SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM) ENHANCEMENT USING MACHINE LEARNING FOR DETECTING CYBER ATTACKS

Network security is a crucial component of Information Technology, yet organizations continue to grapple with meeting established security benchmarks. Given the rise in cyber attacks and the continuous emergence of new attack types, it's practically infeasible to persistently update attack patterns or signatures within security parameters. Key tools such as Intrusion Detection Systems (IDS) and Security Information and Event Management (SIEM) are instrumental in monitoring network traffic and identifying potential threats. However, these tools face limitations, such as the high volume of alerts produced by IDS and the use of rule-based method, also the inability of SIEM tools to analyze logs comprehensively to identify inappropriate activities. This research will conduct anomaly detection using machine learning process to classify cyber attacks network flow collected from IDS that installed inside network infrastructure. This process will also be integrated with SIEM. The algorithm used in this research is Random Forest Classifier using CSE-CID-IDS2018 dataset analyzed with Principal Component Analysis (PCA). Results of research shows that the application of PCA on balanced and imbalanced datasets demonstrates its effectiveness in dimensionality reduction, achieving high accuracy across training/testing splits, while balanced datasets, despite a slight decrease in accuracy, ensure fair class representation and efficient data management, particularly vital in resource-limited settings.

Keywords—Network Security, IDS, SIEM, Machine Learning, Principal Component Analysis.