FIELD: computer engineering.
SUBSTANCE: method of eliminating duplicate correlation chains of events when detecting information security incidents includes steps of: obtaining information from computers in a network; generating an attribute-containing event based on the received information; determining the created correlation chain, wherein for the first event of each determined correlation chain, fixing the attributes based on the corresponding correlation rule; comparing the generated event with the first event from each determined correlation chain, during which the similarity of attributes is determined; if the correlation chain complies with the correlation rule, an information security incident is detected.
EFFECT: reduction of false positives when detecting information security incidents.
14 cl, 6 dwg
| Title | Year | Author | Number |
|---|---|---|---|
| SYSTEM AND METHOD OF CORRELATING EVENTS FOR DETECTING INFORMATION SECURITY INCIDENT | 2019 |
|
RU2739864C1 |
| METHOD OF COMPUTER SECURITY DISTRIBUTED EVENTS INVESTIGATION | 2015 |
|
RU2610395C1 |
| SYSTEM AND METHOD FOR PREDICTING SIGNS OF INFORMATION SECURITY INCIDENTS IN AUTOMATED CONTROL SYSTEMS | 2023 |
|
RU2815595C1 |
| METHOD FOR FAST FILTERING OF DATA SETS ON COMPUTER INCIDENTS OF INFORMATION SECURITY | 2023 |
|
RU2828162C1 |
| METHOD FOR FILTERING EVENTS FOR TRANSMISSION TO REMOTE DEVICE | 2022 |
|
RU2813239C1 |
| SYSTEM AND METHOD FOR AUTOMATIC INVESTIGATION OF SAFETY INCIDENTS | 2011 |
|
RU2481633C2 |
| INFORMATION SECURITY INCIDENT RESPONSE SYSTEM AND METHOD | 2023 |
|
RU2824732C1 |
| METHOD AND SYSTEM OF TCP SESSION DATA COLLECTION BETWEEN PARTICIPANTS | 2024 |
|
RU2833442C1 |
| METHOD FOR ADJUSTING THE PARAMETERS OF A MACHINE LEARNING MODEL IN ORDER TO IDENTIFY FALSE TRIGGERING AND INFORMATION SECURITY INCIDENTS | 2020 |
|
RU2763115C1 |
| METHOD FOR GENERATING THE SIGNATURE OF AN UNWANTED ELECTRONIC MESSAGE | 2021 |
|
RU2776924C1 |
