Advanced Techniques for Alert Management in Security Information and Event Management Systems With Ensembled Deep Learning, Hybrid Optimization, and Multi-Feature Extraction

Faculty Computer Science Year: 2025
Type of Publication: ZU Hosted Pages:
Authors:
Journal: IEEE Open Journal of the Communications Society IEEE Volume:
Keywords : Advanced Techniques , Alert Management , Security Information    
Abstract:
The emergence of new and more sophisticated threats in cybersecurity has necessitated the improvement of security information and event management (SIEM) systems. The previous versions of these security models faced numerous challenges, such as high false-positive and false-negative rates, resulting in extensive unnecessary alerts or failure to identify real threats. This study discusses the use of attention-based models for improving the performance of SIEM systems via an ensemble deep learning framework. To this end, several types of neural networks, such as long short-term memory networks, convolutional neural networks, and bidirectional recurrent neural networks, were used in this framework. The resulting model could assess temporal patterns and significant characteristics from network data. To reduce processing complexity and improve detection accuracy, an attention mechanism was used to let the model focus on the most relevant parts of the input data. Additionally, alert prioritization was integrated using fuzzy logic to rank threats based on factors such as the confidence level, impact, and frequency of alerts, ensuring the more efficient handling of potential intrusions. An optimized ensemble strategy was developed that incorporated different optimization methods to achieve high precision and speed, making the model more robust against contemporary cybersecurity challenges. Experiment results show that the new approach performs much better than other existing models. By splitting the training data into 70% and 30%, the model achieved an accuracy of 98.52%, precision of 99.40%, F-measure of 97.08% and a false negative rate (FNR) of only 1.14%. When the training data was split into 80% and 20%, the model improved its accuracy to 99.28%, precision to 99.46%, F-measure to 98.67% and had a false positive rate (FPR) of just 0.1%. Experiments revealed that the proposed model successfully detected and effectively prioritized intrusions more effectively than other models while maintaining higher accuracy rates and lower false alarm levels.
    
     
 
       

Author Related Publications

    Department Related Publications

    • Walid Ibrahim Ibrahim Khedr, "Ad-hoc on Demand Authentication Chain Protocol - An Authentication Protocol for Ad-Hoc Networks", Institute for Systems and Technologies of Information, Control and Communication, 2015 More
    • Khalied Mohamed Hosny, "Robust Color Image Hashing Using Quaternion Polar Complex Exponential Transform for Image Authentication", Springer, 2018 More
    • Ehab Roshdy Mohamed, "Efficient compression of volumetric medical images using Legendre moments and differential evolution", Springer, 2020 More
    • Asmaa Mohamed Khalid Mohamed Abbas, "Efficient compression of volumetric medical images using Legendre moments and differential evolution", Springer, 2020 More
    • Khalied Mohamed Hosny, "Efficient compression of volumetric medical images using Legendre moments and differential evolution", Springer, 2020 More
    Tweet