This project presents an AI-based anomaly detection system using Wazuh and the ELK Stack to identify malicious activities, such as SSH brute force attacks, in real time. Wazuh collects system logs, which are streamed through Kafka and ZooKeeper to an Isolation Forest model that detects unusual SSH login patterns and trigger alerts. The ELK Stack (Logstash, Elasticsearch, Kibana) processes, stores, and visualizes data for rapid threat identification. Experimental results show improved detection accuracy and reduced false positives, enhancing Security Operations Center (SOC) efficiency for small-to-medium enterprises. This scalable, open-source solution strengthens cybersecurity with actionable insights.
Tools: wazuh,elk stack,machine learning,google colab,apache kafka,zookeeper,python
Department: Department of Computer Science
Project Poster
