Security Information Event Management data acquisition and analysis methods with machine learning principles

Noyan Tendikov, Leila Rzayeva*, Bilal Saoud, Ibraheem Shayea, Marwan Hadri Azmi, Ali Myrzatay, Mohammad Alnakhli

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

1 Citation (Scopus)

Abstract

In the face of increasing global disruptions, the cybersecurity field is confronting rising threats posed by offensive groups and individual hackers. Traditional security measures often fall short in detecting and mitigating these sophisticated attacks, necessitating advanced intrusion detection methods. The goal of our study is to develop robust network intrusion detection methods using machine learning techniques. In addition, we evaluate the effectiveness of various machine learning models in detecting network intrusions. Model performances are optimized through hyperparameter tuning and feature selection. A range of classification and clustering models have been employed. Data from SIEM systems capturing real-time statistics from cloud-hosted Windows virtual machines has been gathered and augmented with web attack logs from CICIDS2017, each comprising approximately fifteen thousand rows. Hyperparameter tuning, data normalization, standardization and feature selection techniques for model optimization have been used in our study. The research showcases the potential of machine learning in enhancing network intrusion detection capabilities. The findings underscore the effectiveness of the Random Forest Classifier (0.97) and highlight the importance of utilizing diverse datasets and advanced optimization techniques. This study offers valuable insights and sets a foundation for future advancements in cybersecurity strategies and intrusion detection systems.

Original languageEnglish
Article number102254
JournalResults in Engineering
Volume22
DOIs
Publication statusPublished - Jun 2024

Bibliographical note

Publisher Copyright:
© 2024 The Author(s)

Keywords

  • Brute force
  • Classification
  • Clustering
  • Cybersecurity
  • Machine learning
  • Network traffic
  • SIEM
  • Text vectorizer
  • Web attacks

Fingerprint

Dive into the research topics of 'Security Information Event Management data acquisition and analysis methods with machine learning principles'. Together they form a unique fingerprint.

Cite this