Management of information and security events of computer systems using logical-dynamic models

The article discusses one of the possible approaches to the organization of information management and security events of computer systems. The analysis of the known research results shows that the existing information and security event management systems are characterized by a number of functional limitations that prevent the achievement of a given level of management quality. These limitations are associated with the impossibility of optimal interpretation of security events and ensuring the full adaptive management of these incidents, taking into account real changes in the behavior of threats. Therefore, the purpose of the article is to offer an effective approach to the synthesis of algorithmic and software for information and security event management systems, the implementation of which will expand their capabilities by forming, depending on the dynamics of threats, automatic scenarios for responding to incidents. To achieve this goal, the fundamental provisions of the theory of logical-dynamic systems are used in modeling the processes of organization of information management and security events of computer systems. Based on this theory, a logical-dynamic model of information and security event management has been proposed, which has differences from existing models (for example, Petri Nets, Markov Chains, Bayesian Networks). The use of this model makes it possible to formalize the collection, processing and analysis of information about incidents, as well as to develop algorithms for their compensation. It is noted that the use of logical-dynamic models allows taking into account the complexity and dynamism of processes in computer systems, as well as the incompleteness of information about security events. An algorithm is presented that synergizes information about various incidents of computer systems and their processing in arrays of security events in order to further respond to these destructive events. The proposed algorithm has a number of advantages, including adaptability and flexibility. The practical significance of the work lies in the possibility of implementing the obtained research results to improve the existing and develop promising systems for protecting computer systems, which are part of the structure of critical information infrastructure facilities. The novelty of the proposed approach lies in the combination of traditional signature and behavioral methods of threat identification with their logical-dynamic analysis. This allows you to increase the accuracy and efficiency of detecting dangerous anomalies in computer systems.