Research Article NeuralNetwork-BasedVotingSystemwithHighCapacityand LowComputationforIntrusionDetectioninSIEM/IDSSystems NabilMoukafih ,GhizlaneOrhanou,andSaidElHajji Laboratory of Mathematics, Computing and Applications-Information Security, Faculty of Sciences, Mohammed V University in Rabat, BP1014 RP, Rabat, Morocco Correspondence should be addressed to Nabil Moukafih; moukafih.nab@gmail.com Received 24 December 2019; Revised 23 June 2020; Accepted 29 June 2020; Published 16 July 2020 Academic Editor: Mamoun Alazab Copyright © 2020 Nabil Moukafih et al. is is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Integrating intelligence into intrusion detection tools has received much attention in the last years. e goal is to improve the detection capability within SIEM and IDS systems in order to cope with the increasing number of attacks using sophisticated and complex methods to infiltrate systems. Current SIEM and IDS systems have many processes involved, which work together to collect, analyze, detect, and send notification of failures in real time. Event normalization, for example, requires significant processing power to handle network events. So, adding heavy deep learning models will invoke additional resources for the SIEM or IDS tool. is paper presents a majority system based on reliability approach that combines simple feedforward neural networks, as weak learners, and produces high detection capability with low computation resources. e experimental results show that the model is very suitable for modeling a classification model with high accuracy and that its performance is superior to that of complex resource-intensive deep learning models. 1.Introduction It is no secret that Internet access has become an indis- pensable part of life. In fact, most businesses and govern- ment institutions operate online. However, in addition to the important benefits and services offered daily by computer networks, they also raise network security issues as many unscrupulous cyberattackers are also active on the Web, waiting to hit vulnerable systems. e integration of cybersecurity tools and threat detection has become in- creasingly important to prevent downtime. Security devices such as Security Information and Event Management, or SIEM [1], and Intrusion Detection Systems, or IDS [2], have become a core part of monitoring and defending networks and hosts against intrusions. Unfortunately, this has become quite difficult as attacks are evolving rapidly in terms of complexity and sophisti- cation, especially attacks with signatures that are not recorded in public databases (0-day attacks) and those that target specific systems and vulnerabilities. Such attacks can be used to go unnoticed by most organizations’ defense mechanisms and infiltrate the target network. Indeed, in the 2018 data breach investigations, we see that 68% of breaches last year took months or longer to be discovered [3], and these breaches happen within few minutes or even seconds. Under these constraints, researchers and security experts try to provide intelligence, adaptation, and pattern recog- nition for SIEM and IDS systems. In particular, they use machine learning models to improve the efficiency and accuracy of these systems by providing historical data to these models. is gives the algorithm or the model more “experience,” which can, in turn, be used to make better decisions or predictions. For this reason, machine learning techniques represent the best choice over traditional rule- based algorithms and even human operators [4], and they are widely used in multiple fields and industries [5]. e problem is that machine learning models have some par- ticularly demanding needs in terms of computational re- sources to train and calibrate. On the other hand, SIEM/IDS have other resource-intensive processes such as collecting Hindawi Security and Communication Networks Volume 2020, Article ID 3512737, 15 pages https://doi.org/10.1155/2020/3512737