Integrated Security Information and Event Management (SIEM) with Intrusion Detection System (IDS) for Live Analysis based on Machine Learning

Abstract

This research builds Security Information & Event Management (SIEM) based on live analysis using machine learning on Intrusion Detection System (IDS). To implement a live analysis technique on IDS using machine learning that is integrated with SIEM, we need a combined system with many processes and services. All processes and services must be orchestrated and combined into one system to make live analysis work. Selection of the right components to be combined into a system that can build live analysis techniques on IDS using machine learning that are integrated with SIEM is needed. In addition, an open-source system for easy deployment is needed in the industrial application. Therefore, this research tries to build the system using most common open-source components for cyberattack live analysis, detection, and monitoring. This research uses a combination of Elastic (ELK) Stack, Slips, and Zeek IDS to build the system. To ensure that the components selected are correct, robust, and reliable, it is necessary to measure the performance of the combined system. Measurement focuses on measuring the performance of resource consumption (CPU and RAM). The proposed system is testing using Denial of Service (DoS) test with 344.1/sec packet. The performance testing shows Elasticsearch is the most component that uses CPU and RAM consumption with 78% of CPU usage and 2300 Mb of RAM usage. The least CPU and RAM consumption is Zeek with 3.5% CPU usage and 225 Mb RAM usage. The proposed system also worked for detecting DoS attacks on the network.