MACHINE LEARNING ALGORITHMS IN SIEM SYSTEMS FOR ENHANCED DETECTION AND MANAGEMENT OF SECURITY EVENTS

Abstract

As cyber threats become increasingly sophisticated, traditional Security Information and Event Management (SIEM) systems face challenges in effectively identifying and responding to these dangers. This research presents the development of a SIEM system integrated with machine learning (ML) to enhance threat detection, anomaly identification, and automated incident response. The integration of ML allows the SIEM system to go beyond conventional rule-based approaches, enabling the detection of previously unknown threats by learning from historical data. The system employs advanced algorithms to analyze large-scale log data and network traffic, providing real-time insights and reducing false positives. Key features of this SIEM include anomaly detection, predictive analytics, and adaptive thresholds, which allow it to adjust dynamically based on contextual data. By adapting to new and evolving cyber threats, the system provides a more resilient and proactive defense against potential attacks. The results indicate that integrating machine learning into SIEM systems can offer organizations a more effective, scalable, and adaptive security solution, ensuring the protection of critical infrastructure and data in a rapidly changing digital landscape.