The aim of the work is to develop an automated way to collect and mark up operating system system log entries containing information about computer attacks and legitimate user actions. The study provides a brief overview of modern methods for detecting computer attacks, including through log file analysis using machine learning methods. One of the problems with learning remains the lack of publicly available up-to-date marked-up datasets. In order to create a database containing information about system log entries and related computer attacks and user scenarios, the authors designed and deployed a special research stand and provided a detailed description of its elements. Software products have been developed that make it possible to simulate various computer attacks and user scenarios in an automated mode, as well as collect and save virtual machine system log entries enriched with relevant metadata. As a result of a series of experiments, a database has been formed containing marked-up entries of the operating system's system logs, which can be used to train machine learning models and use them in modern intelligent information security tools.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Automated Collection and Marking of Operating System Log Entries in the Task of Detecting Computer Attacks

  • A. V. Pavlychev,
  • К. V. Kuzminetc,
  • D. E. Breus,
  • A. A. Shelupanov

摘要

The aim of the work is to develop an automated way to collect and mark up operating system system log entries containing information about computer attacks and legitimate user actions. The study provides a brief overview of modern methods for detecting computer attacks, including through log file analysis using machine learning methods. One of the problems with learning remains the lack of publicly available up-to-date marked-up datasets. In order to create a database containing information about system log entries and related computer attacks and user scenarios, the authors designed and deployed a special research stand and provided a detailed description of its elements. Software products have been developed that make it possible to simulate various computer attacks and user scenarios in an automated mode, as well as collect and save virtual machine system log entries enriched with relevant metadata. As a result of a series of experiments, a database has been formed containing marked-up entries of the operating system's system logs, which can be used to train machine learning models and use them in modern intelligent information security tools.