Increased public activity in cyberspace (Internet) during the Covid-19 pandemic has also increased cybercrime cases with various attack targets, including E-Government services. Cybercrime is hidden and occurs unnoticed in E-Government, so handling it is challenging for all government agencies. The characteristics of E-Government are unique and different from other service systems in general, requiring extra anticipation for the prevention and handling of cybercrime attack threats. This research proposes log and event data analysis to detect cybercrime in e-Government using System Information and Event Management (SIEM). The main contribution of this research is a simple, fast, and accurate cybercrime detection process in the e-Government environment by increasing the level of log and event data analysis with the SIEM approach. SIEM technology based on machine learning and big data is implemented with Elastic Stack. The implemented technique can be used as a mitigation program against cybercrime threats that often attack and target e-Government. With simple, accurate, and fast cybercrime detection, it is expected to improve e-Government security and increase public confidence in public services organized by government agencies.

Security; Cybercrime Detection; SIEM; Log Analysis; E-Government; Elastic Stack

J. Ahmed and Q. Tushar, "Covid-19 Pandemic: A New Era Of Cyber Security Threat And Holistic Approach To Overcome," 2020 IEEE Asia-Pacific Conference on Computer Science and Data Engineering (CSDE), 2020, pp. 1-5, doi: 10.1109/CSDE50874.2020.9411533.

A. A. Najar and M. Naik S, "Covid-19 Impact on Cyber Crimes in India: A Systematic Study," 2022 IEEE India Council International Subsections Conference (INDISCON), 2022, pp. 1-8, doi: 10.1109/INDISCON54605.2022.9862935.

S. Hakak, W. Z. Khan, M. Imran, K. -K. R. Choo and M. Shoaib, "Have You Been a Victim of COVID-19-Related Cyber Incidents? Survey, Taxonomy, and Mitigation Strategies," in IEEE Access, vol. 8, pp. 124134-124144, 2020, doi: 10.1109/ACCESS.2020.3006172.

J. P. Kesan and L. Zhang, "An Empirical Investigation of the Relationship between Local Government Budgets, IT Expenditures, and Cyber Losses," in IEEE Transactions on Emerging Topics in Computing, vol. 9, no. 2, pp. 582-596, 1 April-June 2021, doi: 10.1109/TETC.2019.2915098.

Huda, Mirojul & Yunas, Novy, "The Development of e-Government System in Indonesia", Jurnal Bina Praja. 08., 2016, pp. 97-108, doi: 10.21787/JBP.08.2016.97-108.

O. S. Al-Mushayt, "Automating E-Government Services With Artificial Intelligence," in IEEE Access, vol. 7, pp. 146821-146829, 2019, doi: 10.1109/ACCESS.2019.2946204.

A. J. Horta Neto and A. Fernandes Pereira dos Santos, "Cyber Threat Hunting Through Automated Hypothesis and Multi-Criteria Decision Making," 2020 IEEE International Conference on Big Data (Big Data), 2020, pp. 1823-1830, doi: 10.1109/BigData50022.2020.9378213.

S. Byeon and W. Suh, "A Study on the Government's Countermeasures Against Cyber Attacks," 2020 IEEE International Conference on Big Data and Smart Computing (BigComp), 2020, pp. 495-499, doi: 10.1109/BigComp48618.2020.00-17.

A. A. Ali and M. Zamri Murah, "Security Assessment of Libyan Government Websites," 2018 Cyber Resilience Conference (CRC), 2018, pp. 1-4, doi: 10.1109/CR.2018.8626862.

J. P. Kesan and L. Zhang, "An Empirical Investigation of the Relationship between Local Government Budgets, IT Expenditures, and Cyber Losses," in IEEE Transactions on Emerging Topics in Computing, vol. 9, no. 2, pp. 582-596, 1 April-June 2021, doi: 10.1109/TETC.2019.2915098.

Zhang, Y., Xiao, Y., Ghaboosi, K., Zhang, J. and Deng, H. (2012), A survey of cyber crimes. Security Comm. Networks, 5: 422-437. https://doi.org/10.1002/sec.331

G. Tsakalidis and K. Vergidis, "A Systematic Approach Toward Description and Classification of Cybercrime Incidents," in IEEE Transactions on Systems, Man, and Cybernetics: Systems, vol. 49, no. 4, pp. 710-729, April 2019, doi: 10.1109/TSMC.2017.2700495.

W. A. Al-Khater, S. Al-Maadeed, A. A. Ahmed, A. S. Sadiq, and M. K. Khan, "Comprehensive Review of Cybercrime Detection Techniques," in IEEE Access, vol. 8, pp. 137293-137311, 2020, doi: 10.1109/ACCESS.2020.3011259.

M. Xu, K. M. Schweitzer, R. M. Bateman, and S. Xu, "Modeling and Predicting Cyber Hacking Breaches," in IEEE Transactions on Information Forensics and Security, vol. 13, no. 11, pp. 2856-2871, Nov. 2018, doi: 10.1109/TIFS.2018.2834227.

B. Arief and M. A. Bin Adzmi, "Understanding Cybercrime from Its Stakeholders' Perspectives: Part 2--Defenders and Victims," in IEEE Security & Privacy, vol. 13, no. 2, pp. 84-88, Mar.-Apr. 2015, doi: 10.1109/MSP.2015.44.

B. Arief, M. A. B. Adzmi and T. Gross, "Understanding Cybercrime from Its Stakeholders' Perspectives: Part 1--Attackers," in IEEE Security & Privacy, vol. 13, no. 1, pp. 71-76, Jan.-Feb. 2015, doi: 10.1109/MSP.2015.19.

A. A. Ahmed and Y. W. Kit, "Collecting and Analyzing Digital Proof Material to Detect Cybercrimes," 2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech), 2018, pp. 742-747, doi: 10.1109/DASC/PiCom/DataCom/CyberSciTec.2018. 00129.

A. Sørensen, M. J. Remy, N. Kjettrup, R. V. Mahmoud and J. M. Pedersen, "An Approach to Detect and Prevent Cybercrime in Large Complex Networks," 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), 2018, pp. 1-8, doi: 10.1109/CyberSecPODS.2018.8560687.

P. He, J. Zhu, S. He, J. Li, and M. R. Lyu, "Towards Automated Log Parsing for Large-Scale Log Data Analysis," in IEEE Transactions on Dependable and Secure Computing, vol. 15, no. 6, pp. 931-944, 1 Nov.-Dec. 2018, doi: 10.1109/TDSC.2017.2762673.

Y. Xie, K. Yang, and P. Luo, "LogM: Log Analysis for Multiple Components of Hadoop Platform," in IEEE Access, vol. 9, pp. 73522-73532, 2021, doi: 10.1109/ACCESS.2021.3076897.

S. Locke, H. Li, T. -H. P. Chen, W. Shang, and W. Liu, "LogAssist: Assisting Log Analysis Through Log Summarization," in IEEE Transactions on Software Engineering, vol. 48, no. 9, pp. 3227-3241, September 1 2022, doi: 10.1109/TSE.2021.3083715.

O. Podzins and A. Romanovs, "Why SIEM is Irreplaceable in a Secure IT Environment?," 2019 Open Conference of Electrical, Electronic and Information Sciences (eStream), 2019, pp. 1-5, doi: 10.1109/eStream.2019.8732173.

S. Kobayashi, K. Otomo, K. Fukuda, and H. Esaki, "Mining Causality of Network Events in Log Data," in IEEE Transactions on Network and Service Management, vol. 15, no. 1, pp. 53-67, March 2018, doi: 10.1109/TNSM.2017.2778096.

J. Lee, J. Kim, I. Kim and K. Han, "Cyber Threat Detection Based on Artificial Neural Networks Using Event Profiles," in IEEE Access, vol. 7, pp. 165607-165626, 2019, doi: 10.1109/ACCESS. 2019.2953095.

N. Afzaliseresht, Y. Miao, S. Michalska, Q. Liu, and H. Wang, "From logs to Stories: Human-Centred Data Mining for Cyber Threat Intelligence," in IEEE Access, vol. 8, pp. 19089-19099, 2020, doi: 10.1109/ACCESS.2020.2966760.

F. Özdemir Sönmez and B. Günel, "Evaluation of Security Information and Event Management Systems for Custom Security Visualization Generation," 2018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT), 2018, pp. 38-44, doi: 10.1109/IBIGDELFT.2018.8625291.

H. Mokalled, R. Catelli, V. Casola, D. Debertol, E. Meda and R. Zunino, "The Applicability of a SIEM Solution: Requirements and Evaluation," 2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), 2019, pp. 132-137, doi: 10.1109/WETICE.2019.00036.

Florian Menges, Tobias Latzo, Manfred Vielberth, Sabine Sobola, Henrich C. Pöhls, Benjamin Taubmann, Johannes Köstler, Alexander Puchta, Felix Freiling, Hans P. Reiser, Günther Pernul,” Towards GDPR-compliant data processing in modern SIEM systems”, Computers & Security, Volume 103, 2021,102165, ISSN 0167-4048, https://doi.org/10.1016/j.cose.2020.102165.

Elastic Corporation, "ES," Elastic Corporation, (24/10/2021). What is the ELK Stack? Why, it's the Elastic Stack. Available: https://www.elastic.co/what-is/elk-stack [Accessed: 30-March-2022]

I. Kotenko, A. Kuleshov and I. Ushakov, "Aggregation of elastic stack instruments for collecting, storing and processing of security information and events," 2017 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computed, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), 2017, pp. 1-8, doi: 10.1109/UIC-ATC.2017.8397627.

F. Mulyadi, L. A. Annam, R. Promya and C. Charnsripinyo, "Implementing Dockerized Elastic Stack for Security Information and Event Management," 2020 - 5th International Conference on Information Technology (InCIT), 2020, pp. 243-248, doi: 10.1109/InCIT50588.2020.9310950.

W. U. Hassan, A. Bates, and D. Marino, "Tactical Provenance Analysis for Endpoint Detection and Response Systems," 2020 IEEE Symposium on Security and Privacy (SP), 2020, pp. 1172-1189, doi: 10.1109/SP40000.2020.00096.

S. Sandhya, S. Purkayastha, E. Joshua and A. Deep, "Assessment of website security by penetration testing using Wireshark," 2017 4th International Conference on Advanced Computing and Communication Systems (ICACCS), Coimbatore, India, 2017, pp. 1-4, doi: 10.1109/ICACCS.2017.8014711.

C. Rathnayaka and A. Jamdagni, "An Efficient Approach for Advanced Malware Analysis Using Memory Forensic Technique," 2017 IEEE Trustcom/BigDataSE/ICESS, Sydney, NSW, Australia, 2017, pp. 1145-1150, doi: 10.1109/Trustcom/BigDataSE/ICESS. 2017.365.

T. Kakarla, A. Mairaj and A. Y. Javaid, "A Real-World Password Cracking Demonstration Using Open Source Tools for Instructional Use," 2018 IEEE International Conference on Electro/Information Technology (EIT), Rochester, MI, USA, 2018, pp. 0387-0391, doi: 10.1109/EIT.2018.8500257.

W. Ahmed and B. Aslam, "A comparison of Windows physical memory acquisition tools," MILCOM 2015 - 2015 IEEE Military Communications Conference, Tampa, FL, USA, 2015, pp. 1292-1297, doi: 10.1109/MILCOM.2015.7357623.