Abstract:
The swift proliferation of operating system (OS) log data and the intricacy of modern cyber
threats have shown inadequacies in traditional forensic analysis methods. Current systems have
difficulties in processing large volumes of diverse data in real time, leading to inefficiencies in
anomaly detection and incomplete investigations. This research addresses these problems by
developing an AI-integrated operating system log analysis tool to automate log processing,
detect anomalies, and enable cross-platform forensic investigation.
Methodology: The research employs a hybrid AI approach, combining supervised learning for
identified threat signatures with unsupervised methods for the detection of unknown anomalies.
Log parsing and normalization activities are automated to standardize data across Windows,
Linux, and macOS systems. The tool's modular design facilitates scalability, and development
follows Agile and prototyping methodologies to ensure iterative improvements and stakeholder
involvement. Models are evaluated based on parameters like accuracy, AUC-ROC, and false-
Positivehrates.
Initial Results: The initial prototype achieved 94% accuracy in anomaly detection, with an
AUC-ROC of 0.91 and a false-positive rate of 4%. The system efficiently normalized diverse OS
logs and processed them in near-real-time, demonstrating its capabilities to enhance forensic
procedures. Further improvements are planned to increase detection rates and integrate real-time
capabilities
