2021 International Conference on Military Communication and Information Systems (ICMCIS) 2021
DOI: 10.1109/icmcis52405.2021.9486307
|View full text |Cite
|
Sign up to set email alerts
|

Cyber Intrusion Detection using Natural Language Processing on Windows Event Logs

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1

Citation Types

0
3
0

Year Published

2023
2023
2024
2024

Publication Types

Select...
3
2
1

Relationship

0
6

Authors

Journals

citations
Cited by 8 publications
(4 citation statements)
references
References 8 publications
0
3
0
Order By: Relevance
“…The AAU_MalData dataset is divided into two subsets, AAU_MalData_Pure and AAU_MalData_Contagious; the first one corresponds to the regular operation of the Windows OS, while the latter to the analysis of 2,800 malware samples of Trojans and Backdoors type with the help of the proposed framework. Such dataset can be utilized, for instance, for the training of machine learning algorithms as suggested in [25] for advancing antimalware research.…”
Section: Discussionmentioning
confidence: 99%
“…The AAU_MalData dataset is divided into two subsets, AAU_MalData_Pure and AAU_MalData_Contagious; the first one corresponds to the regular operation of the Windows OS, while the latter to the analysis of 2,800 malware samples of Trojans and Backdoors type with the help of the proposed framework. Such dataset can be utilized, for instance, for the training of machine learning algorithms as suggested in [25] for advancing antimalware research.…”
Section: Discussionmentioning
confidence: 99%
“…In addition, traditional machine learning methods cannot efectively address the heterogeneity and evolution of logs, making the accuracy of anomaly detection based on traditional machine learning methods not very high. With the rapid development of deep learning and natural language processing, research has focused on the application of sequence-based [9][10][11][12][18][19][20][21] models. Du et al [9] designed the DeepLog framework using LSTM neural networks to realize online anomaly detection on system logs.…”
Section: Related Workmentioning
confidence: 99%
“…Te idea behind Logsy is that the auxiliary dataset is sufciently informative to enhance the representation of the normal data, yet diverse enough to regularize against overftting and improve generalization. Steverson et al [19] detect attacks on an enterprise network by applying mining NLP techniques to Windows Event Logs (WELs), using transformer models and self-supervised training methods. A self-supervised anomaly detection model was constructed by combining deep learning methods, traditional machine learning, and natural language processing.…”
Section: Related Workmentioning
confidence: 99%
“…In Steverson et. al., 30 their CALBAC program was able to successfully train transformer models to recognize statistical differences between insample and out-of-sample Windows event log files, thus allowing for the creation of powerful file-based anomaly detection software. In this work, we use CLAPBAC, 31 a network-based anomaly detection toolkit which enables the training of models with a transformer architecture analogous to those produced with CALBAC but which train on the headers of network packet captures rather than on system log files.…”
Section: Transformer Modelingmentioning
confidence: 99%