Abstract: This research builds security information and event management (SIEM) based on live analysis integrated with IDS. Merging SIEM systems with Intrusion Detection Systems (IDS) has proved that to be effective tool for enhancing the organizational cyber security defences. Incorporating systems integrated with SIEM to intrusion detection systems can certainly add value to the identification and confrontation of advanced cyber threats. This research is concerned with integrating the ELK stack, which is a robust and scalable open source based SIEM Tool with Suricata which as an Intrusion Detection System stand is powerful. The combination allows for effective detection of threats in real time and provides further information about the attack by analysing network data traffic and events through a pattern recognition algorithm. This framework is composed of Suricata with ELK’s log aggregation and storing and visualization. An algorithm based on machine learning which recognizes patterns of the attack to the system to detect anomalous activities and unusual attack patterns. This algorithm strengthens the system and allows the system to detect the security threats in a real-time, hence responding to new threats. Equally, the study also provides an extensive assessment of performance of system regarding of threat detection of both the common and the new ones. Parameters such as detection accuracy, false positive, and system latency can be reduced. The outcomes illustrate the feasibility of the integrated solution to achieve better detection outcomes and security of the system. For future enhancement it can include AI&ML which enable the system to detect unknown and emerging threats.
Keywords: Live Monitoring, detecting security threats, detection accuracy, ELK (SIEM tool), IDS.
|
DOI:
10.17148/IJARCCE.2024.131127
