Converged SIEM Framework for Unified IT-OT Security Monitoring
DOI:
https://doi.org/10.22399/ijcesen.5024Keywords:
Converged Siem Framework, It-Ot Security Integration, Cyber-Physical Systems Monitoring, Industrial Control System Security, Cross-Domain Threat CorrelationAbstract
Critical infrastructure security has traditionally maintained a rigid separation between Information Technology and Operational Technology systems, creating dangerous blind spots that sophisticated threat actors increasingly exploit. This article presents a unified Security Information and Event Management framework that integrates telemetry from hardened endpoints, network firewalls, and industrial IoT sensors into a single correlation engine designed specifically for cyber-physical systems. The proposed architecture addresses the fundamental challenges of converged IT-OT security monitoring through three core pillars: standardized data ingestion accommodating heterogeneous protocols, normalized event processing establishing consistent taxonomies across domains, and cross-domain correlation logic capable of identifying sophisticated multi-stage attacks. By leveraging machine learning approaches, including convolutional neural networks and behavioral analytics, the framework enables the detection of subtle anomalies and previously unknown attack patterns while maintaining low false positive rates that minimize operational disruptions. The research demonstrates how automated asset discovery addresses the persistent challenge of shadow IT and unmanaged operational devices in dynamic industrial environments, while security orchestration and automated response capabilities streamline incident management workflows. Cross-domain context enrichment proves particularly valuable during incident response, revealing how digital compromises affect physical operations and ensuring that containment actions align with operational safety requirements. This converged approach provides comprehensive real-time visibility across the entire cyber-physical ecosystem, enabling security teams to detect threats that span both digital and physical realms, significantly reducing response times while accounting for the unique characteristics of operational technology environments, including deterministic timing requirements, legacy equipment constraints, and safety-critical operational continuity demands.
References
[1] Jeyasingam Nivethan, "A Framework for SCADA/ICS Security," ResearchGate, December 2016. [Online]. Available: https://www.researchgate.net/publication/311607812_A_Framework_for_SCADAICS_Security
[2] Hui Cui et al., "An Overview of the Security of Programmable Logic Controllers in Industrial Control Systems," ResearchGate, May 2024. [Online]. Available: https://www.researchgate.net/publication/380800156_An_Overview_of_the_Security_of_Programmable_Logic_Controllers_in_Industrial_Control_Systems
[3] Qin Lin et al., "Using Datasets from Industrial Control Systems for Cyber Security Research and Education," ResearchGate, January 2020. [Online]. Available: https://www.researchgate.net/publication/338081179_Using_Datasets_from_Industrial_Control_Systems_for_Cyber_Security_Research_and_Education
[4] Lordes Ruiz et al., "Industrial Control System (ICS): The General Overview of the Security Issues and Countermeasures," ResearchGate, July 2021. [Online]. Available: https://www.researchgate.net/publication/353284100_Industrial_Control_System_ICS_The_General_Overview_of_the_Security_Issues_and_Countermeasures
[5] Yan Hu et al., "A Survey of Intrusion Detection on Industrial Control Systems," ResearchGate, August 2018. [Online]. Available: https://www.researchgate.net/publication/327073518_A_survey_of_intrusion_detection_on_industrial_control_systems
[6] Mohiuddin Ahmed et al., "A Survey of Network Anomaly Detection Techniques," January 2016. [Online]. Available: https://www.sciencedirect.com/science/article/abs/pii/S1084804515002891
[7] Haolan Lu et al., "Research on Programmable Logic Controller Security," ResearchGate, August 2019. [Online]. Available: https://www.researchgate.net/publication/335081417_Research_on_Programmable_Logic_Controller_Security
[8] Moshe Kravchik et al., "Detecting Cyber Attacks in Industrial Control Systems Using Convolutional Neural Networks," ResearchGate, October 2018. [Online]. Available: https://www.researchgate.net/publication/328326814_Detecting_Cyber_Attacks_in_Industrial_Control_Systems_Using_Convolutional_Neural_Networks
[9] Robert A Bridges et al., "Security Orchestration, Automation and Response (SOAR): A Systematic Literature Review," Computers & Security, vol. 128, June 2023. [Online]. Available: https://www.sciencedirect.com/science/article/abs/pii/S0167404823001116
[10] Wang Mingqian et al., "Review on Information Security of Industrial Control Systems," ResearchGate, September 2019. [Online]. Available: https://www.researchgate.net/publication/368909327_REVIEW_ON_INFORMATION_SECURITY_OF_INDUSTRIAL_CONTROL_SYSTEMS
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 International Journal of Computational and Experimental Science and Engineering
This work is licensed under a Creative Commons Attribution 4.0 International License.
