Ensemble Machine Learning Approach For Identifying Real-Time Threats In Security Operations Center

Cyberattacks can be avoided if threats are identified in advance and robust cybersecurity measures are in place to protect infrastructures. However, in recent years, cyber threats and data breaches have become more prevalent, exploiting vulnerabilities and causing significant financial damage and organizational harm. This often involves compromising sensitive personal information, emphasizing the need for proactive defence strategies led by experienced security professionals. Traditional methods of threat detection involve laborious log analysis due to the multitude of logs generated by network devices. However, ensemble machine learning techniques offer automation within intrusion detection systems, streamlining the threat detection process. This study investigates various ensemble methods, such as blending and stacking, to enhance detection capabilities, both manually and automatically identifying potential cyber threats. The methodology involves implementing a stacking blending ensemble model and conducting feature selection to improve performance. Additionally, a web application interface is developed using the Python Flask web framework to facilitate model deployment and management. Evaluation includes testing on real production network traffic and the CICIDS2017 Thursday-WorkingHours-Morning dataset, with intentional web attacks executed to assess system effectiveness. The ensemble model is evaluated using the Thursday Morning Dataset, achieving high precision, recall, and F1-score of 0.99, with an overall accuracy of 99% in binary classification tasks. These results validate the model’s robustness and effectiveness in identifying real-time network traffic patterns and potential security incidents, demonstrating its potential to enhance cybersecurity measures. © (2024), (International Association of Engineers). All rights reserved.