Effective anomaly detection from logs is crucial for enhancing cybersecurity defenses by enabling the early identification of threats. Despite advances in anomaly detection, existing systems often fall short in areas such as post-detection validation, scalability, and effective maintenance. These limitations not only hinder the detection of new threats but also impair overall system performance. To address these challenges, we propose CEDLog, a novel practical framework that integrates Elastic Weight Consolidation (EWC) for continual learning and implements distributed computing for scalable processing by integrating Apache Airflow and Dask. In CEDLog, anomalies are detected through the synthesis of Multi-layer Perceptron (MLP) and Graph Convolutional Networks (GCNs) using critical features present in event logs. Through comparisons with update strategies on large-scale datasets, we demonstrate the strengths of CEDLog, showcasing efficient updates and low false positives

翻译：从日志中有效检测异常对于通过早期识别威胁来增强网络安全防御至关重要。尽管异常检测技术取得了进展，但现有系统在检测后验证、可扩展性和有效维护等方面仍存在不足。这些限制不仅阻碍了新威胁的检测，也损害了整体系统性能。为应对这些挑战，我们提出了CEDLog，这是一个新颖的实用框架。它集成了弹性权重巩固（EWC）以实现持续学习，并通过整合Apache Airflow和Dask实现了可扩展处理的分布式计算。在CEDLog中，异常检测是通过综合多层感知机（MLP）和图卷积网络（GCNs），利用事件日志中的关键特征来实现的。通过与大规模数据集上的更新策略进行比较，我们证明了CEDLog的优势，展示了其高效的更新能力和较低的误报率。