| Abstract [eng] |
The final master’s project analyses principles of cybercrime, the significance of event logs in the detection of cybercrimes, and the methods and tools designed to identify anomalies and malicious activities within event logs. A method for detecting anomalies in web server event logs is proposed, based on an LSTM model combined with a custom-designed rule set. The rule set serves to annotate errors and provide supplementary insights. The study details the processes and principles of data preparation, tokenization, and vectorization required for the LSTM model, all of which are critical for the successful training and deployment of the machine learning model. The proposed method is implemented in the form of a prototype capable of detecting anomalies in components such as IP addresses, paths, parameters, status codes, and request methods. The study outlines the steps for deploying and using the prototype, accompanied by screenshots illustrating its functionality. Furthermore, the research process and its results are comprehensively presented. Four experiments were conducted: two ablation studies, in which neural network layers were removed and batch sizes adjusted during training to achieve the lowest possible validation loss; an accuracy evaluation to assess how effectively the developed method can detect anomalies within event log entries; and a performance evaluation, which investigated the relationship between log processing time and event volume across different devices. |
