AI-driven Log Analysis for Intrusion Detection
(2024)Department of Automatic Control
- Abstract
- Today’s security systems generate system logs that contain information about important events such as intrusion attempts and hardware failures. However, the large volume of data makes manual analysis impractical. Instead, this thesis proposes a method of using AI for classification.
Building on previous research, a transformer model has been integrated with a hyperspherical loss function and a Large Language Model (LLM). This combination handles the context of new logs and enhances the detection of anomalies. In collaboration with Advenica, the work contributes to the cybersecurity field by integrating a transformer model with a previously proposed embedding approach to create a model with better accuracy than previous approaches.
The... (More) - Today’s security systems generate system logs that contain information about important events such as intrusion attempts and hardware failures. However, the large volume of data makes manual analysis impractical. Instead, this thesis proposes a method of using AI for classification.
Building on previous research, a transformer model has been integrated with a hyperspherical loss function and a Large Language Model (LLM). This combination handles the context of new logs and enhances the detection of anomalies. In collaboration with Advenica, the work contributes to the cybersecurity field by integrating a transformer model with a previously proposed embedding approach to create a model with better accuracy than previous approaches.
The model demonstrated an overall improvement in performance on both benchmark datasets (HDFS and BGL) when concept drift was not considered, with F1- scores of 0.931 compared to 0.766 for HDFS, and 0.952 compared to 0.694 for BGL. When concept drift was taken into account, the F1-scores were 0.831 compared to 0.807 for HDFS, and 0.871 compared to 0.721 for BGL. (Less)
Please use this url to cite or link to this publication:
http://lup.lub.lu.se/student-papers/record/9173491
- author
- Sundin, Johan and Särud, Linus
- supervisor
- organization
- year
- 2024
- type
- H3 - Professional qualifications (4 Years - )
- subject
- report number
- TFRT-6232
- other publication id
- 0280-5316
- language
- English
- id
- 9173491
- date added to LUP
- 2024-09-09 09:20:55
- date last changed
- 2024-09-09 09:20:55
@misc{9173491, abstract = {{Today’s security systems generate system logs that contain information about important events such as intrusion attempts and hardware failures. However, the large volume of data makes manual analysis impractical. Instead, this thesis proposes a method of using AI for classification. Building on previous research, a transformer model has been integrated with a hyperspherical loss function and a Large Language Model (LLM). This combination handles the context of new logs and enhances the detection of anomalies. In collaboration with Advenica, the work contributes to the cybersecurity field by integrating a transformer model with a previously proposed embedding approach to create a model with better accuracy than previous approaches. The model demonstrated an overall improvement in performance on both benchmark datasets (HDFS and BGL) when concept drift was not considered, with F1- scores of 0.931 compared to 0.766 for HDFS, and 0.952 compared to 0.694 for BGL. When concept drift was taken into account, the F1-scores were 0.831 compared to 0.807 for HDFS, and 0.871 compared to 0.721 for BGL.}}, author = {{Sundin, Johan and Särud, Linus}}, language = {{eng}}, note = {{Student Paper}}, title = {{AI-driven Log Analysis for Intrusion Detection}}, year = {{2024}}, }