Inspiration
As a cybersecurity student with a strong interest in Java backend development, I wanted to bridge the gap between theory and real-world security systems. While working on a college mini-project, I observed how critical real-time monitoring is in detecting threats. This inspired me to build SIEMShield, a simplified SIEM system to understand how security operations function in practice.
What it does
SIEMShield collects and analyzes system and network logs to detect suspicious activities such as:
- Repeated failed login attempts
- Unusual traffic patterns
- Unauthorized access
It assigns a risk score to each event using a rule-based model:
$$ Risk\ Score = \sum_{i=1}^{n} (Event\ Weight_i \times Frequency_i) $$
This helps prioritize threats and generate alerts effectively.
How we built it
We built the system using the following stack:
- Backend: Java + Spring Boot
- Database: MySQL
- Frontend: HTML, CSS, JavaScript
System workflow: Log Input → Processing → Threat Detection → Alert Generation
Challenges we ran into
-Handling large volumes of log data efficiently -Designing meaningful detection rules without high false positives -Integrating backend processing with frontend visualization -Ensuring scalability for future improvements
Accomplishments that we're proud of
-Built a working prototype of a SIEM system -Implemented real-time log monitoring and alert generation -Successfully combined cybersecurity concepts with backend development -Created a modular and extensible architecture
What we learned
-Practical knowledge of log analysis and threat detection -Backend development using Spring Boot and REST APIs -Database design for structured log storage -Understanding how real-world SIEM tools operate
What's next for SIEMShield
-Practical knowledge of log analysis and threat detection -Backend development using Spring Boot and REST APIs -Database design for structured log storage -Understanding how real-world SIEM tools operate
Log in or sign up for Devpost to join the conversation.