USING INDICATORS OF COMPROMISE FOR CYBERATTACK DETECTION
DOI:
https://doi.org/10.28925/2663-4023.2026.32.1034Keywords:
intrusion detection systems (ids), intrusion prevention systems (ips), artificial intelligence learning methods, and the splunk tool for security event analytics are key components in modern cybersecurity solutionsAbstract
This study provides a comprehensive analysis of intrusion detection and prevention systems (IDS and IPS), enabling an assessment of their effectiveness in identifying various types of cyberattacks, including those carried out through covert communication channels. Particular attention is given to examining the nature of steganographic channels, which significantly complicate attack detection, as well as the factors that influence their identification, such as network traffic dynamics and attacker behavior patterns. Indicators of compromise generated using artificial intelligence methods based on network traffic analysis are investigated, allowing for improved accuracy and speed in detecting malicious activity.
The capabilities of the Splunk Machine platform for building attack detection models and analyzing anomalous behavior in networks are evaluated. Classifiers for developing a machine-learning-based intrusion detection system have been designed. Within the research, a system architecture is proposed, an optimal dataset for model training is selected, class imbalance is mitigated, the most significant features are identified and selected, and feature space reduction is performed to enhance the efficiency and performance of the model. The model has been tuned and tested, and its effectiveness has been assessed based on the obtained results, confirming the practical applicability of the approach for detecting real cyberattacks. The purpose of the study is to explore the potential of applying artificial intelligence to identify vulnerabilities in network infrastructure based on indicators of compromise, taking into account the specifics of covert communication channels, the dynamics of attacker behavior, and the limitations of traditional statistical methods. The results obtained can be used to improve existing cybersecurity systems and to develop effective tools for early detection of complex attacks.
Downloads
References
Hristov, M., et al. (2021). Integration of Splunk Enterprise SIEM for DDoS attack detection in IoT. In 2021 IEEE 20th International Symposium on Network Computing and Applications (NCA) (pp. 1–5). IEEE.
Gadze, J. D., et al. (2021). An investigation into the application of deep learning in the detection and mitigation of DDoS attack on SDN controllers. Technologies, 9(1), 14. https://doi.org/10.3390/technologies9010014
Awan, M. J., et al. (2021). Real-time DDoS attack detection system using big data approach. Sustainability, 13(19), 10743. https://doi.org/10.3390/su131910743
Han, S., Kim, H., & Lee, Y. S. (2020). Double random forest. Machine Learning, 109, 1569–1586. https://doi.org/10.1007/s10994-020-05889-1
Artificial intelligence and machine learning in cybersecurity: A deep dive into state-of-the-art techniques and future paradigms. (2025). Knowledge and Information Systems. https://doi.org/10.1007/s10115-025-02429-y
Fidelis Security. (n.d.). What is anomaly-based detection system? https://fidelissecurity.com/cybersecurity-101/learn/anomaly-based-detection-system/
Megasis Network. (n.d.). AI and zero-day attack detection: Anticipating unknown threats. Medium. https://megasisnetwork.medium.com/ai-and-zero-day-attack-detection-anticipating-unknown-threats-c0a3a627a7d6
Exabeam. (n.d.). What is MITRE ATT&CK®: An explainer. https://www.exabeam.com/explainers/mitre-attck/what-is-mitre-attck-an-explainer/
Picus Security. (n.d.). MITRE ATT&CK framework: Guide for beginners. https://www.picussecurity.com/mitre-attack-framework-beginners-guide
PuppyGraph. (n.d.). Big data analytics in cyber security: Enhancing threat detection. https://www.puppygraph.com/blog/big-data-analytics-in-cybersecurity
Veritis. (n.d.). Hadoop vs Spark: Key differences in big data analytics. https://www.veritis.com/blog/hadoop-vs-spark-all-you-need-to-know-about-big-data-analytics/
PCWorld. (n.d.). Apache Spot: Meet Apache Spot, a new open source project for cybersecurity. https://www.pcworld.com/article/410492/meet-apache-spot-a-new-open-source-project-for-cybersecurity.html
Microsoft. (n.d.). Advanced threat detection with user and entity behavior analytics (UEBA). Microsoft Learn. https://learn.microsoft.com/en-us/azure/sentinel/identify-threats-with-entity-behavior-analytics
LogPoint. (n.d.). Update to UEBA gives a better understanding of risks and better view of your security data. https://www.logpoint.com/en/blog/product-releases/update-to-ueba-gives-a-better-understanding-of-risks-and-better-view-of-your-security-data
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Наталія Чернящук
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
