Cyber Anomalies Detection of using ML with Wazuh/ELK (CADM)

Abstract

This project addresses the pressing need for real-time detection and response to cybersecurity anomalies: cyber-attacks and abnormal behaviours. The current challenge is to effectively identify and mitigate threats in the complex cybersecurity systems. Traditional methods often lack the capability to provide timely insights into anomalies, such as file creation, suspicious logins, and network activities, leaving organizations vulnerable to cyber threats. The gravity of this problem is immense because cyber-attacks are becoming more frequent and sophisticated. A fast detection and response system is of prime importance to reduce the damage associated with security breaches. The Wazuh system works in near real time, gathering, analysing, and visualizing data. From this platform, the fundamental innovation lies in applying Machine Learning techniques that detect in real-time anomalies in the logs. Artificial Intelligence algorithms pick out deviations from normal patterns of behaviour, alerting users immediately in case of anomalous events and giving threat assessments with actionable recommendations. The visualization component is user-friendly, facilitated through dashboards of Wazuh and OpenSearch, to enable a user with any amount of expertise to navigate and understand the information displayed easily. The CADM project will be complete with an integrated solution to this urgent problem, providing organizations with a quantum improvement in capability to protect their digital assets against the sophisticated landscape of cyber threats.