Cyber Threat Detection and Automated Response UsingWazuh andTelegram API

Yuri Ariyanto; Yan Watequlis  Syaifudin; M. Hasyim  Ratsanjani; Ali Ridho  Muladawila; Triana  Fatmawati; Pramana Yoga  Saputra; Chandrasena  Setiadi

doi:10.30812/matrik.v25i1.5610

Authors

Yuri Ariyanto Politeknik Negeri Malang, Malang, Indonesia
Yan Watequlis Syaifudin Politeknik Negeri Malang, Malang, Indonesia
M. Hasyim Ratsanjani Politeknik Negeri Malang, Malang, Indonesia
Ali Ridho Muladawila Politeknik Negeri Malang, Malang, Indonesia
Triana Fatmawati Politeknik Negeri Malang, Malang, Indonesia
Pramana Yoga Saputra Politeknik Negeri Malang, Malang, Indonesia
Chandrasena Setiadi Politeknik Negeri Malang, Malang, Indonesia

DOI:

https://doi.org/10.30812/matrik.v25i1.5610

Keywords:

Cyber Threat Detection, Network Security, PPDIOO, SIEM, Wazuh

Abstract

Cyber threats are becoming more widespread, notably those that use SSH to brute-force their way in or engage in Distributed Denial of Service attacks. These attacks can make networked systems very hard to reach, keep their data safe, and protect their privacy, especially for small and medium-sized organizations that can’t afford pricey professional security solutions. This research aims to develop an automated, cost-effective, and scalable cyber threat detection and response system for small and medium-sized organizations unable to afford commercial-grade security solutions. The methodology follows the structured Prepare, Plan, Design, Implement, Operate, Optimize lifecycle, leveraging open-source technologies, primarily the Wazuh Security Information and Event Management platform, augmented with custom detection rules and a Random Forest-based classification module to distinguish Normal, Brute Force, and Distributed Denial of Service traffic patterns. Experimental results demonstrate a Mean Time to Detect of 4.7 seconds for Brute Force and 7.3 seconds for Distributed Denial of Service, with a Mean Time to Respond of 8.2 seconds and under 10 seconds, respectively. The system achieved 98.4% detection accuracy and a 1.5% false positive rate across 100 controlled tests using THC Hydra and slowhttptest. Integration of Wazuh dashboard analytics with real-time Telegram alerts enhances situational awareness and enables prompt, automated incident response, validating open-source frameworks as viable defenses in resource-constrained environments.

Downloads

Download data is not yet available.

References

[1] N. Sun et al., “Cyber threat intelligence mining for proactive cybersecurity defense: A survey and new perspectives,” IEEE Communications Surveys & Tutorials, vol. 25, no. 3, pp. 1748–1774, 2023.

[2] Y. Ariyanto, “Single Server-Side and Multiple Virtual Server-Side Architectures: Performance Analysis on Proxmox Ve for E-Learning Systems,” Journal of Engineering and Technology for Industrial Applications, vol. 9, no. 44, pp. 25–34, 2023, doi: 10.5935/jetia.v9i44.903.

[3] M. Tahmasebi, “Cyberattack ramifications, the hidden cost of a security breach,” Journal of Information Security, vol. 15, no. 2, pp. 87–105, 2024.

[4] S. Stanković, S. Gajin, and R. Petrović, “A review of Wazuh tool capabilities for detecting attacks based on log analysis,” No Nama Agent Integrity File Added Delete Modified, vol. 1, 2022.

[5] A. Purwanto and B. Soewito, “Optimization problem of computer network using ppdioo,” ICIC Express Lett, vol. 15, no. 7, pp. 769–777, 2021.

[6] A. Tariq, J. Manzoor, M. A. Aziz, Z. U. A. Tariq, and A. Masood, “Open source SIEM solutions for an enterprise,” Information & Computer Security, vol. 31, no. 1, pp. 88–107, 2023.doi:10.1108/ICS-09-2021-0146

[7] J. Manzoor, A. Waleed, A. F. Jamali, and A. Masood, “Cybersecurity on a budget: Evaluating security and performance of open-source SIEM solutions for SMEs,” PLoS One, vol. 19, no. 3, p. e0301183, 2024. doi:10.1371/journal.pone.0301183.

[8] P. G. Perez, “Information security event management (SIEM) systems and AI for enhancing policy deployment effectiveness in intrusion detection,” 2023. doi:10.13140/RG.2.2.16106.94405

[9] A. Tely, A. Aryanti, and S. Soim, “Sharing SSH Threat Intelligence across Multiple Servers using WebSocket and Fail2Ban,” ITEJ (Information Technology Engineering Journals), vol. 10, no. 2, pp. 221–229, 2025. doi: doi:10.5281/zenodo.1234567

[10] C. Headland, “Mitigating Cyber Espionage: A Network Security Strategy Using Notifications,” 2024.

[11] A. S. Elrashdi, S. K. Alferjani, R. R. Omar, and F. M. Hasan, “The efficiency of using PPDIOO Methodology to Design Graduation Projects for Network Department Students,” in 2024 IEEE 7th International Conference on Advanced Technologies, Signal and Image Processing (ATSIP), IEEE, 2024, pp. 438–442.doi: 10.1109/ATSIP60242.2024.10653348

[12] R. George and E. Z. Abay, “Detection of SSH Brute-Force Attacks Using Machine Learning: A Comparative Study with Fail2Ban and PAM Tally2,” 2025.

[13] D. F. Priambodo, A. H. N. Faizi, F. D. Rahmawati, S. U. Sunaringtyas, J. Sidabutar, and T. Yulita, “Collaborative Intrusion Detection System with Snort Machine Learning Plugin,” JOIV: International Journal on Informatics Visualization, vol. 8, no. 3, pp. 1230–1238, 2024.doi:10.30630/joiv.8.3.1230

[14] A. Shankar and V. Madisetti, “A Framework for Cybersecurity Alert Distribution and Response Network (ADRIAN),” Journal of Software Engineering and Applications, vol. 17, no. 5, pp. 396–420, 2024.doi:10.4236/jsea.2024.175021

[15] X. Fu et al., “Deep learning techniques for DDoS attack detection: Concepts, analyses, challenges, and future directions,” Expert Syst Appl, vol. 291, p. 128469, 2025.doi:10.1016/j.eswa.2024.128469

[16] A. Şimşek and A. Koltuksuz, “Detection of Advanced Persistent Threats using SIEM Rulesets,” International Journal of 3D Printing Technologies and Digital Industry, vol. 7, no. 3, pp. 471–477, 2023.doi:10.46550/IJ3DPTDI.2023.7.3.471

[17] J. S. Suroso and C. P. Prastya, “Cyber Security System With SIEM And Honeypot In Higher Education,” in IOP Conference Series: Materials Science and Engineering, IOP Publishing, 2020, p. 12008. doi:10.1088/1757-899X/879/1/012008

[18] F. I. F. Farrel, I. Mardianto, M. Kom, and M. I. A. S. Qamar, “Implementation of security information & event management (siem) wazuh with active response and telegram notification for mitigating brute force attacks on the gt-i2ti usakti information system,” Intelmatics, vol. 4, no. 1, pp. 1–7, 2024.doi:10.30591/intelmatics.v4i1.5063

[19] R. Amami, M. Charfeddine, and S. Masmoudi, “Exploration of Open Source SIEM Tools and Deployment of an Appropriate Wazuh-Based Solution for Strengthening Cyberdefense,” in 2024 10th International Conference on Control, Decision and Information Technologies (CoDIT), IEEE, 2024, pp. 1–7. doi: 10.1109/CoDIT60334.2024.10575546

[20] Y. Ariyanto, B. Harijanto, A. N. Asri, A. Y. H. Permana, M. N. Ismail, and S. N. Arief, “Performance Analysis of Mobile Learning Systems on Cloud Computing Using Load Testing Methods,” Proceedings of the 2022 Annual Technology, Applied Science and Engineering Conference (ATASEC 2022), pp. 125–133, 2022, doi: 10.2991/978-94-6463-106-7_12.

[21] J. M. López Velásquez, S. M. Martínez Monterrubio, L. E. Sánchez Crespo, and D. Garcia Rosado, “Systematic review of SIEM technology: SIEM-SC birth,” Int J Inf Secur, vol. 22, no. 3, pp. 691–711, 2023.doi:10.1007/s10207-022-00624-6

[22] B. D. Bryant and H. Saiedian, “Improving SIEM alert metadata aggregation with a novel kill-chain based classification model,” Comput Secur, vol. 94, p. 101817, 2020.doi:10.1016/j.cose.2020.101817

[23] S. Eswaran, A. Srinivasan, and P. Honnavalli, “A threshold-based, real-time analysis in early detection of endpoint anomalies using SIEM expertise,” Network Security, vol. 2021, no. 4, pp. 7–16, 2021.doi:10.1016/S1353-4858(21)00038-1

Cyber Threat Detection and Automated Response UsingWazuh andTelegram API

Authors

DOI:

Keywords:

Abstract

Downloads

References

Downloads

Published

Issue

Section

License

How to Cite

Similar Articles

Most read articles by the same author(s)

menubaru

tools

citation