Security Information Event Management data acquisition and analysis methods with machine learning principles

Tendikov N. Rzayeva L. Saoud B. Shayea I. Azmi M.H. Myrzatay A. Alnakhli M.
June 2024 Elsevier B.V.

Results in Engineering
2024 #22

In the face of increasing global disruptions, the cybersecurity field is confronting rising threats posed by offensive groups and individual hackers. Traditional security measures often fall short in detecting and mitigating these sophisticated attacks, necessitating advanced intrusion detection methods. The goal of our study is to develop robust network intrusion detection methods using machine learning techniques. In addition, we evaluate the effectiveness of various machine learning models in detecting network intrusions. Model performances are optimized through hyperparameter tuning and feature selection. A range of classification and clustering models have been employed. Data from SIEM systems capturing real-time statistics from cloud-hosted Windows virtual machines has been gathered and augmented with web attack logs from CICIDS2017, each comprising approximately fifteen thousand rows. Hyperparameter tuning, data normalization, standardization and feature selection techniques for model optimization have been used in our study. The research showcases the potential of machine learning in enhancing network intrusion detection capabilities. The findings underscore the effectiveness of the Random Forest Classifier (0.97) and highlight the importance of utilizing diverse datasets and advanced optimization techniques. This study offers valuable insights and sets a foundation for future advancements in cybersecurity strategies and intrusion detection systems.

Brute force , Classification , Clustering , Cybersecurity , Machine learning , Network traffic , SIEM , Text vectorizer , Web attacks

Text of the article Перейти на текст статьи

Department of Intelligent Systems and Cybersecurity, Astana IT University, Astana, 010000, Kazakhstan
LISEA Laboratory, Sciences and Applied Sciences Faculty, University of Bouira, Bouira, 10000, Algeria
Electronics & Communications Engineering Department, Faculty of Electrical and Electronics Engineering, Istanbul Technical University (ITU), Istanbul, 34469, Turkey
Wireless Communication Centre, Faculty of Electrical Engineering, Universiti Teknologi Malaysia, Johor Bahru, 81310, Malaysia
Department of Computer Science, Korkyt Ata Kyzylorda University, Kyzylorda, 120000, Kazakhstan
Electrical Engineering Department, College of Engineering, Prince Sattam Bin Abdulaziz University, Wadi Addwasir, 11991, Saudi Arabia

Department of Intelligent Systems and Cybersecurity
LISEA Laboratory
Electronics & Communications Engineering Department
Wireless Communication Centre
Department of Computer Science
Electrical Engineering Department

10 лет помогаем публиковать статьи Международный издатель

Книга Публикация научной статьи Волощук 2026 Book Publication of a scientific article 2026