•  
  •  
 

Abstract

Cybersecurity is a crucial aspect of modern information technology, encompassing safeguarding computer systems, network resources, and information from cyberattacks. Wazuh is an open-source security information and event management (SIEM) technology for real-time attack detection but faces challenges like log analysis complexity and alert overloading, which raises the number of false-positive alerts and affects accuracy. This paper presents three hierarchical models for real-time attack prediction using Wazuh to gather real-time dataset from various network endpoints and then preprocess them using a variety of tools. Subsequently, mutual-information, principal component analysis (PCA), and independent component analysis (ICA) are utilized for feature reduction and selection to extract important features for each model individually. Finally, for training and testing purposes, the types of attacks are classified using the long-short-term memory (LSTM) method. In the second stage, real-time attacks are utilized to assess the performance of the suggested models for real-time attack detection. The experimental findings demonstrate that the suggested approaches performed better on binary and multiclass classification in terms of accuracy, recall, precision, and F-measures and were superior to previous methods in terms of accuracy.

Keywords

Cyberattack, Cybersecurity, ICA, LSTM, Mutual information, PCA, Wazuh SIEM

Subject Area

Computer Science

Article Type

Article

First Page

3114

Last Page

3132

Creative Commons License

Creative Commons Attribution 4.0 International License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Share

COinS