CRYPTOGRAPHIC TRUST MODEL FOR SECURITY EVENTS IN SIEM FOR INTELLIGENT NETWORK INCIDENT GENERATION
DOI: 10.31673/2409-7292.2026.011393
DOI:
https://doi.org/10.31673/2409-7292.2026.011393Abstract
The article proposes an approach to intelligent formation of network incidents in information security event and incident
management systems (SIEM), based on a cryptographic model of trust in security events. The relevance of the study is due to
the intensive digitalization of corporate computer networks, the growth of telemetry volumes, the widespread use of cloud
services and distributed infrastructures, in which traditional event correlation mechanisms are increasingly vulnerable to
manipulation of input data. In most modern SIEM solutions, security events are considered a priori reliable provided that they
come from legitimate logs or sensors, which is risky in environments with a variable level of trust. Under such conditions, events
can be generated by compromised nodes, modified during transmission or storage, or intentionally injected by an attacker in
order to distort the correlation process. The aim of the work is to develop and scientifically substantiate a model within which
each security event is interpreted as a cryptographically formatted statement about the state of a computer network, suitable for
formal verification and quantitative assessment of reliability. It is proposed to transfer trust from the level of telemetry sources
to the level of individual events using cryptographic mechanisms for fixing the origin, integrity, generation context and time
reference. On this basis, an explainable assessment of trust in the event is formed, which is integrated into correlation
mechanisms and used as a weighting factor during the formation of incidents. The article considers the algorithmic principles
of streaming event processing, which combine cryptographic verification, trust assessment and weighted correlation within
correlation windows, ensuring scalability for high-load environments. The practical significance of the results obtained lies in
the possibility of integrating the proposed model into existing SIEM architectures without changing the principles of telemetry
collection, with a reduction in the number of false positives, increased resistance to injection and event substitution, and
improved quality of generated network incidents for further response and SOC operation.
Keywords: SIEM, security events, cryptographic verification, trust model, event correlation, network incidents,
injection, event substitution.
References
1. González-Granadillo, G., González-Zarzosa, S., & Díaz, R. (2021). Security information and event
management (SIEM): Analysis, trends, and usage in critical infrastructures. Sensors, 21(14), Article 4759.
https://doi.org/10.3390/s21144759.
2. Soriano-Salvador, E., & Guardiola-Múzquiz, G. (2021). SealFS: Storage-based tamper-evident logging.
Computers & Security, 108, Article 102325. https://doi.org/10.1016/j.cose.2021.102325.
3. Guardiola-Múzquiz, G., & Soriano-Salvador, E. (2023). SealFSv2: Combining storage-based and ratcheting
for tamper-evident logging. International Journal of Information Security, 22, 447–466. https://doi.org/10.1007/s10207-
022-00643-1.
4. Reijsbergen, D., Maw, A., Yang, Z., Dinh, T., & Zhou, J. (2022). TAP: Transparent and privacy-preserving
data services (arXiv:2210.11702). https://doi.org/10.48550/arXiv.2210.11702.
5. Tendikov, N., Rzayeva, L., Saoud, B., Shayea, I., Bin Azmi, M. H., Myrzatay, A., & Alnakhli, M. (2024).
Security information event management data acquisition and analysis methods with machine learning principles. Results
in Engineering, 22, Article 102254. https://doi.org/10.1016/j.rineng.2024.102254.
6. Maosa, H., Ouazzane, K., & Ghanem, M. C. (2024). A hierarchical security event correlation model for realtime threat detection and response. Network, 4(1), 68–90. https://doi.org/10.3390/network4010004.
7. Velásquez, J. M. L., Monterrubio, S. M. M., Crespo, L. E. S., et al. (2025). SIEM-SC initial assessments:
Towards a sustainable and compliant proposal for security information and event management. International Journal of
Information Security, 24, Article 195. https://doi.org/10.1007/s10207-025-01109-w.
8. Uccello, F., Pawlicki, M., D’Antonio, S., Kozik, R., & Choraś, M. (2024). Effective rules for a rule-based
SIEM system in detecting DoS attacks: An association rule mining approach. In D. S. Huang, P. Premaratne, & C. Yuan
(Eds.), Applied intelligence (Communications in Computer and Information Science, Vol. 2015). Springer.
https://doi.org/10.1007/978-981-97-0827-7_21.
9. Jalalvand, F., Baruwal Chhetri, M., Nepal, S., & Paris, C. (2024). Alert prioritisation in security operations
centres: A systematic survey on criteria and methods. ACM Computing Surveys. https://doi.org/10.1145/3695462.
10. Tariq, S., Baruwal Chhetri, M., Nepal, S., & Paris, C. (2025). Alert fatigue in security operations centres:
Research challenges and opportunities. ACM Computing Surveys, 57, Article 224. https://doi.org/10.1145/3723158.
11. Landauer, M., Skopik, F., Wurzenberger, M., & Rauber, A. (2022). Dealing with security alert flooding: Using
machine learning for domain-independent alert aggregation. ACM Transactions on Privacy and Security, 25(3), Article
18. https://doi.org/10.1145/3510581.
12. Usman, N., Usman, S., Khan, F., Jan, M. A., Sajid, A., Alazab, M., & Watters, P. (2021). Intelligent dynamic
malware detection using machine learning in IP reputation for forensics data analytics. Future Generation Computer
Systems, 118, 124–141. https://doi.org/10.1016/j.future.2021.01.004.
13. Kostiuk, Y., Skladannyi, P., Sokolov, V., & Vorokhob, M. (2025). Models and technologies of cognitive agents
for decision-making with integration of artificial intelligence. In Proceedings of the Modern Data Science Technologies
Doctoral Consortium (MoDaST 2025) (pp. 82–96). CEUR-WS.
14. Li, Z., Chen, Q. A., Yang, R., Chen, Y., & Ruan, W. (2021). Threat detection and investigation with systemlevel provenance graphs: A survey. Computers & Security, 106, Article 102282.
https://doi.org/10.1016/j.cose.2021.102282.
15. Kostiuk, Y., Skladannyi, P., Khorolska, K., Sokolov, V., & Hulak, H. (2025). Application of statistical and
neural network algorithms in steganographic synthesis and analysis of hidden information in audio and graphic files. In
Proceedings of the Workshop on Classic, Quantum, and Post-Quantum Cryptography (CQPC 2025) (pp. 45–65). CEURWS.
16. Li, J., et al. (2022). LogKernel: A threat hunting approach based on behaviour provenance graph and graph
kernel clustering. Security and Communication Networks, Article 4577141. https://doi.org/10.1155/2022/4577141.
17. Kostiuk, Y. (2025). Multi-agent system for detecting and counteracting attacks on the enterprise information
system. In Insider threats and security in corporations (pp. 205–232). https://doi.org/10.36690/ITSC-205-232.
18. Wei, R., Cai, L., et al. (2021). DeepHunter: A graph neural network based approach for robust cyber threat
hunting (arXiv:2104.09806). https://arxiv.org/abs/2104.09806.
19. Skladannyi, P., Kostiuk, Y., Rzayeva, S., & Mazur, N. (2025). Parallel data processing in extensible hash
structures and performance evaluation. Cybersecurity: Education, Science, Technique, 3(31), 242–269.
https://doi.org/10.28925/2663-4023.2025.31.1015.
20. Levshun, D., & Kotenko, I. (2023). Intelligent graph-based correlation of security events in cyber-physical
systems. In S. Kovalev, I. Kotenko, & A. Sukhanov (Eds.), Proceedings of the Seventh International Scientific Conference
“Intelligent Information Technologies for Industry” (IITI’23) (Lecture Notes in Networks and Systems, Vol. 777).
Springer. https://doi.org/10.1007/978-3-031-43792-2_12.
21. Lee, J., Kim, J., Kim, I., & Han, K. (2019). Cyber threat detection based on artificial neural networks using
event profiles. IEEE Access, 7, 165607–165626. https://doi.org/10.1109/ACCESS.2019.2953095.
22.Jha, G. (2025). Security information and event management (SIEM). In Securing the enterprise. Apress.
https://doi.org/10.1007/979-8-8688-1654-3_14.
23. Skladannyi, P. M., Hulak, H. M., & Kostiuk, Y. V. (2025). Generator of chaotic numbers with fuzzy control
for cryptographic systems with dynamic trust. Telecommunication and Information Technologies, 4(89), 137–147.
https://doi.org/10.31673/2412-4338.2025.048916.
