Cyber Threat Detection and Automated Response UsingWazuh andTelegram API
DOI:
https://doi.org/10.30812/matrik.v25i1.5610Keywords:
Cyber Threat Detection, Network Security, PPDIOO, SIEM, WazuhAbstract
Cyber threats are becoming more widespread, notably those that use SSH to brute-force their way in or engage in Distributed Denial of Service attacks. These attacks can make networked systems very hard to reach, keep their data safe, and protect their privacy, especially for small and medium-sized organizations that can’t afford pricey professional security solutions. This research aims to develop an automated, cost-effective, and scalable cyber threat detection and response system for small and medium-sized organizations unable to afford commercial-grade security solutions. The methodology follows the structured Prepare, Plan, Design, Implement, Operate, Optimize lifecycle, leveraging open-source technologies, primarily the Wazuh Security Information and Event Management platform, augmented with custom detection rules and a Random Forest-based classification module to distinguish Normal, Brute Force, and Distributed Denial of Service traffic patterns. Experimental results demonstrate a Mean Time to Detect of 4.7 seconds for Brute Force and 7.3 seconds for Distributed Denial of Service, with a Mean Time to Respond of 8.2 seconds and under 10 seconds, respectively. The system achieved 98.4% detection accuracy and a 1.5% false positive rate across 100 controlled tests using THC Hydra and slowhttptest. Integration of Wazuh dashboard analytics with real-time Telegram alerts enhances situational awareness and enables prompt, automated incident response, validating open-source frameworks as viable defenses in resource-constrained environments.
Downloads
References
[1] N. Sun et al., “Cyber threat intelligence mining for proactive cybersecurity defense: A survey and new perspectives,” IEEE Communications Surveys & Tutorials, vol. 25, no. 3, pp. 1748–1774, 2023.
[2] Y. Ariyanto, “Single Server-Side and Multiple Virtual Server-Side Architectures: Performance Analysis on Proxmox Ve for E-Learning Systems,” Journal of Engineering and Technology for Industrial Applications, vol. 9, no. 44, pp. 25–34, 2023, doi: 10.5935/jetia.v9i44.903.
[3] M. Tahmasebi, “Cyberattack ramifications, the hidden cost of a security breach,” Journal of Information Security, vol. 15, no. 2, pp. 87–105, 2024.
[4] S. Stanković, S. Gajin, and R. Petrović, “A review of Wazuh tool capabilities for detecting attacks based on log analysis,” No Nama Agent Integrity File Added Delete Modified, vol. 1, 2022.
[5] A. Purwanto and B. Soewito, “Optimization problem of computer network using ppdioo,” ICIC Express Lett, vol. 15, no. 7, pp. 769–777, 2021.
[6] A. Tariq, J. Manzoor, M. A. Aziz, Z. U. A. Tariq, and A. Masood, “Open source SIEM solutions for an enterprise,” Information & Computer Security, vol. 31, no. 1, pp. 88–107, 2023.doi:10.1108/ICS-09-2021-0146
[7] J. Manzoor, A. Waleed, A. F. Jamali, and A. Masood, “Cybersecurity on a budget: Evaluating security and performance of open-source SIEM solutions for SMEs,” PLoS One, vol. 19, no. 3, p. e0301183, 2024. doi:10.1371/journal.pone.0301183.
[8] P. G. Perez, “Information security event management (SIEM) systems and AI for enhancing policy deployment effectiveness in intrusion detection,” 2023. doi:10.13140/RG.2.2.16106.94405
[9] A. Tely, A. Aryanti, and S. Soim, “Sharing SSH Threat Intelligence across Multiple Servers using WebSocket and Fail2Ban,” ITEJ (Information Technology Engineering Journals), vol. 10, no. 2, pp. 221–229, 2025. doi: doi:10.5281/zenodo.1234567
[10] C. Headland, “Mitigating Cyber Espionage: A Network Security Strategy Using Notifications,” 2024.
[11] A. S. Elrashdi, S. K. Alferjani, R. R. Omar, and F. M. Hasan, “The efficiency of using PPDIOO Methodology to Design Graduation Projects for Network Department Students,” in 2024 IEEE 7th International Conference on Advanced Technologies, Signal and Image Processing (ATSIP), IEEE, 2024, pp. 438–442.doi: 10.1109/ATSIP60242.2024.10653348
[12] R. George and E. Z. Abay, “Detection of SSH Brute-Force Attacks Using Machine Learning: A Comparative Study with Fail2Ban and PAM Tally2,” 2025.
[13] D. F. Priambodo, A. H. N. Faizi, F. D. Rahmawati, S. U. Sunaringtyas, J. Sidabutar, and T. Yulita, “Collaborative Intrusion Detection System with Snort Machine Learning Plugin,” JOIV: International Journal on Informatics Visualization, vol. 8, no. 3, pp. 1230–1238, 2024.doi:10.30630/joiv.8.3.1230
[14] A. Shankar and V. Madisetti, “A Framework for Cybersecurity Alert Distribution and Response Network (ADRIAN),” Journal of Software Engineering and Applications, vol. 17, no. 5, pp. 396–420, 2024.doi:10.4236/jsea.2024.175021
[15] X. Fu et al., “Deep learning techniques for DDoS attack detection: Concepts, analyses, challenges, and future directions,” Expert Syst Appl, vol. 291, p. 128469, 2025.doi:10.1016/j.eswa.2024.128469
[16] A. Şimşek and A. Koltuksuz, “Detection of Advanced Persistent Threats using SIEM Rulesets,” International Journal of 3D Printing Technologies and Digital Industry, vol. 7, no. 3, pp. 471–477, 2023.doi:10.46550/IJ3DPTDI.2023.7.3.471
[17] J. S. Suroso and C. P. Prastya, “Cyber Security System With SIEM And Honeypot In Higher Education,” in IOP Conference Series: Materials Science and Engineering, IOP Publishing, 2020, p. 12008. doi:10.1088/1757-899X/879/1/012008
[18] F. I. F. Farrel, I. Mardianto, M. Kom, and M. I. A. S. Qamar, “Implementation of security information & event management (siem) wazuh with active response and telegram notification for mitigating brute force attacks on the gt-i2ti usakti information system,” Intelmatics, vol. 4, no. 1, pp. 1–7, 2024.doi:10.30591/intelmatics.v4i1.5063
[19] R. Amami, M. Charfeddine, and S. Masmoudi, “Exploration of Open Source SIEM Tools and Deployment of an Appropriate Wazuh-Based Solution for Strengthening Cyberdefense,” in 2024 10th International Conference on Control, Decision and Information Technologies (CoDIT), IEEE, 2024, pp. 1–7. doi: 10.1109/CoDIT60334.2024.10575546
[20] Y. Ariyanto, B. Harijanto, A. N. Asri, A. Y. H. Permana, M. N. Ismail, and S. N. Arief, “Performance Analysis of Mobile Learning Systems on Cloud Computing Using Load Testing Methods,” Proceedings of the 2022 Annual Technology, Applied Science and Engineering Conference (ATASEC 2022), pp. 125–133, 2022, doi: 10.2991/978-94-6463-106-7_12.
[21] J. M. López Velásquez, S. M. Martínez Monterrubio, L. E. Sánchez Crespo, and D. Garcia Rosado, “Systematic review of SIEM technology: SIEM-SC birth,” Int J Inf Secur, vol. 22, no. 3, pp. 691–711, 2023.doi:10.1007/s10207-022-00624-6
[22] B. D. Bryant and H. Saiedian, “Improving SIEM alert metadata aggregation with a novel kill-chain based classification model,” Comput Secur, vol. 94, p. 101817, 2020.doi:10.1016/j.cose.2020.101817
[23] S. Eswaran, A. Srinivasan, and P. Honnavalli, “A threshold-based, real-time analysis in early detection of endpoint anomalies using SIEM expertise,” Network Security, vol. 2021, no. 4, pp. 7–16, 2021.doi:10.1016/S1353-4858(21)00038-1
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Yuri Ariyanto, Yan Watequlis Syaifudin, M. Hasyim Ratsanjani, Ali Ridho Muladawila, Triana Fatmawati, Pramana Yoga Saputra, Chandrasena Setiadi
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
How to Cite
Similar Articles
- Wire Bagye, Maulana Ashari, Mohammad Taufan Asri Zaen, Prototipe Alat Kirim Pesan Singkat Tindak Kejahatan sebagai Solusi Peningkatan Keamanan Berbasis Lokasi , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 19 No. 1 (2019)
- Supangat Supangat, Mohd Zainuri Bin Saringat, Mochamad Yovi Fatchur Rochman, Predicting Handling Covid-19 Opinion using Naive Bayes and TF-IDF for Polarity Detection , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 22 No. 2 (2023)
- Dela Ananda Setyarini, Agnes Ayu Maharani Dyah Gayatri, Christian Sri Kusuma Aditya, Didih Rizki Chandranegara, Stroke Prediction with Enhanced Gradient Boosting Classifier and Strategic Hyperparameter , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 23 No. 2 (2024)
- Agus Salim, Baginda Oloan Lubis, Pemilihan Merek Beras yang Diminati Konsumen Studi Kasus CV Beras Alami Menggunakan AHP , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 19 No. 1 (2019)
- Akmal Setiawan Wijaya, Dhomas Hatta Fudholi, Ahmad R. Pratama, A computational approach in analyzing the empathy to online donations during COVID-19 , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 22 No. 2 (2023)
- Mudafiq Riyan Pratama, Muhammad Yunus, Sistem Deteksi Struktur Kalimat Bahasa Arab Menggunakan Algoritma Light Stemming , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 19 No. 1 (2019)
- Danang Wahyu Utomo, Christy Atika Sari, Folasade Olubusola Isinkaye, Quality Improvement for Invisible Watermarking using Singular Value Decomposition and Discrete Cosine Transform , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 23 No. 3 (2024)
- Herlina Jayadianti, Budi Santosa, Judanti Cahyaning, Shoffan Saifullah, Rafal Drezewski, Essay auto-scoring using N-Gram and Jaro Winkler based Indonesian Typos , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 22 No. 2 (2023)
- Muchlis Nurseno, Umar Aditiawarman, Haris Al Qodri Maarif, Teddy Mantoro, Detecting Hidden Illegal Online Gambling on .go.id Domains Using Web Scraping Algorithms , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 23 No. 2 (2024)
- Muhammad Rizki, Arief Hermawan, Donny Avianto, Learning Accuracy with Particle Swarm Optimization for Music Genre Classification Using Recurrent Neural Networks , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 23 No. 2 (2024)
You may also start an advanced similarity search for this article.
Most read articles by the same author(s)
- Imam Fahrur Rozi, Ahmadi Yuli Ananta, Endah Septa Sintiya, Astrifidha Rahma Amalia, Yuri Ariyanto, Arin Kistia Nugraeni, Analyzing the Application of Optical Character Recognition: A Case Study in International Standard Book Number Detection , MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer: Vol. 24 No. 2 (2025)
.png)
