Machine learning algorithms in SIEM systems for enhanced detection and management of security events
Views: 215 / PDF downloads: 215
DOI:
https://doi.org/10.32523/bulmathenu.2024/3.1Keywords:
cyber threats, machine learning, SIEM, information security management, incident response, critical infrastructureAbstract
As cyber threats become increasingly sophisticated, traditional Security Information and Event Management (SIEM) systems face challenges in effectively identifying and responding to these dangers. This research presents the development of a SIEM system integrated with machine learning (ML) to enhance threat detection, anomaly identification, and automated incident response. The integration of ML allows the SIEM system to go beyond conventional rule-based approaches, enabling the detection of previously unknown threats by learning from historical data. The system employs advanced algorithms to analyze large-scale log data and network traffic, providing real-time insights and reducing false positives. Key features of this SIEM include anomaly detection, predictive analytics, and adaptive thresholds, which allow it to adjust dynamically based on contextual data. By adapting to new and evolving cyber threats, the system provides a more resilient and proactive defense against potential attacks. The results indicate that integrating machine learning into SIEM systems can offer organizations a more effective, scalable, and adaptive security solution, ensuring the protection of critical infrastructure and data in a rapidly changing digital landscape.
References
Bhatt S. N., Manadhata P. K., Zomlot L.The operational role of security information and event management systems // IEEE Security Privacy Magazine. – 2014. – № 12. P. 35–41. DOI: https://doi.org/10.1109/MSP.2014.103
Thakur K., Kopecky S., Nuseir M., Ali L., Qiu M. An Analysis of Information Security Event Managers // IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud). - 2016. – Vol. 6. – pp. 210-215. doi: 10.1109/cscloud.2016.19. DOI: https://doi.org/10.1109/CSCloud.2016.19
Holm H. Signature based intrusion detection for zero-day attacks: (Not) a closed chapter? // 47th Hawaii International Conference on System Sciences. - 2014. – P. 4895-4904. doi: 10.1109/hicss.2014.600. DOI: https://doi.org/10.1109/HICSS.2014.600
Di Sarno C., Garofalo A., Matteucci I., Vallini M. A novel security information and event management system for enhancing cyber security in a hydroelectric dam // International journal of critical infrastructure protection. - 2016. – Vol. 13. – P. 39–51.doi: 10.1016/j.ijcip.2016.03.002. DOI: https://doi.org/10.1016/j.ijcip.2016.03.002
Jordan M., Mitchell T. M. Machine learning: Trends, perspectives, and prospects // Science. — 2015. – Vol. 349. – P. 255–260. DOI: https://doi.org/10.1126/science.aaa8415
Zhou Zh. Machine learning. – Springer nature. – 2021. – 459 p. DOI: https://doi.org/10.1007/978-981-15-1967-3
Naqa I. E., Murphy M. J. What is machine learning? – Springer eBooks – 2015.
Alzubi J., Nayyar A., Kumar A. Machine learning from theory to algorithms: an overview // Journal of Physics. – 2018. – № 1142. P. 1-15. DOI: https://doi.org/10.1088/1742-6596/1142/1/012012
Aljawarneh S., Aldwairi M., Yassein M. B. Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model // Journal of Computational Science. – 2018. – № 25. P. 152-160. DOI: https://doi.org/10.1016/j.jocs.2017.03.006
Aidynov T., Goranin N., Satybaldina D., Nurusheva A. A systematic literature review of current trends in electronic voting system protection using modern cryptography // Applied sciences – 2024. – Vol. 14, № 7. DOI: https://doi.org/10.3390/app14072742
Abdiraman A., Goranin N., Balevicius S., Nurusheva A., Tumasonienė I. Application of multicriteria methods for improvement of information security metrics // Sustainability. – 2023. – Vol. 15, № 10. DOI: https://doi.org/10.3390/su15108114