值，与已知算法有所不同。在一组测试数据上对所开发算法的效率进行了评价。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Case based analysis in information security incidents management system

The article is devoted to solving the urgent practical problem of determining the strategy for responding to information security incidents with the help of case based analysis. The apparatus of case based analysis is proposed to be used to solve the problem of choosing the strategy for responding to information security incidents. Incidents are compared with classes of precedents on the basis of similarities found in each class. An incident is compared with a specific precedent in the class and its associated response strategy according to the degree of similarity. In accordance with the proposed concept of the analysis of incidents a new algorithm of classification of information security incidents in information systems based on the case and statistical analysis was developed. The developed algorithm differs from the known ones due to automatic selection of the optimal cut-off value using the ROC-analysis. The assessment of the efficiency of the developed algorithm on a set of test data was made.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 8th International Conference on Security of Information and Networks

自引率

0.00%

发文量