Download PDFOpen PDF in browserMulti-Modal Fusion for Anomaly Detection in Cybersecurity: Integrating NLP with Network Traffic Data and System LogsEasyChair Preprint 1305814 pages•Date: April 20, 2024AbstractIn the realm of cybersecurity, the detection of anomalies and intrusions remains a paramount challenge due to the evolving nature of cyber threats. Traditional anomaly detection methods often rely on individual data sources, such as network traffic data or system logs, which may provide limited insights when analyzed in isolation. To address this limitation, this paper proposes a novel approach that leverages multi-modal fusion, specifically integrating Natural Language Processing (NLP) techniques with other modalities like network traffic data and system logs, to enhance anomaly detection capabilities. The integration of NLP with other modalities offers a holistic view of cybersecurity data, enabling a deeper understanding of potential threats and anomalies. By analyzing textual descriptions within system logs or network traffic metadata, NLP techniques can extract valuable contextual information, such as the intent behind certain activities or the presence of suspicious patterns. This textual information, when combined with quantitative data from network traffic or system logs, allows for a more comprehensive analysis of cybersecurity events. Furthermore, the fusion of multiple modalities enables the detection of anomalies that may not be apparent when analyzing each data source independently. For example, anomalies detected in network traffic data may be corroborated or further explained by textual information extracted from system logs, leading to more accurate threat identification and reduced false positives. Keyphrases: Cyber Threats, Cybersecurity, Multi-modal fusion, Natural Language Processing (NLP), Threat Detection, anomaly detection, contextual information, fusion techniques, network traffic data, system logs
|