Application self-learning system event correlation information security based on fuzzy logic automation in management systems information security

Currently, the most widely used on the market SIEM-systems using the signature event correlation methods of information security, which is due, ease of implementation and flexibility in configuring and further exploitation. This system, built on this principle, are not able to adapt to the rapidly changing IT-landscape by virtue of predetermined information security incidents to which they can respond. The disadvantages of such systems include a large number of false positives and the relative complexity of the configuration and implementation. The article discusses how to use fuzzy logic to construct a self-learning system of information security event correlation as an alternative to the widespread signature methods. The article explains the scheme of the self-learning system event correlation and its advantages over signature-based correlation.