Dynamic security log processing using deep learning techniques

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26220%2F22%3APU144474" target="_blank" >RIV/00216305:26220/22:PU144474 - isvavai.cz</a>

Nalezeny alternativní kódy

RIV/00216305:26220/22:PU150909

Výsledek na webu

—

DOI - Digital Object Identifier

—

Jazyk výsledku

angličtina

Název v původním jazyce

Dynamic security log processing using deep learning techniques

Popis výsledku v původním jazyce

Recently, the number of discovered cyber attacks increases rapidly. Tools for stealing personal data, destroying systems, or controlling infrastructure become continuously sophisticated to achieve malicious aims. Companies are trying to reduce the number of risks on their assets by using various security monitoring devices and tools. SIEM solutions are used for security monitoring, allowing different logs to be correlated. They offer visibility for security teams and allow early response to attacks. The main problem of SIEM software is the implementation of log parsing, which directly influences correlation rules efficiency. Usually, the biggest limitation is parsing dynamic log structures from different event sources. The main contribution of this paper is to apply advanced deep neural networks which use attention mechanisms for efficient log content parsing and its understanding. The proposed question answering model for feature extraction from raw logs should achieve automatic log procession. Obtained results show indisputable advantages of deep attention techniques compared to the common approaches.

Název v anglickém jazyce

Dynamic security log processing using deep learning techniques

Popis výsledku anglicky

Recently, the number of discovered cyber attacks increases rapidly. Tools for stealing personal data, destroying systems, or controlling infrastructure become continuously sophisticated to achieve malicious aims. Companies are trying to reduce the number of risks on their assets by using various security monitoring devices and tools. SIEM solutions are used for security monitoring, allowing different logs to be correlated. They offer visibility for security teams and allow early response to attacks. The main problem of SIEM software is the implementation of log parsing, which directly influences correlation rules efficiency. Usually, the biggest limitation is parsing dynamic log structures from different event sources. The main contribution of this paper is to apply advanced deep neural networks which use attention mechanisms for efficient log content parsing and its understanding. The proposed question answering model for feature extraction from raw logs should achieve automatic log procession. Obtained results show indisputable advantages of deep attention techniques compared to the common approaches.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

20203 - Telecommunications

Projekt

<a href="/cs/project/VI20192022149" target="_blank" >VI20192022149: Systém distribuovaného dohledu nad síťovým provozem L2/L3 dle vyhlášky č. 317/2014 Sb. a zákona 181/2014 Sb.</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2022

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings II of the 28th Conference STUDENT EEICT 2022

ISBN

978-80-214-6030-0

ISSN

—

e-ISSN

—

Počet stran výsledku

4

Strana od-do

1-4

Název nakladatele

Neuveden

Místo vydání

Brno University of Technology; The Faculty of El

Místo konání akce

Brno

Datum konání akce

26. 4. 2022

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—