Closed gen3111620 closed 2 years ago
I am not sure whether I understand your questions correctly, but let me try to answer them:
I hope that clarifies the dataset a bit. Please let me know if anything is unclear
thanks a lot, I have seen this events mapping in your git In this paper work, is your input sequence is only 291 security events? not have normal log message (Others events log)?
The input sequences for our work consist of the latest 10 security events at each timestep. Where each security event can be one of the aforementioned 291 events. So the events that we are working with are not plain log messages, but instead security events generated by e.g., an intrusion detection system (IDS) or network security monitor (NSM) that analyses these log messages. This is illustrated in Figure 1 of our paper: https://vm-thijs.ewi.utwente.nl/static/homepage/papers/deepcase.pdf
Hi, I have some question about your lastline dataset description and model input
In your paper, I saw you describe dataset for 291 unique types of security events, and 7.8M events were used to give security operators additional information...
thanks.