Cyberattack event logs classification using deep learning with semantic feature analysis

Abstract

Event logs play a crucial role in cybersecurity by detecting potentially malicious network activities and preventing data loss or theft. Previous work did not place a high value on log messages and their impact on security breach prediction and intrusion detection. This research paper introduces a novel approach for log message analysis applied to a dataset of event logs collected from various web sources. Event log messages were analyzed and categorized based on event and attack types with an explainable AI emphasizing the value of its key data. The study aims to enhance intrusion detection and minimize performance degradation by identifying suspicious events. In this regard, a new semantic vectorization framework is proposed, leveraging deep learning architectures to develop semantic discriminating log features, offering a cogent explanation and classification of event log messages. The use of BERT deep embeddings as a baseline for the prediction model allows for visualizing and interpreting the formulation of log message semantic features. Several empirical scenarios are set and conducted extensively to evaluate the performance of the event log classifier, considering the attack type, event type, and zero-shot logs. The experimental results demonstrate that the proposed event log classifier outperforms state-of-the-art machine learning models, achieving a recall of 99.27% and a precision of 99.29%. This highlights the model’s ability to accurately identify events of a particular type by detecting as many suspicious events as feasible while minimizing the misclassification rate.