| |
The article presents an analytical review of modern methods of intelligent event log analysis in the field of information security, focusing on the integration of neural networks and heuristic approaches. The relevance of the study is due to the rapid growth in the volume and complexity of analyzing system event logs, as well as the need to promptly identify new types of threats. Such as APT attacks and Zero-day vulnerabilities that cannot be effectively detected by traditional methods (signature analysis, manual filtering).
The key features of neural network architectures for analyzing time sequences presented in event logs are considered. Including LSTM and GRU architectures, autoencoders for anomaly detection, as well as hybrid models combining machine learning with signature methods and manual methods. Special attention was paid to heuristic approaches that complement neural network solutions, increasing the interpretability of results and reducing the burden on computing resources. Practical solutions are being found, such as the use of entropy clustering methods and dynamic adaptation of trigger thresholds based on historical statistics.
The article details the stages of log mining: from data collection and preprocessing to training models and evaluating their effectiveness using accuracy, half-note, and F1-measure metrics. The integration of methods into industrial SIEM systems, including MaxPatrol SIEM and Kaspersky Unified Monitoring and Analysis Platform, is described, with an emphasis on technical aspects (software interfaces, scalability, data transfer security). The key problems of introducing new approaches are discussed, such as the interpretability of neural network "black boxes", optimization of resources for processing big data, and the need to adapt models to evolving threats (new threats). Self-learning systems, standardization of event log formats for intelligent analysis, as well as the introduction of Explicable AI (XAI) to increase confidence in solutions are noted as promising areas of development.
Keywords:event log analysis, security event management systems (SIEM), information security, anomaly detection, artificial intelligence, machine learning.
|
LEGAL
INFORMATION:
