Modern cybersecurity audit logs track user activities, including data access, modifications, and deletions, to identify security incidents. These logs play a crucial role in forensic analysis following security breaches. However, performing large-scale audits manually is labor-intensive, inefficient, and prone to human error. This research proposes the development of an intelligent audit log query chatbot powered by Large Language Models (LLMs) to automate forensic investigations. The chatbot enables forensic investigators to query audit logs using natural language, providing real-time insights into suspicious activities while storing audit logs in MongoDB. By automating the detection and summarization of suspicious activities, this system enhances efficiency, accuracy, and scalability compared to traditional manual and rule-based log analysis methods. Additionally, it serves as an AI-driven alternative to conventional log analysis, addressing the limitations of existing approaches. The proposed solution can be seamlessly integrated with large Security Information and Event Management (SIEM) systems, improving security monitoring and forensic auditing.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Intelligent Audit Log Query Chatbot for Database Forensics Using LLM

  • Anushree Krishna Suryavanshi,
  • Vinod Pachghare

摘要

Modern cybersecurity audit logs track user activities, including data access, modifications, and deletions, to identify security incidents. These logs play a crucial role in forensic analysis following security breaches. However, performing large-scale audits manually is labor-intensive, inefficient, and prone to human error. This research proposes the development of an intelligent audit log query chatbot powered by Large Language Models (LLMs) to automate forensic investigations. The chatbot enables forensic investigators to query audit logs using natural language, providing real-time insights into suspicious activities while storing audit logs in MongoDB. By automating the detection and summarization of suspicious activities, this system enhances efficiency, accuracy, and scalability compared to traditional manual and rule-based log analysis methods. Additionally, it serves as an AI-driven alternative to conventional log analysis, addressing the limitations of existing approaches. The proposed solution can be seamlessly integrated with large Security Information and Event Management (SIEM) systems, improving security monitoring and forensic auditing.