Abstract
Cybersecurity is a crucial aspect of modern information technology, encompassing safeguarding computer systems, network resources, and information from cyberattacks. Wazuh is an open-source security information and event management (SIEM) technology for real-time attack detection but faces challenges like log analysis complexity and alert overloading, which raises the number of false-positive alerts and affects accuracy. This paper presents three hierarchical models for real-time attack prediction using Wazuh to gather real-time dataset from various network endpoints and then preprocess them using a variety of tools. Subsequently, mutual-information, principal component analysis (PCA), and independent component analysis (ICA) are utilized for feature reduction and selection to extract important features for each model individually. Finally, for training and testing purposes, the types of attacks are classified using the long-short-term memory (LSTM) method. In the second stage, real-time attacks are utilized to assess the performance of the suggested models for real-time attack detection. The experimental findings demonstrate that the suggested approaches performed better on binary and multiclass classification in terms of accuracy, recall, precision, and F-measures and were superior to previous methods in terms of accuracy.
Keywords
Cyberattack, Cybersecurity, ICA, LSTM, Mutual information, PCA, Wazuh SIEM
Subject Area
Computer Science
Article Type
Article
First Page
3114
Last Page
3132
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.
How to Cite this Article
Younus, Zeyad Safaa and Alanezi, Mafaz
(2025)
"Proactive SIEM-Based Framework for Cyberattack Monitoring and Classification,"
Baghdad Science Journal: Vol. 22:
Iss.
9, Article 26.
DOI: https://doi.org/10.21123/2411-7986.5067