Skip to main content

LUP Student Papers

LUND UNIVERSITY LIBRARIES

AI-driven Log Analysis for Intrusion Detection

Sundin, Johan and Särud, Linus (2024)
Department of Automatic Control
Abstract
Today’s security systems generate system logs that contain information about important events such as intrusion attempts and hardware failures. However, the large volume of data makes manual analysis impractical. Instead, this thesis proposes a method of using AI for classification.
Building on previous research, a transformer model has been integrated with a hyperspherical loss function and a Large Language Model (LLM). This combination handles the context of new logs and enhances the detection of anomalies. In collaboration with Advenica, the work contributes to the cybersecurity field by integrating a transformer model with a previously proposed embedding approach to create a model with better accuracy than previous approaches.
The... (More)
Today’s security systems generate system logs that contain information about important events such as intrusion attempts and hardware failures. However, the large volume of data makes manual analysis impractical. Instead, this thesis proposes a method of using AI for classification.
Building on previous research, a transformer model has been integrated with a hyperspherical loss function and a Large Language Model (LLM). This combination handles the context of new logs and enhances the detection of anomalies. In collaboration with Advenica, the work contributes to the cybersecurity field by integrating a transformer model with a previously proposed embedding approach to create a model with better accuracy than previous approaches.
The model demonstrated an overall improvement in performance on both benchmark datasets (HDFS and BGL) when concept drift was not considered, with F1- scores of 0.931 compared to 0.766 for HDFS, and 0.952 compared to 0.694 for BGL. When concept drift was taken into account, the F1-scores were 0.831 compared to 0.807 for HDFS, and 0.871 compared to 0.721 for BGL. (Less)
Please use this url to cite or link to this publication:
author
Sundin, Johan and Särud, Linus
supervisor
organization
year
type
H3 - Professional qualifications (4 Years - )
subject
report number
TFRT-6232
other publication id
0280-5316
language
English
id
9173491
date added to LUP
2024-09-09 09:20:55
date last changed
2024-09-09 09:20:55
@misc{9173491,
  abstract     = {{Today’s security systems generate system logs that contain information about important events such as intrusion attempts and hardware failures. However, the large volume of data makes manual analysis impractical. Instead, this thesis proposes a method of using AI for classification.
 Building on previous research, a transformer model has been integrated with a hyperspherical loss function and a Large Language Model (LLM). This combination handles the context of new logs and enhances the detection of anomalies. In collaboration with Advenica, the work contributes to the cybersecurity field by integrating a transformer model with a previously proposed embedding approach to create a model with better accuracy than previous approaches.
 The model demonstrated an overall improvement in performance on both benchmark datasets (HDFS and BGL) when concept drift was not considered, with F1- scores of 0.931 compared to 0.766 for HDFS, and 0.952 compared to 0.694 for BGL. When concept drift was taken into account, the F1-scores were 0.831 compared to 0.807 for HDFS, and 0.871 compared to 0.721 for BGL.}},
  author       = {{Sundin, Johan and Särud, Linus}},
  language     = {{eng}},
  note         = {{Student Paper}},
  title        = {{AI-driven Log Analysis for Intrusion Detection}},
  year         = {{2024}},
}