MACHINE LEARNING IN SIEM A SURVEY ON INTELLIGENT EVENT CORRELATION AND ANOMALY DETECTION

Security Information and Event Management (SIEM) platforms are vital for identifying, analyzing, and responding to security incidents in complex IT infrastructures. However, traditional SIEM systems often struggle to handle massive event volumes, generate false positives, and efficiently correlate diverse data sources. Machine learning, a subset of artificial intelligence, offers promising solutions for enhancing the intelligence and adaptability of SIEM systems. This paper presents a comprehensive survey of the integration of machine learning techniques into SIEM, with a particular focus on intelligent event correlation and anomaly detection. It explores a wide spectrum of approaches including supervised, unsupervised, and hybrid learning models that aim to detect complex threats, reduce false alerts, and uncover hidden attack patterns in real time. Key advancements such as clustering, neural networks, ensemble models, and deep learning-based anomaly detectors are critically analyzed in terms of their strengths, limitations, and application scope. Furthermore, the paper highlights the challenges in deploying ML-enabled SIEM such as data quality, model interpretability, scalability, and adversarial threats. It emphasizes the importance of combining domain expertise with automated learning to develop robust and context-aware systems. This survey aims to guide researchers and security practitioners by offering insights into the current landscape, ongoing gaps, and future directions in intelligent SIEM development.