Smart monitoring of cybersecurity incidents using machine learning

Date

2024-10-01

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

As cyber crime and Internet usage increase, cybersecurity solutions must evolve rapidly to keep pace. Despite significant advancements, these systems remain imperfect and are used daily by security analysts to monitor large networks, necessitating further improvements. Machine learning has gained traction in software development for added functionality, but its adoption in cybersecurity has been slow. This thesis introduces smart monitoring modules that employ machine learning to enhance cybersecurity tools and assist analysts in monitoring, investigating, and prioritizing threats. The anomaly detection module transforms log data into time series to detect abnormal activity, achieving an average F1 score of 87.24% across eight real-world datasets. Additionally, the threat assistance module utilizes historical threat tickets and state-of-the-art language models to classify and summarize threats, earning an F1 score of 85% across 38 cases and effectively summarizing relevant information in each instance.

Description

Keywords

Citation