Analysis of Machine Learning (ML) algorithm on System Information and Event Management (SIEM) logs

Security Information and Event Management (SIEM) is one of the essential security measures for enhancing the network's cybersecurity. The SIEM system which is used by Security Operation Centre (SOC) analysts as the central location where all security notifications from various security technologies, such as firewalls, IPS/IDS, and Anti-Virus logs, are gathered and visualized. However, the increasing frequency of cybercrime incidents and a shortage of cybersecurity specialists highlight the need for more effective detection methods. The objective is to conduct a comparative analysis of multiple ML algorithms based on accuracy, Fl scores, recall, precision, computer resource utilization, and feature importance to determine the most effective algorithms for SIEM log analysis. Three algorithms, namely Random Forest, XGBoost, and Isolation Forest are utilized in the research. According to the results, Random Forest has the highest accuracy, precision, recall, and processing speed. XGBoost also performs admirably, with perfect accuracy, excellent precision, and recall, but at a slower rate. Isolation Forest is inferior in terms of precision, accuracy, and Fl score, as well as processing time. This research is hoped to contribute to the field of cybersecurity and can guide future research and the selection of ML algorithms for SIEM log analysis.