Cyber Threat Detection and Automated Response UsingWazuh andTelegram API
DOI:
https://doi.org/10.30812/matrik.v25i1.5610Keywords:
Cyber Threat Detection, Network Security, PPDIOO, SIEM, WazuhAbstract
Cyber threats are becoming more widespread, notably those that use SSH to brute-force their way in or engage in Distributed Denial of Service attacks. These attacks can make networked systems very hard to reach, keep their data safe, and protect their privacy, especially for small and medium-sized organizations that can’t afford pricey professional security solutions. This research aims to develop an automated, cost-effective, and scalable cyber threat detection and response system for small and medium-sized organizations unable to afford commercial-grade security solutions. The methodology follows the structured Prepare, Plan, Design, Implement, Operate, Optimize lifecycle, leveraging open-source technologies, primarily the Wazuh Security Information and Event Management platform, augmented with custom detection rules and a Random Forest-based classification module to distinguish Normal, Brute Force, and Distributed Denial of Service traffic patterns. Experimental results demonstrate a Mean Time to Detect of 4.7 seconds for Brute Force and 7.3 seconds for Distributed Denial of Service, with a Mean Time to Respond of 8.2 seconds and under 10 seconds, respectively. The system achieved 98.4% detection accuracy and a 1.5% false positive rate across 100 controlled tests using THC Hydra and slowhttptest. Integration of Wazuh dashboard analytics with real-time Telegram alerts enhances situational awareness and enables prompt, automated incident response, validating open-source frameworks as viable defenses in resource-constrained environments.
Downloads
References
[1] N. Sun et al., “Cyber threat intelligence mining for proactive cybersecurity defense: A survey and new perspectives,” IEEE Communications Surveys & Tutorials, vol. 25, no. 3, pp. 1748–1774, 2023.
[2] Y. Ariyanto, “Single Server-Side and Multiple Virtual Server-Side Architectures: Performance Analysis on Proxmox Ve for E-Learning Systems,” Journal of Engineering and Technology for Industrial Applications, vol. 9, no. 44, pp. 25–34, 2023, doi: 10.5935/jetia.v9i44.903.
[3] M. Tahmasebi, “Cyberattack ramifications, the hidden cost of a security breach,” Journal of Information Security, vol. 15, no. 2, pp. 87–105, 2024.
[4] S. Stanković, S. Gajin, and R. Petrović, “A review of Wazuh tool capabilities for detecting attacks based on log analysis,” No Nama Agent Integrity File Added Delete Modified, vol. 1, 2022.
[5] A. Purwanto and B. Soewito, “Optimization problem of computer network using ppdioo,” ICIC Express Lett, vol. 15, no. 7, pp. 769–777, 2021.
[6] A. Tariq, J. Manzoor, M. A. Aziz, Z. U. A. Tariq, and A. Masood, “Open source SIEM solutions for an enterprise,” Information & Computer Security, vol. 31, no. 1, pp. 88–107, 2023.doi:10.1108/ICS-09-2021-0146
[7] J. Manzoor, A. Waleed, A. F. Jamali, and A. Masood, “Cybersecurity on a budget: Evaluating security and performance of open-source SIEM solutions for SMEs,” PLoS One, vol. 19, no. 3, p. e0301183, 2024. doi:10.1371/journal.pone.0301183.
[8] P. G. Perez, “Information security event management (SIEM) systems and AI for enhancing policy deployment effectiveness in intrusion detection,” 2023. doi:10.13140/RG.2.2.16106.94405
[9] A. Tely, A. Aryanti, and S. Soim, “Sharing SSH Threat Intelligence across Multiple Servers using WebSocket and Fail2Ban,” ITEJ (Information Technology Engineering Journals), vol. 10, no. 2, pp. 221–229, 2025. doi: doi:10.5281/zenodo.1234567
[10] C. Headland, “Mitigating Cyber Espionage: A Network Security Strategy Using Notifications,” 2024.
[11] A. S. Elrashdi, S. K. Alferjani, R. R. Omar, and F. M. Hasan, “The efficiency of using PPDIOO Methodology to Design Graduation Projects for Network Department Students,” in 2024 IEEE 7th International Conference on Advanced Technologies, Signal and Image Processing (ATSIP), IEEE, 2024, pp. 438–442.doi: 10.1109/ATSIP60242.2024.10653348
[12] R. George and E. Z. Abay, “Detection of SSH Brute-Force Attacks Using Machine Learning: A Comparative Study with Fail2Ban and PAM Tally2,” 2025.
[13] D. F. Priambodo, A. H. N. Faizi, F. D. Rahmawati, S. U. Sunaringtyas, J. Sidabutar, and T. Yulita, “Collaborative Intrusion Detection System with Snort Machine Learning Plugin,” JOIV: International Journal on Informatics Visualization, vol. 8, no. 3, pp. 1230–1238, 2024.doi:10.30630/joiv.8.3.1230
[14] A. Shankar and V. Madisetti, “A Framework for Cybersecurity Alert Distribution and Response Network (ADRIAN),” Journal of Software Engineering and Applications, vol. 17, no. 5, pp. 396–420, 2024.doi:10.4236/jsea.2024.175021
[15] X. Fu et al., “Deep learning techniques for DDoS attack detection: Concepts, analyses, challenges, and future directions,” Expert Syst Appl, vol. 291, p. 128469, 2025.doi:10.1016/j.eswa.2024.128469
[16] A. Şimşek and A. Koltuksuz, “Detection of Advanced Persistent Threats using SIEM Rulesets,” International Journal of 3D Printing Technologies and Digital Industry, vol. 7, no. 3, pp. 471–477, 2023.doi:10.46550/IJ3DPTDI.2023.7.3.471
[17] J. S. Suroso and C. P. Prastya, “Cyber Security System With SIEM And Honeypot In Higher Education,” in IOP Conference Series: Materials Science and Engineering, IOP Publishing, 2020, p. 12008. doi:10.1088/1757-899X/879/1/012008
[18] F. I. F. Farrel, I. Mardianto, M. Kom, and M. I. A. S. Qamar, “Implementation of security information & event management (siem) wazuh with active response and telegram notification for mitigating brute force attacks on the gt-i2ti usakti information system,” Intelmatics, vol. 4, no. 1, pp. 1–7, 2024.doi:10.30591/intelmatics.v4i1.5063
[19] R. Amami, M. Charfeddine, and S. Masmoudi, “Exploration of Open Source SIEM Tools and Deployment of an Appropriate Wazuh-Based Solution for Strengthening Cyberdefense,” in 2024 10th International Conference on Control, Decision and Information Technologies (CoDIT), IEEE, 2024, pp. 1–7. doi: 10.1109/CoDIT60334.2024.10575546
[20] Y. Ariyanto, B. Harijanto, A. N. Asri, A. Y. H. Permana, M. N. Ismail, and S. N. Arief, “Performance Analysis of Mobile Learning Systems on Cloud Computing Using Load Testing Methods,” Proceedings of the 2022 Annual Technology, Applied Science and Engineering Conference (ATASEC 2022), pp. 125–133, 2022, doi: 10.2991/978-94-6463-106-7_12.
[21] J. M. López Velásquez, S. M. Martínez Monterrubio, L. E. Sánchez Crespo, and D. Garcia Rosado, “Systematic review of SIEM technology: SIEM-SC birth,” Int J Inf Secur, vol. 22, no. 3, pp. 691–711, 2023.doi:10.1007/s10207-022-00624-6
[22] B. D. Bryant and H. Saiedian, “Improving SIEM alert metadata aggregation with a novel kill-chain based classification model,” Comput Secur, vol. 94, p. 101817, 2020.doi:10.1016/j.cose.2020.101817
[23] S. Eswaran, A. Srinivasan, and P. Honnavalli, “A threshold-based, real-time analysis in early detection of endpoint anomalies using SIEM expertise,” Network Security, vol. 2021, no. 4, pp. 7–16, 2021.doi:10.1016/S1353-4858(21)00038-1
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Yuri Ariyanto, Yan Watequlis Syaifudin, M. Hasyim Ratsanjani, Ali Ridho Muladawila, Triana Fatmawati, Pramana Yoga Saputra, Chandrasena Setiadi
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
How to Cite
Similar Articles
- Jelita Asian, Dimas Erlangga, Media Ayu, Data Exfiltration Anomaly Detection on Enterprise Networks using Deep Packet Inspection , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 22 No. 3 (2023)
- Wahyu Riski Aulia Putra, Agus Reza Aristiadi Nurwa, Dimas Febriyan Priambodo, Muhammad Hasbi, Infrastructure as Code for Security Automation and Network Infrastructure Monitoring , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 22 No. 1 (2022)
- Edi Ismanto, Januar Al Amien, Vitriani Vitriani, A Comparison of Enhanced Ensemble Learning Techniques for Internet of Things Network Attack Detection , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 23 No. 3 (2024)
- Imam Riadi, Abdul Fadlil, Muhammad Amirul Mu'min, OWASP Framework-based Network Forensics to Analyze the SQLi Attacks on Web Servers , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 22 No. 3 (2023)
- Anthony Anggrawan, Raisul Azhar, Bambang Krismono Triwijoyo, Mayadi Mayadi, Developing Application in Anticipating DDoS Attacks on Server Computer Machines , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 20 No. 2 (2021)
- Miftahus Sholihin, Mohd Farhan Bin Md. Fudzee, Lilik Anifah, A Novel CNN-Based Approach for Classification of Tomato Plant Diseases , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 24 No. 3 (2025)
- Guntoro Guntoro, Lisnawita Lisnawita, Loneli Costaner, Optimizing Random Forest for IoT Cyberattack Detection UsingSMOTE: A Study on CIC-IoT2023 Dataset , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 25 No. 1 (2025)
- Sadam Husen, Raisul Azhar, APLIKASI MANAJEMEN DAN MONITORING UNTUK KEAMANAN PADA JARINGAN HOTSPOT , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 15 No. 2 (2016)
- Wilda Imama Sabilla, Mamluatul Hani'ah, Ariadi Retno Tri Hayati Ririd, Astrifidha Rahma Amalia, Proliferative Diabetic Retinopathy Detection Using ConvolutionalNeural Network with Enhanced Retinal Image , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 25 No. 1 (2025)
- Elly Mufida, Dedi Irawan, Giatika Chrisnawati, REMOTE SITE MIKROTIK VPN DENGAN POINT TO POINT TUNNELING PROTOCOL (PPTP) STUDI KASUS PADA YAYASAN TERATAI GLOBAL JAKARTA , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 16 No. 2 (2017)
You may also start an advanced similarity search for this article.
Most read articles by the same author(s)
- Imam Fahrur Rozi, Ahmadi Yuli Ananta, Endah Septa Sintiya, Astrifidha Rahma Amalia, Yuri Ariyanto, Arin Kistia Nugraeni, Analyzing the Application of Optical Character Recognition: A Case Study in International Standard Book Number Detection , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 24 No. 2 (2025)
.png)
