Detail publikace

Enhancing Security Monitoring with AI-Enabled Log Collection and NLP Modules on a Unified Open Source Platform

SAFONOV, Y. ŽERNOVIČ, M.

Originální název

Enhancing Security Monitoring with AI-Enabled Log Collection and NLP Modules on a Unified Open Source Platform

Typ

článek ve sborníku ve WoS nebo Scopus

Jazyk

angličtina

Originální abstrakt

The number of computer attacks continues to increase daily, posing significant challenges to modern security administrators to provide security in their organizations. With the rise of sophisticated cyber threats, it is becoming increasingly difficult to detect and prevent attacks using traditional security measures. As a result, security monitoring solutions such as Security Information and Event Management (SIEM) have become a critical component of modern security infrastructures. However, these solutions still face limitations, and administrators are constantly seeking ways to enhance their capabilities to effectively protect their cyber units. This paper explores how advanced deep learning techniques can help boost security monitoring capabilities by utilizing them throughout all stages of log processing. The presented platform has the potential to fundamentally transform and bring about a significant change in the field of security monitoring with advanced AI capabilities. The study includes a detailed comparison of modern log collection platforms, with the goal of determining the most effective approach. The key benefits of the proposed solution are its scalability and multipurpose nature. The platform integrates an open source solution and allows the organization to connect any event log sources or the entire SIEM solution, normalize and filter data, and use this data to train and deploy different AI models to perform different security monitoring tasks more efficiently.

Klíčová slova

correlation; deep learning; log processing; meta key extraction; natural language processing; SIEM; question answering

Autoři

SAFONOV, Y.; ŽERNOVIČ, M.

Vydáno

25. 4. 2023

Nakladatel

Brno University of Technology; The Faculty of Electrical Engineering and Communication

Místo

Brno

ISBN

978-80-214-6154-3

Kniha

Proceedings II of the 29th Conference STUDENT EEICT 2023 Selected Papers

Edice

1

ISSN

2788-1334

Periodikum

Proceedings II of the Conference STUDENT EEICT

Stát

Česká republika

Strany od

217

Strany do

221

Strany počet

4

URL

https://www.eeict.cz/eeict_download/archiv/sborniky/EEICT_2023_sbornik_2_v2.pdf

BibTex

@inproceedings{BUT184351,
  author="Yehor {Safonov} and Michal {Žernovič}",
  title="Enhancing Security Monitoring with AI-Enabled Log Collection and NLP Modules on a Unified Open Source Platform",
  booktitle="Proceedings II of the 29th Conference STUDENT EEICT 2023 Selected Papers",
  year="2023",
  series="1",
  journal="Proceedings II of the Conference STUDENT EEICT",
  pages="217--221",
  publisher="Brno University of Technology; The Faculty of Electrical Engineering and Communication",
  address="Brno",
  doi="10.13164/eeict.2023.217",
  isbn="978-80-214-6154-3",
  issn="2788-1334",
  url="https://www.eeict.cz/eeict_download/archiv/sborniky/EEICT_2023_sbornik_2_v2.pdf"
}