Extended authentication based on user log analysis in the operating system

Abstract: The paper is devoted to the systematization of modern methods for feature extraction and anomaly detection based on the anal-ysis of operating system logs to address the problem of ex-tended authentication. Approaches to processing and structur-ing system logs are reviewed and classified, including the ex-traction of quantitative, index, semantic, temporal, parametric, and graph features. An overview of open datasets for log anal-ysis is provided. The authors performed a comparative analysis of the effectiveness of various feature extraction methods and anomaly detection algorithms, encompassing statistical meth-ods, classical machine learning, neural networks, and hybrid models. Effectiveness was evaluated in terms of the perfor-mance metrics of classifiers solving the final task. The most promising areas for developing extended authentication sys-tems are identified. The research results can be applied to to enhance the security of information systems through the devel-opment of adaptive authentication mechanisms based on user activity monitoring.

Keywords: information security, feature extraction, machine learning, extended authentication