|
|
Application for collecting security event logs from computer infrastructure
Žernovič, Michal ; Dobiáš, Patrik (oponent) ; Safonov, Yehor (vedoucí práce)
Computer infrastructure runs the world today, so it is necessary to ensure its security, and to prevent or detect cyber attacks. One of the key security activities is the collection and analysis of logs generated across the network. The goal of this bachelor thesis was to create an interface that can connect a neural network to itself to apply deep learning techniques. Embedding artificial intelligence into the logging process brings many benefits, such as log correlation, anonymization of logs to protect sensitive data, or log filtering for optimization a SIEM solution license. The main contribution is the creation of a platform that allows the neural network to enrich the logging process and thus increase the overall security of the network. The interface acts as an intermediary step to allow the neural network to receive logs. In the theoretical part, the thesis describes log files, their most common formats, standards and protocols, and the processing of log files. It also focuses on the working principles of SIEM platforms and an overview of current solutions. It further describes neural networks, especially those designed for natural language processing. In the practical part, the thesis explores possible solution paths and describes their advantages and disadvantages. It also analyzes popular log collectors (Fluentd, Logstash, NXLog) from aspects such as system load, configuration method, supported operating systems, or supported input log formats. Based on the analysis of the solutions and log collectors, an approach to application development was chosen. The interface was created based on the concept of a REST API that works in multiple modes. After receiving the records from the log collector, the application allows saving and sorting the records by origin and offers the user the possibility to specify the number of records that will be saved to the file. The collected logs can be used to train the neural network. In another mode, the interface forwards the logs directly to the AI model. The ingestion and prediction of the neural network are done using threads. The interface has been connected to five sources in an experimental network.
|
|
|
Enhancing Security Monitoring with AI-Enabled Log Collection and NLP Modules on a Unified Open Source Platform
Safonov, Yehor ; Zernovic, Michal
The number of computer attacks continues to increasedaily, posing significant challenges to modern securityadministrators to provide security in their organizations. Withthe rise of sophisticated cyber threats, it is becoming increasinglydifficult to detect and prevent attacks using traditional securitymeasures. As a result, security monitoring solutions such asSecurity Information and Event Management (SIEM) have becomea critical component of modern security infrastructures. However,these solutions still face limitations, and administrators areconstantly seeking ways to enhance their capabilities to effectivelyprotect their cyber units. This paper explores how advanced deeplearning techniques can help boost security monitoring capabilitiesby utilizing them throughout all stages of log processing. Thepresented platform has the potential to fundamentally transformand bring about a significant change in the field of securitymonitoring with advanced AI capabilities. The study includes adetailed comparison of modern log collection platforms, with thegoal of determining the most effective approach. The key benefitsof the proposed solution are its scalability and multipurposenature. The platform integrates an open source solution andallows the organization to connect any event log sources or theentire SIEM solution, normalize and filter data, and use thisdata to train and deploy different AI models to perform differentsecurity monitoring tasks more efficiently.
|
|
|
Application for collecting security event logs from computer infrastructure
Žernovič, Michal ; Dobiáš, Patrik (oponent) ; Safonov, Yehor (vedoucí práce)
Computer infrastructure runs the world today, so it is necessary to ensure its security, and to prevent or detect cyber attacks. One of the key security activities is the collection and analysis of logs generated across the network. The goal of this bachelor thesis was to create an interface that can connect a neural network to itself to apply deep learning techniques. Embedding artificial intelligence into the logging process brings many benefits, such as log correlation, anonymization of logs to protect sensitive data, or log filtering for optimization a SIEM solution license. The main contribution is the creation of a platform that allows the neural network to enrich the logging process and thus increase the overall security of the network. The interface acts as an intermediary step to allow the neural network to receive logs. In the theoretical part, the thesis describes log files, their most common formats, standards and protocols, and the processing of log files. It also focuses on the working principles of SIEM platforms and an overview of current solutions. It further describes neural networks, especially those designed for natural language processing. In the practical part, the thesis explores possible solution paths and describes their advantages and disadvantages. It also analyzes popular log collectors (Fluentd, Logstash, NXLog) from aspects such as system load, configuration method, supported operating systems, or supported input log formats. Based on the analysis of the solutions and log collectors, an approach to application development was chosen. The interface was created based on the concept of a REST API that works in multiple modes. After receiving the records from the log collector, the application allows saving and sorting the records by origin and offers the user the possibility to specify the number of records that will be saved to the file. The collected logs can be used to train the neural network. In another mode, the interface forwards the logs directly to the AI model. The ingestion and prediction of the neural network are done using threads. The interface has been connected to five sources in an experimental network.
|
host ::
RSS.