NextGen-SIEM | AI-Powered Threat Detection

NEXTGEN-SIEM
AN AI-POWERED THREAT & ANOMALY DETECTION SYSTEM

Powered by Elastic Stack (ELK) with Isolation Forest unsupervised ML for real-time anomaly detection. Transforms passive monitoring into a proactive, intelligent SOC assistant that identifies zero-day threats and unknown attack patterns automatically.

ELK

STACK ENGINE

ISO-F

ML MODEL

POLL INTERVAL

24/7

MONITORING

01 LIVE ALERT FEED

HIGH PRIORITY

Brute Force Detected CRITICAL

SRC: 192.168.1.45DST: 10.0.0.1 14:22:07 UTC

Port Scan Activity HIGH

SRC: 10.10.5.23PORTS: 22,80,443,8080 14:19:33 UTC

Anomaly Score Elevated MEDIUM

MODEL: IsolationForestSCORE: -0.412 14:17:11 UTC

Unusual Login Time LOW

USER: jsmithHOST: WS-014 14:10:55 UTC

DNS Tunneling Pattern MEDIUM

SRC: 172.16.0.55QUERIES: 847/min 14:08:20 UTC

02 SYSTEM ARCHITECTURE

ELK STACK

Endpoint Logs Endpoint

Fleet server INGEST

Elasticsearch CORE INDEX

Isolation Forest (ML) anomaly_detector.pkl

Kibana Dashboard VISUALIZE

03 TECH STACK

🔍

Elasticsearch

LOG INDEXING / QUERY

📊

Kibana

VISUALIZATION / SOC UI

🤖

scikit-learn

ISOLATION FOREST ML

🐍

Python

ML PIPELINE / API

🛡️

Suricata

NETWORK IDS

🐳

Docker

CONTAINERIZED DEPLOY

04 SYSTEM METRICS

OPERATIONAL

MODEL ACCURACY 94.2%

FALSE POSITIVE RATE 6.8%

THREAT DETECTION 91.5%

LOG THROUGHPUT 12.4K/s

ELASTIC HEAP USAGE 61%

05 PROJECT TEAM

Ayesha Yousuf

CR-22004

Sheheryar Amir

CR-22008

Maryam Khan

CR-22021

Abdullah Khalid

CR-22027

Ms. Saadia Arshad

SUPERVISOR · LECTURER, CSIT

saadia@cloud.neduet.edu.pk

Dr. Muhammad Mubashir Khan

CO-SUPERVISOR · CHAIRMAN, CSIT

mmkhan@cloud.neduet.edu.pk

NEXTGEN-SIEM AN AI-POWERED THREAT & ANOMALY DETECTION SYSTEM

NEXTGEN-SIEM
AN AI-POWERED THREAT & ANOMALY DETECTION SYSTEM