Predicting Cyber Attacks Using Time Series Forecasting: Reducing False Positive Rates in SIEM/XDR Systems
摘要
Cyber-attacks are becoming increasingly frequent and sophisticated, placing Security Operations Centers (SOCs) under significant pressure. SOC solutions such as Security Information and Event Management (SIEM) and Extended Detection and Response (XDR) systems often struggle to handle this growing complexity, resulting in a high number of false alarms. This makes effective threat detection and timely incident response critical, as excessive false alerts can easily overwhelm analysts and reduce overall response efficiency. This study presents a time series forecasting model for predicting cyber-attacks using temporal SIEM data to improve detection accuracy. An LSTM-Based Prediction Model was designed and developed using time series data extracted from SIEM environment to reduce false alerts. A Dataset consists of 31,568 records of failed login incidents with a 56-feature vector length to represent cyber security incidents. A forecast graph was generated to visualize future attack predictions based on temporal analysis to provide additional insight into the predictive capabilities of the model over time. The results indicate that the proposed LSTM-based model achieves the lowest false alarm rate at 3. 79%, along with strong overall performance reflected in an F1 score of 94.18%. The false alert rate was reduced by 0.7%, with only a slight decrease of 0.1% in overall accuracy. In addition, the LSTM model achieves the highest PR-AUC of 0.98 among the tested models, which demonstrates the consistent performance of the model across different prediction thresholds and a high capability to distinguish attacks from normal activity. These results indicate that the model is not only accurate, but also reliable and suitable for real-world security monitoring, where minimizing false alerts is as critical as correctly detecting true threats.