Effective Rules for a Rule-Based SIEM System in Detecting DoS Attacks: An Association Rule Mining Approach

In today’s interconnected digital landscape, Security Information and Event Management (SIEM) systems play a vital role as the frontline defense against cyber threats, providing prompt detection of the most common cyber-threats. As Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks remain among the most challenging hazards for organizations worldwide, their quick and effective detection is a major concern. This research paper explores innovative methods to enhance the effectiveness of rule-based SIEM systems in detecting DoS and DDoS attacks. The SIEM rule sets are augmented leveraging Association Rule Mining (ARM), a data mining technique for uncovering hidden relationships within dataset’s features. By identifying and applying association rules to network traffic data, our methodology aims to strengthen SIEM rules, ultimately leading to more accurate DDoS attack detection.