Formation of requirements for the architecture and functions of cyber security monitoring systems

Abstract

Abstract. The article addresses the challenges and tasks of formulating requirements for the architecture and functions of cybersecurity monitoring systems. These systems, in modern information and communication systems, serve two essential purposes. On one hand, they play a critical role in collecting and analyzing data related to cyberattacks and their timely detection. On the other hand, they act as a tool for studying vulnerabilities and attack conditions during cyber incident investigations to determine adequate organizational and technical countermeasures and ensure their prompt implementation. Based on statistical decision theory, the paper proposes two critical characteristics of cybersecurity monitoring systems: selectivity and sensitivity. The selectivity of a monitoring system is defined by the probability of a Type I error when distinguishing between two hypotheses: H₀, corresponding to the normal functioning state of an automated system, and  H₁, representing a scenario where a cyberattack is being executed. Sensitivity is defined by the probability of a Type II error, where  H₀ is considered correct, despite the actual validity of its alternative. Another significant quantitative metric identified is the response time delay to events within an automated system, which directly impacts the operational efficiency of cybersecurity management. Given the influence of decisions made by the monitoring system on an organization's overall cybersecurity state, the system must ensure the confidentiality and integrity of the information accumulated, processed, and stored. The paper also proposes additional characteristics of monitoring systems that are crucial for their evaluation and certification.

Keywords: cybersecurity monitoring system, cybersecurity, threat, information protection, confidentiality, integrity, SIEM, LMS.

References

1. Smirnova, T., Konstantynova, L., Konoplitska-Slobodeniuk, O., Kozlov, Y., Kravchuk, O., Kozirova, N., & Smirnov, O. (2024). Study of the Current State of SIEM Systems. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 1(25), 6–18. https://doi.org/10.28925/2663-4023.2024.25.618
2. Accorsi, R. (2009). Log data as digital evidence: What secure logging protocols have to offer? 2009 33rd Annual IEEE International Computer Software and Applications Conference, 2, 398–403. doi:10.1109/COMPSAC.2009.166
3. Kusaka et al. (2014) Log Management System and Program. United States Patent US 8,738,625 B2. 47p.
4. Holik, F. et al. (2015) The deployment of security information and event management in cloud infrastructure. 25th International Conference Radioelektronika. 399-404. ISBN 978-1-47998117-5
5. Safarzadeh, M et al. (2019) A Novel and Comprehensive Evaluation Methodology for SIEM. Information Security Practice and Experience, ISPEC 2019 Vol. 1879. 476-488.
6. Gonzalez-Granadillo, G. (2021) Security Information and Event Management (SIEM): Analysis, Trends, and Usage in Critical Infrastructures. SENSORS. 21(14). AN 4759.
7. Gibert, D., Mateu, C., & Planes, J. (2020). The Rise of Machine Learning for Detection and Response: SIEM Evolution. ACM Computing Surveys, 53(4), 85-105. doi:10.1145/3409573
8. Chinenye Cordelia Nnamani (2024) Exploiting AI Capabilities: An in-Depth Analysis of Artificial Intelligence Integration in Cybersecurity for Threat Detection and Response. International Journal of Education, Management, and Technology. 2(3), 2024. 268-286.
9. Mohammad Habibullah Rakib et al. (2022) A Blockchain-Enabled Scalable Network Log Management Journal of           Computer        Science,              18          (6):        496.508 DOI:10.3844/jcssp.2022.496.508
10. Sheeraz, M (2023) Effective Security Monitoring Using Efficient SIEM Architecture. Human-Centric Computing         аnd        Information                    Vol.13   AN         23. DOI:10.22967/HCIS.2023.13.023
11. A. R. (2024) Integrating Predictive Analytics with SIEM for Enhanced Threat Detection. Indian Journal of Information Technology. 4(1), 2024, 1-11. ISSN Online: 2251-2813
12. Conti, M., Dragoni, N., & Lesyk, V. (2016). A Survey of Man in the Middle Attacks. IEEE Communications Surveys & Tutorials, 18(3), 2027-2051. DOI:10.1109/COMST.2016.2548426
13. Hulak, H. M., Zhiltsov, O. B., Kyrychok, R. V., Korshun, N. V., & Skladannyi, P. M. (2024). Information and cyber security of the enterprise. Textbook. Lviv: Publisher Marchenko T. V.