Cyber Anomaly Detection using RNN Language model
The work in this project is based on the paper "Recurrent Neural Network Language Models for Open Vocabulary Event-Level Cyber Anomaly Detection"
The paper is referencing this LANL security data "Comprehensive, Multi-Source Cyber-Security Events" only the proc.txt and redteam.txt are used in the paper.
The project consists of different experimental code:
- experiment1: The implementation is loosly based on the safekit project code.
- experiment2: Our own implementation using Keras model and Tensorflow Eager execution.
- Extend the language model to include attention as described in the paper "Recurrent Neural Network Attention Mechanisms for Interpretable System Log Anomaly Detection"
- Experiment with an encoder/decoder language models
- Running system with multiple tasks to process user logs using RISELab Ray