Dynamic security log processing using deep learning techniques

Loading...
Thumbnail Image
Date
2022
ORCID
Advisor
Referee
Mark
Journal Title
Journal ISSN
Volume Title
Publisher
Vysoké učení technické v Brně, Fakulta elektrotechniky a komunikačních technologií
Altmetrics
Abstract
Recently, the number of discovered cyber attacks increases rapidly. Tools for stealing personal data, destroying systems, or controlling infrastructure become continuously sophisticated to achieve malicious aims. Companies are trying to reduce the number of risks on their assets by using various security monitoring devices and tools. SIEM solutions are used for security monitoring, allowing different logs to be correlated. They offer visibility for security teams and allow early response to attacks. The main problem of SIEM software is the implementation of log parsing, which directly influences correlation rules efficiency. Usually, the biggest limitation is parsing dynamic log structures from different event sources. The main contribution of this paper is to apply advanced deep neural networks which use attention mechanisms for efficient log content parsing and its understanding. The proposed question answering model for feature extraction from raw logs should achieve automatic log procession. Obtained results show indisputable advantages of deep attention techniques compared to the common approaches.
Description
Citation
Proceedings II of the 28st Conference STUDENT EEICT 2022: Selected papers. s. 184-187. ISBN 978-80-214-6030-0
https://conf.feec.vutbr.cz/eeict/index/pages/view/ke_stazeni
Document type
Peer-reviewed
Document version
Published version
Date of access to the full text
Language of document
en
Study field
Comittee
Date of acceptance
Defence
Result of defence
Document licence
© Vysoké učení technické v Brně, Fakulta elektrotechniky a komunikačních technologií
Citace PRO