Технології журналювання кіберінцидентів : сучасний стан і перспективи розвитку.

Sviatoslav Vasylyshyn; Ihor Vlasiuk; Vitalii Susukailo

doi:10.33445/sds.2025.15.3.18

Sviatoslav Vasylyshyn Lviv Polytechnic National University https://orcid.org/0000-0003-4431-9964
Ihor Vlasiuk Lviv Polytechnic National University https://orcid.org/0009-0008-3600-750X
Vitalii Susukailo Lviv Polytechnic National University https://orcid.org/0000-0003-4431-9964

DOI: https://doi.org/10.33445/sds.2025.15.3.18

Keywords: cyber incidents, logging technologies, efficiency comparison, machine learning, large language models

Abstract

Purpose: to analyze and evaluate the challenges of regulatory frameworks governing cyber incident logging procedures in the context of Ukraine, methods and approaches to implementing log analysis technologies, techniques for assessing their effectiveness, and the primary directions for applying artificial intelligence capabilities in these processes.

Method: comparative analysis.

Findings: The study outlines and systematizes the main challenges faced by academic researchers, software developers, and system administrators in investigating the efficiency of automating cyber incident logging processes, comparing the functionality and effectiveness of existing implementations, and integrating artificial intelligence models into these processes. It also identifies key approaches to overcoming these challenges.

Theoretical implications: The research provides a theoretical generalization of the current state and prospects of cyber incident logging technologies based on an analysis of relevant regulatory documents, recent scientific and corporate publications, and the content of open-source software repositories.

Practical implications: The findings enable cybersecurity professionals to systematize evaluation criteria for selecting, developing, testing, integrating, and auditing cyber incident logging tools.

Value: In the national academic landscape, there is a notable lack of comprehensive publications addressing the holistic analysis of the state and prospects of cyber incident logging technologies, particularly in the context of Ukrainian realities.

Future research: Implementing most of the proposed approaches to improving cyber incident logging procedures requires significant financial and computational resource.

Papertype: Review and аnalytical.

Downloads

Download data is not yet available.

References

Administration of the State Service for Special Communications and Information Protection of Ukraine. (2024). Normative document of the State Service for Special Communications and Information Protection of Ukraine. 3.6-006-24. Available from : https://cip.gov.ua/services/cm/api/attachment/download?id=66109

Administration of the State Service for Special Communications and Information Protection of Ukraine and the Security Service of Ukraine. (2024). Some issues of development, approval and coordination of plans for the protection of critical infrastructure facilities under the projected national-level threat “cyber attack, cyber incident” (Order No. 627/772 of December 19, 2024). Available from : https://cip.gov.ua/ua/news/spilnii-nakaz-sluzhbi-bezpeki-ukrayini-ta-administraciyi-derzhspeczv-yazku-vid-19-grudnya-2024-roku-627-772-deyaki-pitannya-rozrobki-zatverdzhennya-ta-pogodzhennya-planiv-zakhistu-ob-yektiv-kritichnoyi-infrastrukturi-za-proektnoyu-zagrozoyu-nacionalnogo-rivnya-kiberataka-kiberincident

Administration of the State Service for Special Communications and Information Protection of Ukraine (2023) Methodological recommendations on the response of cybersecurity entities to various types of events in cyberspace. Order of the Administration of the State Service for Special Communications and Information Protection of Ukraine No. 570 dated 03.07.2023 Available from : https://zakon.rada.gov.ua/rada/show/v0570519-23#top

Gabrylchuk A. V., Susukaylo V. A., Kuriy E. O., Vasylyshyn S. I. (2025). Research on cyberattacks using machine learning on information security management systems. Computer Systems and Networks,7(1), 68-78. https://doi.org/10.23939/csn2025.01.068

Opirsky I.R., Susukaylo V., Vasylyshyn, S. (2022). Research into the possibilities of using chatbots with artificial intelligence for researching event logs. Information Protection, 24(4), 177-183. https://doi.org/10.18372/2410-7840.24.17380

On the Basic Principles of Ensuring Cybersecurity in Ukraine (2017). Law of Ukraine No. 2163-VIII of 05.10.2017 (as amended). Available from : https://zakon.rada.gov.ua/laws/show/2163-19#Text (Дата звернення: 23.05.2025)

Australian Cyber Security Centre (2024). Best practices for event logging and threat detection. Australian Signals Directorate. Available from : https://www.cyber.gov.au/sites/default/files/2024-08/best-practices-for-event-logging-and-threat-detection.pdf

Bakhtin, A., Nyyssölä, J., Wang, Y., Ahmad, N., Ping, K., Esposito, M., ... & Taibi, D. (2025). LO2: Microservice API Anomaly Dataset of Logs and Metrics. arXiv preprint arXiv:2504.12067. https://doi.org/10.48550/arXiv.2504.12067

Beck, V., Landauer, M., Wurzenberger, M., Skopik, F., & Rauber, A. (2025). System Log Parsing with Large Language Models: A Review. arXiv preprint arXiv:2504.04877. https://doi.org/10.48550/arXiv.2504.04877

Cantone, M., Marocco, C., & Bria, A. (2024) Generalization Challenges in Network Intrusion Detection: A Study on CIC-IDS2017 and CSE-CIC-IDS2018 Datasets. In 1st INTERNATIONAL PhD SYMPOSIUM ON ENGINEERING AND SPORT SCIENCE (p. 185).

Chai, X., Zhang, H., Zhang, J., Sun, Y., & Das, S. K. (2024). Log Sequence Anomaly Detection based on Template and Parameter Parsing via BERT. IEEE Transactions on Dependable and Secure Computing. https://doi.org/10.1109/TDSC.2024.3428538

Chen, S., & Liao, H. (2022). Bert-log: Anomaly detection for system logs based on pre-trained language model. Applied Artificial Intelligence, 36(1), 2145642. https://doi.org/10.1080/08839514.2022.2145642

Creech, G. (2014). Developing a high-accuracy cross platform host-based intrusion detection system capable of reliably detecting zero-day attacks (Doctoral dissertation, UNSW Sydney). https://doi.org/10.26190/unsworks/16615

Devlin, J., Chang, M. W., Lee, K., & Toutanova, K. (2019, June). Bert: Pre-training of deep bidirectional transformers for language understanding. In Proceedings of the 2019 conference of the North American chapter of the association for computational linguistics: human language technologies, volume 1 (long and short papers) (pp. 4171-4186). https://doi.org/10.18653/v1/N19-1423

Dube, R. (2024). Faulty use of the cic-ids 2017 dataset in information security research. Journal of Computer Virology and Hacking Techniques, 20(1), 203-211. http://dx.doi.org/10.1007/s11416-023-00509-7

European Parliament and Council of the European Union. (2022). Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive). Available from : https://eur-lex.europa.eu/eli/dir/2022/2555/oj

Guo, H., Yuan, S., & Wu, X. (2021, July). Logbert: Log anomaly detection via bert. In 2021 international joint conference on neural networks (IJCNN) (pp. 1-8). IEEE. https://doi.org/10.48550/arXiv.2103.04475

Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191, 110 Stat. 1936 (1996). URL : https://www.hhs.gov/hipaa/index.html

Highnam, K., Arulkumaran, K., Hanif, Z., & Jennings, N. R. (2021). Beth dataset: Real cybersecurity data for unsupervised anomaly detection research. In CEUR Workshop Proc (Vol. 3095, pp. 1-12).

Hoffmann, J., Borgeaud, S., Mensch, A., Buchatskaya, E., Cai, T., Rutherford, E., ... & Sifre, L. (2022). Training compute-optimal large language models. arXiv preprint arXiv:2203.15556. https://doi.org/10.48550/arXiv.2203.15556

International Organization for Standardization. (2022). Information security, cybersecurity and privacy protection — Information security management systems — Requirements (ISO/IEC 27001:2022). Available from : https://www.iso.org/standard/27001

International Organization for Standardization. (2023). Information technology — Information security incident management — Part 1: Principles and process (ISO/IEC 27035-1:2023). Available from : https://www.iso.org/standard/78973.html

Kent, K., & Souppaya, M. (2006). Guide to computer security log management (NIST Special Publication 800-92). National Institute of Standards and Technology. Available from : https://csrc.nist.gov/publications/detail/sp/800-92/final

Landauer, M., Mayer, K., Skopik, F., Wurzenberger, M., & Kern, M. (2024, December). Red team redemption: A structured comparison of open-source tools for adversary emulation. In 2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) (pp. 117-128). IEEE. https://doi.org/10.48550/arXiv.2408.15645

Landauer, M., Onder, S., Skopik, F., & Wurzenberger, M. (2023). Deep learning for anomaly detection in log data: A survey. Machine Learning with Applications, 12, 100470. https://doi.org/10.1016/j.mlwa.2023.100470

Li, Y., Huo, Y., Jiang, Z., Zhong, R., He, P., Su, Y., ... & Lyu, M. R. (2023). Exploring the effectiveness of llms in automated logging generation: An empirical study. arXiv preprint arXiv:2307.05950. https://doi.org/10.48550/arXiv.2307.05950

Ma, J., Liu, Y., Wan, H., & Sun, G. (2023). Automatic parsing and utilization of system log features in log analysis: A survey. Applied Sciences, 13(8), 4930. http://dx.doi.org/10.3390/app13084930

Mokalled, H., Catelli, R., Casola, V., Debertol, D., Meda, E., & Zunino, R. (2019, June). The applicability of a siem solution: Requirements and evaluation. In 2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE) (pp. 132-137). IEEE. DOI: 10.1109/WETICE.2019.00036 http://dx.doi.org/10.1109/WETICE.2019.00036

Payment Card Industry Security Standards Council (2022). Payment Card Industry Data Security Standard (PCI DSS) version 4.0. Available from : https://www.pcisecuritystandards.org/document_library?category=pcidss&document=pci_dss

Sardana, N., Portes, J., Doubov, S., & Frankle, J. (2023). Beyond chinchilla-optimal: Accounting for inference in language model scaling laws. arXiv preprint arXiv:2401.00448. https://doi.org/10.48550/arXiv.2401.00448

Sharafaldin, I., Lashkari, A. H., & Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp, 1(2018), 108-116. http://dx.doi.org/10.5220/0006639801080116

Skopik, F., Landauer, M., & Wurzenberger, M. (2021). Online log data analysis with efficient machine learning: A review. IEEE Security & Privacy, 20(3), 80-90. https://doi.org/10.1109/MSEC.2021.3113275

Stanković, S., Gajin, S., & Petrović, R. (2022). A Review of Wazuh tool capabilities for detecting attacks based on log analysis. No Nama Agent Integrity File Added Delete Modified, 1. Available from : https://www.etran.rs/2022/zbornik/ICETRAN-22_radovi/068-RTI2.6.pdf

Tamura, K. (2014, August 6). Unified logging layer: Turning data into action. Fluentd. Available from : https://www.fluentd.org/blog/unified-logging-layer

Tang, P., & Guan, Y. (2024). Log anomaly detection based on BERT. Signal, Image and Video Processing, 18(8), 6431-6441. http://dx.doi.org/10.1007/s11760-024-03327-6

Teixeira, D., Assunção, L., Pereira, T., Malta, S., & Pinto, P. (2019). OSSEC IDS extension to improve log analysis and override false positive or negative detections. Journal of Sensor and Actuator Networks, 8(3), 46. https://doi.org/10.3390/jsan8030046

Zhu, J., He, S., He, P., Liu, J., & Lyu, M. R. (2023, October). Loghub: A large collection of system log datasets for ai-driven log analytics. In 2023 IEEE 34th International Symposium on Software Reliability Engineering (ISSRE) (pp. 355-366). IEEE. https://doi.org/10.48550/arXiv.2008.06448

Cyber Incident Logging Technologies: Current State and Future Directions

Abstract

Downloads

References

Most read articles by the same author(s)

e-ISSN 2522-9842

Check for plagiarism

e-ISSN 2522-9842