<![CDATA[Cyber threats are becoming more widespread, notably those that use SSH to brute-force their way in or engage in Distributed Denial of Service attacks. These attacks can make networked systems very hard to reach, keep their data safe, and protect their privacy, especially for small and medium-sized organizations that can’t afford pricey professional security solutions. This research aims to develop an automated, cost-effective, and scalable cyber threat detection and response system for small and medium-sized organizations unable to afford commercial-grade security solutions. The methodology follows the structured Prepare, Plan, Design, Implement, Operate, Optimize lifecycle, leveraging open-source technologies, primarily the Wazuh Security Information and Event Management platform, augmented with custom detection rules and a Random Forest-based classification module to distinguish Normal, Brute Force, and Distributed Denial of Service traffic patterns. Experimental results demonstrate a Mean Time to Detect of 4.7 seconds for Brute Force and 7.3 seconds for Distributed Denial of Service, with a Mean Time to Respond of 8.2 seconds and under 10 seconds, respectively. The system achieved 98.4% detection accuracy and a 1.5% false positive rate across 100 controlled tests using THC Hydra and slowhttptest. Integration of Wazuh dashboard analytics with real-time Telegram alerts enhances situational awareness and enables prompt, automated incident response, validating open-source frameworks as viable defenses in resource-constrained environments.]]>
Copyrights © 2025
