Log File Analysis using Machine Learning and Artificial Intelligence

Topic description:

Today's computer systems and network elements record hundreds or thousands of events in log files that describe standard and non-standard device behavior or ongoing communications. By analyzing these events, it is possible to describe the typical behavior of a given device and detect anomalies caused, for example, by cyber-attacks.

Research includes the use of advanced machine learning and artificial intelligence techniques to detect anomalies based on log data. The topic includes designing a behavioral model for processing log events, representing events using features, and building a behavioral model based on the training data. Machine learning methods, time series or AI models can be used for anomaly detection.

The goal of the research is to propose efficient methods for automated analysis and anomaly detection of log information and to demonstrate how this method can be used to ensure the cybersecurity of computer systems.

References:

• Henriques, J.; Caldeira, F.; Cruz, T.; Simões, P. Combining K-Means and XGBoost Models for Anomaly Detection Using Log Datasets. Electronics, 2020, 9, 1164.
• Catillo, M., Pecchia, A., Villano, U.: AutoLog: Anomaly detection by deep autoencoding of system logs, Expert Systems with Applications, Volume 191, 2022, 116263, ISSN 0957-4174.
• Mehta, S., Kothuri, P., Garcia, D.L.: Anomaly Detection for Network Connection Logs, 2018, 1812.01941, arXiv.