| Autors: Nenova, M. V., Iliev, G. L., Hristov M., Avresky D. Title: Integration of Splunk Enterprise SIEM for DDoS Attack Detection in IoT Keywords: SIEM , real-time alert , OSINT , IoT Abstract: Nowadays Security Information and Event Management (SIEM) is a common element of the security stack of every big and medium size company. The SIEM is becoming a vital part of the defense strategy along with firewalls, network Intrusion Prevention System / Intrusion Detection System (IPS/IDS), web/mail security appliances, and Antivirus (AV) solutions. Therefore this paper aims to propose a solution for improving the security posture of an organization by implementing Splunk Enterprise SIEM. The monitoring of various systems in real-time could be a challenge for the security analysts in the Security Operation Center (SOC). With the use of Splunk, all relevant logs are collected and stored in one instance which allows the designing of a “single pane of glass” solution. To illustrate the capabilities of the Splunk Enterprise SIEM, the proposed solution has four real-time alerts for detection of different cases of suspicious and/or malicious activity. One of them is specifically designed References Issue
Copyright IEEE |
Цитирания (Citation/s):
1. M. Selvaganesh, P. Naveen Karthi, V. A. Nitish Kumar and S. R. Prashanna Moorthy, "Efficient Brute-force handling methodology using Indexed-Cluster Architecture of Splunk," 2022 International Conference on Electronics and Renewable Systems (ICEARS), 2022, pp. 697-701, doi: 10.1109/ICEARS53579.2022.9752323. - 2022 - в издания, индексирани в Scopus или Web of Science
2. Adabi Raihan Muhammad, Parman Sukarno, Aulia Arif Wardana, Integrated Security Information and Event Management (SIEM) with Intrusion Detection System (IDS) for Live Analysis based on Machine Learning, Procedia Computer Science, Volume 217, 2023, Pages 1406-1415, ISSN 1877-0509, https://doi.org/10.1016/j.procs.2022.12.339 - 2023 - в издания, индексирани в Scopus или Web of Science
3. Zahid, H.; Hina, S.; Hayat, M.F.; Shah, G.A. Agentless Approach for Security Information and Event Management in Industrial IoT. Electronics 2023, 12, 1831. https://doi.org/10.3390/electronics12081831 - 2023 - в издания, индексирани в Scopus или Web of Science
4. A. Polozhentsev, S. Gnatyuk, R. Berdibayev, V. Sydorenko and O. Zhyharevych, "Novel Cyber Incident Management System for 5G-based Critical Infrastructures," 2023 IEEE 12th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), Dortmund, Germany, 2023, pp. 1037-1041, doi: 10.1109/IDAACS58523.2023.10348645 - 2023 - в издания, индексирани в Scopus или Web of Science
5. Brison, R., Wimmer, H., Rebman, C.M., “Botnet intrusion detection: A modern architecture to defend a virtual private cloud”, Issues in Information Systems, Volume 23, Issue 3, pp. 114-127, 2022, DOI: https://doi.org/10.48009/3_iis_2022_110 - 2022 - в издания, индексирани в Scopus или Web of Science
6. Satybaldina, D., et al. "Детектирование и классификация сетевых атак с помощью Splunk Machine Learning Toolkit." BULLETIN OF THE LN GUMILYOV EURASIAN NATIONAL UNIVERSITY. Mathematics. Computer science. Mechanics series 142.1 (2023): 21-34. - 2023 - от чужди автори в чужди издания, неиндексирани в Scopus или Web of Science
7. Лущевський, Борис Леонідович. Алгоритми машинного навчання для виявлення та прогнозування атак на мережеву інфраструктуру. Diss. Тернопіль, ЗУНУ, 2023. - 2023 - от чужди автори в чужди издания, неиндексирани в Scopus или Web of Science
8. ATT&CK, M. I. T. R. E. "Boiling the Frog: Why a Well Planned Gradual SIEM Migration is Key." - 2024 - от чужди автори в чужди издания, неиндексирани в Scopus или Web of Science
9. Michael Raj Mosas, Azwan Mahmud, Noorlindawaty Binti Md Jizat, Azlan Abd. Aziz, Syamsuri Yaacob, "IoT Performance and Security Analysis Based on WiFi Systems", Proceedings of the Multimedia University Engineering Conference (MECON 2022), pp.3, 2023. - 2023 - в издания, индексирани в Scopus или Web of Science
10. Ali, G., Shah, S., & ElAffendi, M. (2025). Enhancing cybersecurity incident response: AI-driven optimization for strengthened advanced persistent threat detection. Results in Engineering, 25, 104078. https://doi.org/10.1016/j.rineng.2025.104078 - 2025 - в издания, индексирани в Scopus или Web of Science
11. Husselman, Layla. Anomaly Detection with Windows Event Logs: A comparative study between traditional and ML based approaches. MS thesis. University of Zurich, 2024. - 2024 - от чужди автори в чужди издания, неиндексирани в Scopus или Web of Science
12. Mohsen Bin Mohamad Hata, Mohamad Yusof Bin Darus, Muhammad Zul Akmal Bin Shafiee, Elvisianah Petrus, Yasmin Athira Jamian, "A Log Aggregation Design Criteria for Robust SIEM (Security Information and Event Management) in Enhancing Threat Detection", 2023 IEEE 8th International Conference on Recent Advances and Innovations in Engineering (ICRAIE), pp.1-6, 2023. - 2023 - в издания, индексирани в Scopus или Web of Science
13. Zidan, Kamal, et al. "Assessing the Challenges Faced by Security Operations Centres (SOC)." Future of Information and Communication Conference. Cham: Springer Nature Switzerland, 2024. - 2024 - от чужди автори в чужди издания, неиндексирани в Scopus или Web of Science
14. Kamal Zidan, Abu Alam, Qublai Ali Mirza, "A Grid-Matrix Based on Industry Needs to Evaluate Automation in Security Operations Centre (SOC)", 2024 11th International Conference on Future Internet of Things and Cloud (FiCloud), pp.16-20, 2024. - 2024 - в издания, индексирани в Scopus или Web of Science
15. M. Akmal Maliki, Parman Sukarno, Aulia Arif Wardana, "Integration of Heterogeneous IDS with SIEM for DDoS Attack Detection in Computer Networked Multi-Organizational Environments", 2024 5th International Conference on Communications, Information, Electronic and Energy Systems (CIEES), pp.1-7, 2024. - 2024 - в издания, индексирани в Scopus или Web of Science
16. Ibrahim Abubaker, Majdi Owda, Amani Yousef Owda, "Multi-Channel Fusion Model for Data Logs Analysis and Anomaly Detection in Data Centers", 2024 4th International Conference of Science and Information Technology in Smart Administration (ICSINTESA), pp.546-551, 2024. - 2024 - в издания, индексирани в Scopus или Web of Science
17. Sergiy Gnatyuk, Rat Berdibayev, Marek Aleksander, Viktoriia Sydorenko, Oksana Zhyharevych, Artem Polozhentsev, "Software System for Cybersecurity Events Correlation and Incident Management in Critical Infrastructure", Data-Centric Business and Applications, vol.213, pp.247, 2024. - 2024 - в издания, индексирани в Scopus или Web of Science
18. Xinjie Wei, Chang-ai Sun, Xiao-Yi Zhang, "KAD: a knowledge formalization-based anomaly detection approach for distributed systems", Software Quality Journal, 2024. - 2024 - в издания, индексирани в Scopus или Web of Science
19. Ali, Gauhar, Sajid Shah, and Mohammed ElAffendi. "Enhancing cybersecurity incident response: AI-driven optimization for strengthened advanced persistent threat detection." Results in Engineering 25 (2025): 104078. - 2025 - в издания, индексирани в Scopus или Web of Science
20. Nandaputra, Johanes Raphael, Parman Sukarno, and Aulia Arif Wardana. "Detection and Prevention System on Computer Network to Handle Distributed Denial-Of-Service (Ddos) Attack in Realtime and Multi-Agent." Proceedings of the 2024 10th International Conference on Computer Technology Applications. 2024. - 2024 - от чужди автори в чужди издания, неиндексирани в Scopus или Web of Science
21. Mohamad Khayat, Ezedin Barka, Mohamed Adel Serhani, Farag Sallabi, Khaled Shuaib, Heba M. Khater, "Empowering Security Operation Center With Artificial Intelligence and Machine Learning—A Systematic Literature Review", IEEE Access, vol.13, pp.19162-19197, 2025. - 2025 - в издания, индексирани в Scopus или Web of Science
22. Gelgi, Metehan, et al. "Systematic Literature Review of IoT Botnet DDOS Attacks and Evaluation of Detection Techniques." Sensors 24.11 (2024): 3571. - 2024 - в издания, индексирани в Scopus или Web of Science
Вид: публикация в международен форум, публикация в реферирано издание, индексирана в Scopus
