2692-4048ISSN (Online)
2770-0070ISSN (Print)
Volume 18 , Issue 2 , PP: 01-23, 2025 | Cite this article as | XML | Html | PDF | Full Length Article
Abdullah Alenizi 1
Doi: https://doi.org/10.54216/FPA.180201
SIEM, which stands for Security Information and Event Management, is a collection of services and solutions that give businesses the capacity to gather, examine, and handle security-related data in real time from all areas of their IT infrastructure. This study presents AlertFusion-OptiNet, a sophisticated SIEM alert management architecture intended for effective alert handling and intrusion detection. The proposed CMRO algorithm (a hybrid of Coot Bird Optimization and Mug Ring Algorithm) is used to select the best features after the system integrates data from multiple sources (raw logs, network traffic, and security alerts), applies preprocessing to eliminate redundancy and inconsistencies, and extracts features using techniques like LDA, GloVe, statistical analysis, and DWT. PCA is then used to reduce dimensionality. The shortcomings of current intrusion detection systems include delayed alert replies, poor feature selection, and ineffective management of heterogeneous datasets. Two-channel CNNs, LSTM, and Bi-RNNs are used in AlertFusion-OptiNet's hybrid detection model to improve accuracy and real-time detection, while AlertQ-Net uses reinforcement learning to handle and monitor alerts continuously. The proposed AlertFusion-OptiNet accomplished 99.43% and outruns SOTA models.
Security Information and Event Management , Intrusion Detection , Deep Learning , Reinforcement Learning , Alert Management , Hybrid Optimization
[1] F. I. F. Farrel, I. Mardianto, M. Kom, and M. T. I. Ir Adrian Sjamsul Qamar, "Implementation of Security Information & Event Management (SIEM) Wazuh with Active Response and Telegram Notification for Mitigating Brute Force Attacks on The GT-I2TI USAKTI Information System," Intelmatics, vol. 4, no. 1, pp. 1–7, 2024.
[2] F. Uccello, M. Pawlicki, . ’ , R. Kozik, and . ś, "Towards Hybrid NIDS: Combining Rule-Based SIEM with AI-Based Intrusion Detectors," in International Conference on Advances in Computing Research, Cham: Springer Nature Switzerland, pp. 244–255, Mar. 2024.
[3] T. Thepa, P. Ateetanan, P. Khubpatiwitthayakul, and S. Fugkeaw, "Design and Development of Scalable SIEM as a Service using Spark and Anomaly Detection," in 2024 21st International Joint Conference on Computer Science and Software Engineering (JCSSE), IEEE, pp. 199–205, Jun. 2024.
[4] S. Muneer, U. Farooq, A. Athar, M. Ahsan Raza, T. M. Ghazal, and S. Sakib, "A Critical Review of Artificial Intelligence Based Approaches in Intrusion Detection: A Comprehensive Analysis," Journal of Engineering, vol. 2024, no. 1, p. 3909173, 2024.
[5] N. Tendikov, L. Rzayeva, B. Saoud, I. Shayea, M. H. Azmi, A. Myrzatay, and M. Alnakhli, "Security Information Event Management data acquisition and analysis methods with machine learning principles," Results in Engineering, vol. 22, p. 102254, 2024.
[6] M. T. A. Tashfeen, "Intrusion detection system using AI and machine learning algorithm," in Cyber Security for Next-Generation Computing Technologies, CRC Press, pp. 120–140, 2024.
[7] A. Singh, S. K. Singh, A. Chhabra, G. Singh, S. Kumar, and V. Arya, "Detailed Evolution Process of CNN-Based Intrusion Detection in the Context of Network Security," in Digital Forensics and Cyber Crime Investigation, CRC Press, pp. 70–87, 2024.
[8] A. S. Shaik and A. Shaik, "AI Enhanced Cyber Security Methods for Anomaly Detection," in International Conference on Machine Intelligence, Tools, and Applications, Cham: Springer Nature Switzerland, pp. 348–359, Apr. 2024.
[9] N. S. Sania, Y. Gigras, and S. Mahajan, "Gatividhi Guard: The Activity Guardian—Revolutionizing Security Information and Event Management (SIEM) Technology," Journal of Operating Systems Development & Trends, vol. 11, no. 1, pp. 29–44, 2024.
[10] A. R. Muhammad, P. Sukarno, and A. A. Wardana, "Integrated security information and event management (SIEM) with intrusion detection system (IDS) for live analysis based on machine learning," Procedia Computer Science, vol. 217, pp. 1406–1415, 2023.
[11] E. Tuyishime, T. C. Balan, P. A. Cotfas, D. T. Cotfas, and A. Rekeraho, "Enhancing cloud security—proactive threat monitoring and detection using a SIEM-based approach," Applied Sciences, vol. 13, no. 22, p. 12359, Nov. 2023.
[12] M. Azmi Bin Mustafa Sulaiman, M. Adib Khairuddin, M. Rizal Mohd Isa, M. Nazri Ismail, M. Afizi Mohd Shukran, and A. Abu Bakar Sajak, "SIEM Network Behaviour Monitoring Framework using Deep Learning Approach for Campus Network Infrastructure," International Journal of Electrical and Computer Engineering Systems, (Special Issue), pp. 9–21, 2021.
[13] S. R. Pulyala, "The Future of SIEM in a Machine Learning-Driven Cybersecurity Landscape," Turkish Journal of Computer and Mathematics Education (TURCOMAT), vol. 14, no. 03, pp. 1309–1314, 2023.
[14] A. Esseghir, F. Kamoun, and O. Hraiech, "AKER: An open-source security platform integrating IDS and SIEM functions with encrypted traffic analytic capability," Journal of Cyber Security Technology, vol. 6, no. 1–2, pp. 27–64, 2022.
[15] D. Kothandaraman, S. S. Prasad, and P. Sivasankar, "Vulnerabilities Detection in Cybersecurity Using Deep Learning–Based Information Security and Event Management," in Artificial Intelligence and Deep Learning for Computer Network, Chapman and Hall/CRC, pp. 81–98, 2023.
[16] M. Sheeraz, M. H. Durad, M. A. Paracha, S. M. Mohsin, S. N. Kazmi, and C. Maple, "Revolutionizing SIEM Security: An Innovative Correlation Engine Design for Multi-Layered Attack Detection," Sensors, vol. 24, no. 15, p. 4901, 2024.
[17] N. Moukafih, G. Orhanou, and S. El Hajji " ‐ H Low Computation for Intrusion Detection in SIEM/IDS Systems," Security and Communication Networks, vol. 2020, no. 1, p. 3512737, 2020.
[18] B. Al-Duwairi, W. Al-Kahla, M. A. AlRefai, Y. Abedalqader, A. Rawash, and R. Fahmawi, "SIEM-based detection and mitigation of IoT-botnet DDoS attacks," International Journal of Electrical and Computer Engineering, vol. 10, no. 2, p. 2182, 2020.
[19] O. Ahmed, "Enhancing Intrusion Detection in Wireless Sensor Networks through Machine Learning Techniques and Context Awareness Integration," International Journal of Mathematics, Statistics, and Computer Science, vol. 2, pp. 244–258, 2024.
[20] T. Ban, T. Takahashi, S. Ndichu, and D. Inoue, "Breaking alert fatigue: AI-assisted SIEM framework for effective incident response," Applied Sciences, vol. 13, no. 11, p. 6610, 2023.
[21] M. Amru, R. J. Kannan, E. N. Ganesh, S. Muthumarilakshmi, K. Padmanaban, J. Jeyapriya, and S. Murugan, "Network intrusion detection system by applying ensemble model for smart home," International Journal of Electrical & Computer Engineering, vol. 14, no. 3, 2024.
[22] B. Sharma, L. Sharma, C. Lal, and S. Roy, "Explainable artificial intelligence for intrusion detection in IoT networks: A deep learning-based approach," Expert Systems with Applications, vol. 238, p. 121751, 2024.
[23] A. V. Turukmane and R. Devendiran, "M-MultiSVM: An efficient feature selection assisted network intrusion detection system using machine learning," Computers & Security, vol. 137, p. 103587, 2024.
[24] L. O. Joel, W. Doorsamy, and B. S. Paul, "On the Performance of Imputation Techniques for Missing Values on Healthcare Datasets," arXiv preprint arXiv:2403.14687, 2024.
[25] K. Kara, . . Y çı , V. Simic, Z. Baysal, and D. Pamucar, "The alternative ranking using two-step logarithmic normalization method for benchmarking the supply chain performance of countries," Socio-Economic Planning Sciences, vol. 92, p. 101822, 2024.
[26] F. Alrowais, A. A. Jamjoom, H. Karamti, M. Umer, S. Alsubai, T. H. Kim, and I. Ashraf, "RoBERTaNET: Enhanced RoBERTa Transformer Based Model for Cyberbullying Detection with GloVe Features," IEEE Access, 2024.
[27] J. Zimmermann, L. E. Champagne, J. M. Dickens, and B. T. Hazen, "Approaches to improve preprocessing for Latent Dirichlet Allocation topic modeling," Decision Support Systems, p. 114310, 2024.
[28] S. Uddin and H. Lu, "Dataset meta-level and statistical features affect machine learning performance," Scientific Reports, vol. 14, no. 1, p. 1670, 2024.
[29] R. Mehrotra, M. A. Ansari, R. Agrawal, H. ‐ , P. Tripathi, and J. Singh, "An enhanced framework for ‐based machine learning techniques," International Journal of Imaging Systems and Technology, vol. 34, no. 1, p. e22983, 2024.
[30] R. Ranjan and A. Saha, "A novel hybrid multi-criteria optimization of 3D printing process using grey relational analysis (GRA) coupled with principal component analysis (PCA)," Engineering Research Express, vol. 6, no. 1, p. 015080, 2024.
[31] I. Naruei and F. Keynia, "A new optimization method based on COOT bird natural life model," Expert Systems with Applications, vol. 183, p. 115352, 2021.
[32] A. S. Desuky, M. A. Cifci, S. Kausar, S. Hussain, and L. M. El Bakrawy, "Mud Ring Algorithm: A new meta-heuristic optimization algorithm for solving mathematical and engineering challenges," IEEE Access, vol. 10, pp. 50448–50466, 2022.
[33] A. Mahajan, V. Singh, R. Srivastav, S. Kapoor, and E. Singh, "Classification of emotions using a 2-channel convolution neural network," in 2021 8th International Conference on Signal Processing and Integrated Networks (SPIN), IEEE, 2021, pp. 1–7.
[34] H. Yadav and A. Thakkar, "NOA-LSTM: An efficient LSTM cell architecture for time series forecasting," Expert Systems with Applications, vol. 238, p. 122333, 2024.
[35] Y. Shen, C. Shepherd, C. M. Ahmed, S. Yu, and T. Li, "Comparative DQN-improved algorithms for stochastic games-based automated edge intelligence-enabled IoT malware spread-suppression strategies," IEEE Internet of Things Journal, 2024.
[36] M. Hromada, D. Rehak, B. Skobiej, and M. Bajer, "Converged security and information management system as a tool for smart city infrastructure resilience assessment," Smart Cities, vol. 6, no. 5, pp. 2221–2244, 2023.
[37] J. Ghadermazi, A. Shah, and S. Jajodia, "A Machine Learning and Optimization Framework for Efficient Alert Management in a Cybersecurity Operations Center," Digital Threats: Research and Practice, 2024.
[38] H. Zahid, S. Hina, M. F. Hayat, and G. A. Shah, "Agentless approach for security information and event management in industrial IoT," Electronics, vol. 12, no. 8, p. 1831, 2023.
[39] L. Coppolino, L. Sgaglione, . ’ , M. Magliulo, L. Romano, and R. Pacelli, "Risk assessment driven use of advanced SIEM technology for cyber protection of critical e-health processes," SN Computer Science, vol. 3, pp. 1–13, 2022.
