An Integrated Approach to AI-Enhanced Security Information and Event Management

An Integrated Approach to AI-Enhanced Security Information and Event Management

연구 분야: Safety

학회: 2025 International Conference on Computational Robotics, Testing and Engineering Evaluation (ICCRTEE)

An SIEM system enabled by Artificial Intelligence (AI) was proposed to solve the major challenges of current security monitoring practices. The proposed architecture incorporates the use of artificial intelligence at all levels of the security operation center to transform traditional security operations from passive detection to active protection. The system design incorporates the application of machine learning for pattern recognition, contextual analysis, and alert prioritization to overcome the major challenges of traditional SIEM solutions that are based on rules and produce numerous alerts. The detection efficiencies for complicated attack patterns, including APT and zero-day attacks, were found to be significantly higher than those of the conventional systems in the experimental analysis. Integration with high-performance computing provides real-time security data analysis without compromising the performance, whereas the mean time to detection and response is significantly reduced. The effectiveness of the system in detecting threats early, classifying them correctly, and recommending response actions in multiple case studies involving various attacks was demonstrated. The architecture is a major improvement over current security monitoring technologies, and it provides more effective protection against ever-increasing threats with less analyst workload through contextualized and automated alerts.