ANALYSIS OF CURRENT APPROACHES TO DETECTION OF CYBER INCIDENTS IN SIM SYSTEMS AND DIRECTIONS FOR THEIR IMPROVEMENT

DOI: 10.31673/2412-4338.2026.019002

Authors

  • Ігор Юрійович Субач, (Ihor Subach) National Technical University of Ukraine "Igor Sikorsky Kyiv Polytechnic Institute", Kyiv, Ukraine https://orcid.org/0000-0002-9344-713X
  • Віталій Вікторович Фесьоха, (Vitalii Fesokha) Kruty Heroes Military Institute of Telecommunications and Information Technologies, Kyiv, Ukraine https://orcid.org/0000-0001-6612-1970
  • Данило Олексійович Копич, (Danylo Kopych) National technical university of UkraineIgor Sikorsky Kyiv Polytechnic Institute, Kyiv, Ukraine https://orcid.org/0009-0005-9809-546X

Abstract

The article presents the concept of increasing the efficiency of cyber incident detection in SIEM systems based on the development of a conceptual model of a hybrid architecture that combines hypergraph data structures and generative artificial intelligence. An analysis of modern methods for detecting threats in security event analysis systems is carried out, which include classical solutions based on correlation rules, behavioral models, statistical methods, machine and deep learning, graph, hypergraph and generative artificial intelligence. It is established that classical and statistical methods do not adapt to new types of attacks, and deep learning, although it achieves high accuracy, is inferior in the interpretability of results and resource requirements. A systematic comparison of known approaches is carried out, the results of which showed the need to transition to hybrid models that combine the advantages of structural and intelligent methods. A conceptual model of cyber incident identification in a SIEM system is proposed based on the integration of fuzzy hypergraph structures and generative artificial intelligence models, where three interconnected levels are applied: structural data representation through fuzzy hypergraphs, generative analysis based on neural network models, and an explanatory XAI (Explanatory Artificial Intelligence) module for generating an interpreted text report. The developed approach provides for the detection of structural patterns in event flows, the formation of forecasts of the development of possible attacks, and the restoration of semantic relationships between security events. The direction of further research is determined, which consists in the development of a fuzzy hypergraph model for representing the security event log of SIEM systems. Theoretical analysis shows that the proposed concept of combining fuzzy hypergraphs and generative artificial intelligence creates the necessary prerequisites for building adaptive and explainable new generation SIEM systems capable of proactive prediction and minimizing false positives.

Keywords: cybersecurity, SIEM, information and communication system, cyber incident, hypergraph, artificial intelligence.

References

  1. Pulyala, S. R. (2024). From detection to prediction: AI-powered SIEM for proactive threat hunting and risk mitigation. Turkish Journal of Computer and Mathematics Education, 15(1), 34-43.
  2. Paidy, P. (2025). Unified Threat Detection Platform with AI, SIEM, and XDR. International Journal of Artificial Intelligence, Data Science, and Machine Learning6(1), 95-104. https://doi.org/10.63282/3050-9262.IJAIDSML-V6I1P111.
  3. Marri, R., Varanasi, S., & Kalidindi Chaitanya, S. V. (2024). Integrating Next-Generation SIEM with Data Lakes and AI: Advancing Threat Detection and Response . Journal of Artificial Intelligence General Science (JAIGS) ISSN:3006-40233(1), 446–465. https://doi.org/10.60087/jaigs.v3i1.263. 
  4. Subach, I. Y., Kubrak, V. O., Mykytiuk, A. V., Korotaiev, S. O. (2020). Zero-day polymorphic cyberattacks detection using fuzzy inference system. Austrian Journal of Technical and Natural Sciences, 5–6, 8–13.
  5. Sarker, I. H., Janicke, H., Ferrag, M. A., & Abuadbba, A. (2024). Multi-aspect rule-based AI: Methods, taxonomy, challenges and directions toward automation, intelligence and transparent cybersecurity modeling for critical infrastructures. Internet of Things, 101110. https://doi.org/10.1016/j.iot.2024.101110. 
  6. Liu, K., Wang, F., Ding, Z., Liang, S., Yu, Z., & Zhou, Y. (2022). A review of knowledge graph application scenarios in cyber security. arXiv preprint arXiv:2204.04769.
  7. Lourenço, B., Adão, P., Ferreira, J. F., Marques, M. M., & Vaz, C. (2025). Structuring Security: A Survey of Cybersecurity Ontologies, Semantic Log Processing, and LLMs Application. arXiv preprint arXiv:2510.16610.
  8. Cotti, L., Drago, I., Rula, A., Bianchini, D., & Cerutti, F. (2025). OntoLogX: Ontology-Guided Knowledge Graph Extraction from Cybersecurity Logs with Large Language Models. arXiv preprint arXiv:2510.01409.
  9. Kalakoti, R., Vaarandi, R., Bahsi, H., & Nõmm, S. (2025). Evaluating explainable AI for deep learning-based network intrusion detection system alert classification. arXiv preprint arXiv:2506.07882. 
  10. Subach, I., & Kubrak, V. (2023). Model of cyber incident identification by SIEM for protection of information and communication systems. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 4(20), 81–92. https://doi.org/10.28925/2663-4023.2023.20.8192

Downloads

Published

2026-04-01

Issue

No. 1 (2026)

Section

Articles