Use of Machine Learning Algorithms with SIEM for Attack Prediction

Anumol, E. T.

doi:10.1007/978-81-322-2012-1_24

E. T. Anumol⁵

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 308))

3036 Accesses
7 Citations

Abstract

In the recent years, organizations face the ever growing challenge of providing security in the network infrastructure. An intrusion detection system is essentially a spruced up, intelligent variant of a firewall which does deep packet analysis which generate alerts but cannot predict multistep attacks. In this work, we propose an intrusion prediction system (IPS) with the extension of a commercial SIEM framework, namely open source security information management (OSSIM), to perform the event analysis and to predict future probable multistep attacks before they pose a serious security risk. Security information and event management (SIEM) framework affirms network protection by the correlation and management of network log files. Data mining techniques are used for processing of all normalized data from OSSIM and also for classification.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 169.00; Price excludes VAT (USA)

Softcover Book: USD 219.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Liu, S., Zhou, Z., Zhan, M.: Toward intelligent intrusion prediction for wireless sensor networks using three-layer brain-like learning. Int. J. Distrib. Sens. Netw. 2012(243841), 14 (2012)
Google Scholar
MeeraGandhi, G.: Machine learning approach for attack prediction and classification using supervised learning algorithms. Int. J. Comput. Sci. Commun. 1(2), July–December (2010)
Google Scholar
Abadyz, C., Taylory, J., Senguly, C.: Log Correlation for Intrusion Detection: A Proof of Concept
Google Scholar
Zope, A.R., Vidhate, A.: Data minding approach in security information and event management. J. Future Comput. Commun. (2013)
Google Scholar
Oo, T.T., Phyu, T.: A statistical approach to classify and identify DDoS attacks using UCLA dataset. Int. J. Adv. Res. Comput. Sci. Technol. (IJARCET) 2(5) (2013)
Google Scholar
Hu, W., Liao, Y., Vemuri, V.R.: Robust Anomaly Detection Using Support Vector Machines
Google Scholar

Download references

Author information

Authors and Affiliations

TIFAC Core in Cyber Security, Amrita Vishwa Vidyapeetham, Coimbatore, Tamil Nadu, India
E. T. Anumol

Authors

E. T. Anumol
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to E. T. Anumol .

Editor information

Editors and Affiliations

University of Canberra, Faculty of Education, Science, Technology and Mathematics, Canberra, Australia, and University of South Australia, Adelaide, South Australia, Australia
Lakhmi C. Jain
Department of Computer Science and Engin, SOA University, Bhubaneswar, Odisha, India
Srikanta Patnaik
Department of Premier and Cabinet, Office of the Chief Information Officer, Adelaide, South Australia, Australia
Nikhil Ichalkaranje

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Anumol, E.T. (2015). Use of Machine Learning Algorithms with SIEM for Attack Prediction. In: Jain, L., Patnaik, S., Ichalkaranje, N. (eds) Intelligent Computing, Communication and Devices. Advances in Intelligent Systems and Computing, vol 308. Springer, New Delhi. https://doi.org/10.1007/978-81-322-2012-1_24

Download citation

DOI: https://doi.org/10.1007/978-81-322-2012-1_24
Published: 26 August 2014
Publisher Name: Springer, New Delhi
Print ISBN: 978-81-322-2011-4
Online ISBN: 978-81-322-2012-1
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics