Graph-analytical method for analysing information security events

Background. The object of the research is information security event logs. The subject of the research is the methods of signature analysis and profiling of information security events. The purpose of the research is to identify the shortcomings of the above methods in identifying information security incidents and to develop a method that eliminates the identified shortcomings. Materials and methods. The analysis of information security events was carried out using the methods of signature analysis, digital profiling and a new graphic-analytical method proposed in the framework of the study. Results. The shortcomings of the methods of signature analysis and profiling of information security events are determined. Identified types of information security incidents that are not included in the visibility of the above methods. The application of the proposed graphic-analytical method makes it possible to eliminate the identified shortcomings, identify unknown types of information security incidents, and expand the functionality of information security monitoring systems in general. Conclusions. The use of the proposed graphic-analytical method for analyzing information security events makes it possible to identify information security incidents that are not included in the visibility zone of signature methods and profiling methods, and also to use them to gain knowledge about the system under study, which is impossible with a visual analysis of the journal itself. The results of applying the method can be further used to identify information security incidents in real time.