Advanced system log analyzer for anomaly detection and cyber forensic investigations using LSTM and transformer networks
Guardado en:
| Publicado en: | Journal of Cloud Computing vol. 14, no. 1 (Dec 2025), p. 60 |
|---|---|
| Autor principal: | |
| Otros Autores: | , , , , , , |
| Publicado: |
Springer Nature B.V.
|
| Materias: | |
| Acceso en línea: | Citation/Abstract Full Text Full Text - PDF |
| Etiquetas: |
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
| Resumen: | This framework presents an innovative methodology that combines LSTM, Transformer, and GNN models to effectively capture both temporal and spatial patterns within log data, thus improving cybersecurity anomaly detection and forensic analysis. By utilizing LSTM networks, the system is able to model sequential log patterns over time, which aids in identifying hidden attack behaviors. Transformer architectures are employed to examine contextual relationships within logs, allowing for accurate, context-sensitive classification. Moreover, Graph Neural Networks (GNNs) depict logs as interconnected graphs, which facilitates the identification of coordinated multi-stage attacks from various sources. The integration of these models enables a thorough analysis of log data, simultaneously capturing dynamic temporal sequences and intricate relationships. The system autonomously correlates logs from system, network, and application sources to reconstruct attack timelines and identify emerging threats in real time. Empirical assessments on datasets such as HDFS, CICIDS, and UNSW-NB15 indicate that this integrated approach outperforms traditional methods, achieving detection accuracies of up to 98.2%, minimizing false positives, and expediting forensic investigations—thereby significantly enhancing the capabilities of automated cybersecurity monitoring and response. |
|---|---|
| ISSN: | 2192-113X |
| DOI: | 10.1186/s13677-025-00789-y |
| Fuente: | Research Library |