Browsing by Author "Behailu Adugna"

Now showing 1 - 1 of 1
  • No Thumbnail Available
    Item
    A Multimodal Security Information and Event Management Solution Empowered by Deep Learning and Alert Fusion
    (Addis Ababa University, 2024-11) Behailu Adugna; Sileshi Demisie (PhD)
    The cybersecurity threat landscape is marked by a growing number of increasingly complex and sophisticated attacks affecting organizations across various sectors. In response, solutions like SIEM systems are essential for providing centralized threat detection, real-time analysis, and compliance support, making them integral to modern cybersecurity strategies. One of the reasons for this is that SIEM solutions collect and aggregate log data from across an organization's IT infrastructure, providing a single pane of glass for monitoring security events. And this centralized approach is essential for identifying threats that span multiple systems and environments, identifying indicative patterns of attacks such as privilege escalation and polymorphic malware, helping proactively identify signs of unusual data accesses or exfiltration before significant damage occurs. Furthermore, SIEM solutions support compliance by maintaining detailed audit logs and providing preconfigured reporting tools. However, SIEM systems usually encounter significant challenges in effectively identifying and responding to sophisticated cyberattacks. Since they rely heavily on predefined rules, even if complex correlations, and signatures, they struggle to adapt to novel attack techniques that do not match the predefined patterns. They often lack sophisticated analytics capabilities such as deep learning and behavioral analysis, which deprives them of the effectiveness at detecting advanced threats. Furthermore, they frequently produce an overwhelming volume of alerts, many of which are irrelevant or false positives. This leads to alert fatigue, causing cybersecurity analysts to become desensitized to alerts and increase the risk of overlooking critical incidents. This research proposes a multimodal architecture of SIEM designed to overcome current limitations in threat detection by integrating diverse data sources, including network traffic and event logs. The solution utilizes advanced neural networks to analyze intricate relationships within network connection features and their temporal dependencies. By further employing alert fusion, it creates a melting-pot for alerts from different sources that can provide a more comprehensive and complementary understanding of potential threats that can address the issue of false positives.