Internal threat detection aims to address security threats within organizations or enterprises by identifying potential or already occurring malicious threats within vast amounts of logs. Although organizations or enterprises have dedicated personnel responsible for reviewing these logs, it is impossible to manually examine all logs entirely. In response to the vast number of logs, we propose a system called RedChronos, which is a Large Language Model-Based Log Analysis System. This system incorporates innovative improvements over previous research by employing Query-Aware Weighted Voting and a Semantic Expansion-based Genetic Algorithm with LLM-driven Mutations. On the public datasets CERT 4.2 and 5.2, RedChronos outperforms or matches existing approaches in terms of accuracy, precision, and detection rate. Moreover, RedChronos reduces the need for manual intervention in security log reviews by 90\% in the Xiaohongshu SOC. Therefore, our RedChronos system demonstrates exceptional performance in handling Internal Threat Detection (IDT) tasks, providing innovative solutions for these challenges. We believe that future research can continue to enhance the system's performance in IDT tasks while also reducing the response time to internal risk events.

翻译：内部威胁检测旨在通过在海量日志中识别潜在或已发生的恶意威胁，以应对组织或企业内部的安全威胁。尽管组织或企业设有专门人员负责审查这些日志，但完全人工检查所有日志是不可能的。针对海量日志问题，我们提出了一种名为RedChronos的系统，它是一个基于大语言模型的日志分析系统。该系统通过采用查询感知加权投票和基于语义扩展的遗传算法（结合LLM驱动的变异），对先前研究进行了创新性改进。在公开数据集CERT 4.2和5.2上，RedChronos在准确性、精确率和检测率方面优于或匹配现有方法。此外，在小红书安全运营中心（SOC）中，RedChronos将安全日志审查所需的人工干预减少了90\%。因此，我们的RedChronos系统在处理内部威胁检测（IDT）任务方面表现出卓越性能，为这些挑战提供了创新解决方案。我们相信，未来的研究可以持续提升系统在IDT任务中的性能，同时降低对内部风险事件的响应时间。