DOI: 10.14569/IJACSA.2026.0170554

Detection of Unauthorized Use in SIEM Through Behavioral Analysis and Adaptive Rules

Author 1: Julio Armando Landázuri Castro
Author 2: Renato M. Toasa
Author 3: Maryory Urdaneta Herrera

International Journal of Advanced Computer Science and Applications(IJACSA), Volume 17 Issue 5, 2026.

Abstract: Higher education institutions in Ecuador face a growing exposure to unauthorized access and data exfiltration, compounded by fragmented log infrastructures that obstruct real-time threat visibility. This study addresses those gaps through the design and deployment of a Security Information and Event Management (SIEM) architecture at the Compu Sur Higher Technological Institute (ITECSUR), augmented with User and Entity Behavior Analytics (UEBA) and a context-sensitive adaptive rule engine. Rather than relying on static signature matching, the proposed model constructs individual behavioral baselines per user and asset, dynamically escalating alert thresholds according to geographic context, access time, and asset sensitivity classification. Empirical validation conducted over 450 security events, including simulated Salgorea Trojan injections, supply chain compromise scenarios, and government-grade spyware indicators, yielded a Mean Time to Detect (MTTD) reduction from 48.5 hours to 12.4 minutes (99.57%), a recall rate of 95%, and a 65% decrease in false positives relative to rule-only baselines. Hardening protocols applied in parallel reduced exposed network ports by 78% and elevated institutional compliance with Ecuador's Organic Law on Personal Data Protection (LOPDP) from 35% to 92%. The architecture, built on AlienVault OTX and Osquery agents, processed over 1.2 million daily Indicators of Compromise autonomously, demonstrating operational feasibility for institutions with constrained IT budgets. These findings position SIEM-UEBA integration as both a technical countermeasure and a regulatory compliance instrument for the higher education sector.

Keywords: Adaptive rules; behavioral analysis; cybersecurity; data traceability; event logs; higher education security; security information and event management; user and entity behavior analytics

Julio Armando Landázuri Castro, Renato M. Toasa and Maryory Urdaneta Herrera. “Detection of Unauthorized Use in SIEM Through Behavioral Analysis and Adaptive Rules”. International Journal of Advanced Computer Science and Applications (IJACSA) 17.5 (2026). http://dx.doi.org/10.14569/IJACSA.2026.0170554

@article{Castro2026,
title = {Detection of Unauthorized Use in SIEM Through Behavioral Analysis and Adaptive Rules},
journal = {International Journal of Advanced Computer Science and Applications},
doi = {10.14569/IJACSA.2026.0170554},
url = {http://dx.doi.org/10.14569/IJACSA.2026.0170554},
year = {2026},
publisher = {The Science and Information Organization},
volume = {17},
number = {5},
author = {Julio Armando Landázuri Castro and Renato M. Toasa and Maryory Urdaneta Herrera}
}


Copyright Statement: This is an open access article licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, even commercially as long as the original work is properly cited.

IJACSA

Upcoming Conferences

Computer Vision Conference (CVC) 2026

21-22 May 2026

Computing Conference 2026

9-10 July 2026

Artificial Intelligence Conference 2026

3-4 September 2026

Future Technologies Conference (FTC) 2026

15-16 October 2026