Methodology of formation of fuzzy associative rules with weighted attributes from SIEM database for detection of cyber incidents in special information and communication systems

The article presents the method of forming associative rules from database SIEM system for detecting cyber incidents, which is based on theory fuzzy sets and methods data mining. On basis conducted analysis, a conclusion was made about expediency incidents in special information communication systems (SICS) by applying rule-oriented methods. necessity mining technologies, particular, to supplement knowledge base (KB) with aim improving its characteristics process substantiated. For effective application incident detection models built sets, use rule search proposed, allow processing heterogeneous are transparent perception. mathematical apparatus considered examples given. In order increase effectiveness searching it proposed weighting coefficients attributes that characterize degree manifestation their importance rule. A formal formulation problem weighted used identification scheme formation proposed. determining relative DB formulated solution finding elements have support at least given one form Methods