Machine Learning-Driven Anomaly Detection: Strengthening Siem Tools For Robust Cyber Defense

Main Article Content

Rohit Arora , Vikash Kumar Kharbas

Abstract

In the present growing era of technology organizations are producing a large amount of data every day. The security of that data is mainly based on the proper monitoring and prevention technologies. Threat prevention and monitoring in IoT device logs are very important. However, monitoring individually each device is not an easy task. SIEM security information technology is a platform to overcome this issue by collecting all logs in a centralized platform. But traditional SIEM tools also have detection-based issues, they perform only rule-based detection and cannot detect advanced threats and generate many false positives, because of this IT professionals cannot focus on the real threats. To overcome this concern Machine learning is the approach that can detect advanced threats by behaviour-based analysis as per past data. in this research, we used Isolation Forest Algorithm which is best to separate the normal instances and anomalies. This Machine learning approach reduces the false positive rates and increases anomaly detection. this paper aims to reveal the possible changes in the cybersecurity sphere due to the implementation of machine learning and promote further development of the technology as an addition to the existing SIEM systems. Adopting these advancements is an effective way of strengthening the security of any organization, thus providing a safer and more secure digital environment.

Article Details

Section
Articles