Go to DBLP homepageMM-LogVec: System Log Anomaly Detection Method Based on Multimodal Representation Learning
Abstract: Advanced persistent threats (APTs) pose significant risks to national infrastructure and corporate security. System logs record interactions between system entities, which are widely used for APT detection. However, the complex syntax and intricate relationships in system logs pose significant challenges to the performance of deep learning models. This paper proposes MM-LogVec, a novel anomaly detection method based on multimodal feature representation. It introduces three pre-training tasks to learn joint embeddings of logs and security events, establishing semantic associations between log operations and security events through cross-modal feature alignment, thereby enhancing the understanding of complex behaviors. Additionally, a lightweight graph autoencoder is used to model interaction relationships among entities, enabling entity-level anomaly detection via feature reconstruction. Evaluations across 10 APT scenarios show MM-LogVec’s exceptional performance, with a true positive rate of 98.19% and a false positive rate of 3.93%, while improving processing speed by a factor of 9 compared to the state-of-the-art AIRTAG.
External IDs:dblp:conf/icassp/LiZL25
Loading