Enhancing Security Monitoring with AI-Enabled Log Collection and NLP Modules on a Unified Open Source Platform
MetadataShow full item record
The number of computer attacks continues to increasedaily, posing significant challenges to modern securityadministrators to provide security in their organizations. Withthe rise of sophisticated cyber threats, it is becoming increasinglydifficult to detect and prevent attacks using traditional securitymeasures. As a result, security monitoring solutions such asSecurity Information and Event Management (SIEM) have becomea critical component of modern security infrastructures. However,these solutions still face limitations, and administrators areconstantly seeking ways to enhance their capabilities to effectivelyprotect their cyber units. This paper explores how advanced deeplearning techniques can help boost security monitoring capabilitiesby utilizing them throughout all stages of log processing. Thepresented platform has the potential to fundamentally transformand bring about a significant change in the field of securitymonitoring with advanced AI capabilities. The study includes adetailed comparison of modern log collection platforms, with thegoal of determining the most effective approach. The key benefitsof the proposed solution are its scalability and multipurposenature. The platform integrates an open source solution andallows the organization to connect any event log sources or theentire SIEM solution, normalize and filter data, and use thisdata to train and deploy different AI models to perform differentsecurity monitoring tasks more efficiently.
KeywordsArtificial intelligence, deep learning, Fluentd, logcollection, log processing, Logstash, security monitoring, SIEM
Document typePeer reviewed
Document versionFinal PDF
SourceProceedings II of the 29st Conference STUDENT EEICT 2023: Selected papers. s. 217-221. ISBN 978-80-214-6154-3