Enhancing centralised cybersecurity for campus network infrastructure using log consolidation processing framework based on SIEM

One major problem commonly faced by network users is an attack on the security of the network especially if the network is vulnerable due to poor security policies.
Network security is largely an exercise to protect not only the network itself but most importantly, the data. This exercise involves hardware and software technology. Secure and effective access management fall under the purview of network security. It focuses on threats both internally and externally, intending to protect and stop the threats from entering or spreading into the network. To address and ensure a secure network requires a complex combination of hardware devices, such as routers, firewalls with anti-malware software applications. Almost all agencies and
companies use highly skilled information security analysts to implement security plans and regularly monitor the effectiveness of this plan. The main contribution of this research is to presents a significant and flexible way of providing centralised log analysis between network devices. To overcome these issues, this research proposes a new framework called Log Consolidation Processing (LCP) based on System Information Event Management (SIEM) technology. As a start, several frameworks based on System Information Event Management (SIEM) technology were studied for different environments. Next, two experiments to detect unauthorised access on external DNS Server and DDoS attacks were conducted to evaluate the effectiveness of the proposed framework. LCP managed to compile and display all potential threats and alert information in a single dashboard using a data mining approach for campus network infrastructure.
Keywords: SIEM, Network Behaviour Monitoring, Log Management, Campus Network Infrastructure