The process of analytical processing of information security incidents has several drawbacks described in this article. A structural model of the subsystem of analytical data processing of the monitoring system of a threat to the information security of the objects of critical information infrastructure is built and the process of its functioning is described. Based on probability theory, a process is described for predicting the occurrence of an information security incident in advance, due to both random and independent information security events, and a targeted attack on information resources.
The subject of the article is the methodology of analytical processing of information security events in the monitoring system, a threat to the information security of critical information infrastructure facilities.
The purpose of the article is to increase the likelihood of detecting an information security incident by retrospectively analyzing information security events distributed over time, and to timely warn of a possible occurrence of an information security incident by predicting its occurrence, which in turn leads to an increase in the security of information systems. Thus, in contrast to the existing model of correlation of information security events, to reduce the time of detection of an information security incident in a given time interval.
The research methodology allows us to solve two related but different tasks: “accounting problem” and “probabilistic problem”. Within the framework of the “accounting task”, the solution boils down to one goal - to determine the proportion of the occurrence of an information security incident at various levels of its occurrence. As part of the solution of the “probabilistic problem”, the methodology determines the probability of an information security incident on the basis of an accidental receipt of information security event chains at the entrance.
The research results allow us to eliminate the shortcomings of existing systems for detecting computer attacks, such as distributed over time, and also to apply the developed methodology to create advanced tools for automated systems that can function stably under conditions of conducting distributed time attacks of computer attacks.