Hybrid ML-Based Technique to Classify Malicious Activity Using Log Data of Systems

A computer system generates logs to record all relevant operational data about the system and all operations performed in such systems. System log examination is crucial in the identification of network- and system-level assaults. In comparison to established hazards, new technological advancements and better connections pose a greater degree of risk. Several machine learning algorithms that continually monitor logs of data have been created in the past to defend the system against many threats. The majority of earlier anomaly detection methods need a priori knowledge and are not intended for spotting recent or impending threats. Additionally, the growing volume of logs creates fresh difficulties for anomaly identification. In this study, we developed a machine learning technique that identifies abnormalities in the system log with higher accuracy and efficiency. In our suggested strategy, we started with three log features, preprocessed them, and then got more than 10 features for the model. We performed studies to test the effectiveness of our suggested approach, and the criteria for that included F1 scores, ROCs, accuracy, sensitivity, and specificity. We also evaluated how well our suggested technique performs in comparison to other methods. Our suggested solution has a greater rate of anomaly identification than any previously published algorithms as per the experimental findings based on the dataset obtained from the Blue Green/l supercomputer system.