Using artificial intelligence for threat detection in network logs

Abstract

Abstract. In the context of the constant growth in network traffic volumes and the complication of cyberattacks, traditional threat detection methods based on signatures and manual rules (Rule-Based Systems) are becoming insufficiently effective. A huge array of unstructured or semi-structured network logs contains vital but hidden signs of malicious activity that are practically impossible to detect with the human eye or simple scripts. This determines the relevance of the topic, due to the need to increase the speed and accuracy of cybersecurity systems. The use of Artificial Intelligence (AI) technologies, particularly Machine Learning (ML) and Deep Learning (DL) methods, is a key direction for automating log analysis, which allows for the detection of anomalies and zero-day attacks that lack known signatures. This is vitally necessary to maintain the cyber resilience of critical infrastructure and corporate networks.One of the goals is to conduct a comparative theoretical analysis of the effectiveness and applicability of various Artificial Intelligence architectures (particularly ML and DL methods) for automated detection of diverse cyber threats in large arrays of network logs, and to determine the optimal models. The scientific novelty lies in: Systematization of methods by providing a comparative analysis of the latest AI methods specifically in the context of network log processing, with a focus on preprocessing. The necessity of using ensemble AI models, which can combine the advantages of different algorithms for detecting multi-stage attacks, is substantiated.