Internal threat detection (IDT) aims to address security threats within organizations or enterprises by identifying potential or already occurring malicious threats within vast amounts of logs. Although organizations or enterprises have dedicated personnel responsible for reviewing these logs, it is impossible to manually examine all logs entirely.In response to the vast number of logs, we propose a system called RedChronos, which is a Large Language Model-Based Log Analysis System. This system incorporates innovative improvements over previous research by employing Query-Aware Weighted Voting and a Semantic Expansion-based Genetic Algorithm with LLM-driven Mutations. On the public datasets CERT 4.2 and 5.2, RedChronos outperforms or matches existing approaches in terms of accuracy, precision, and detection rate. Moreover, RedChronos reduces the need for manual intervention in security log reviews by approximately 90% in the Xiaohongshu Security Operation Center. Therefore, our RedChronos system demonstrates exceptional performance in handling IDT tasks, providing innovative solutions for these challenges. We believe that future research can continue to enhance the system's performance in IDT tasks while also reducing the response time to internal risk events.

翻译：内部威胁检测旨在通过分析海量日志来识别组织或企业内部潜在或已发生的恶意威胁，以应对内部安全风险。尽管组织或企业通常配备专门人员负责审查这些日志，但完全依赖人工检查所有日志并不可行。针对日志数量庞大的挑战，我们提出了一种名为RedChronos的系统，这是一种基于大语言模型的日志分析系统。该系统在先前研究基础上进行了创新改进，采用了查询感知加权投票机制以及基于语义扩展的遗传算法（配备LLM驱动的变异操作）。在公开数据集CERT 4.2和5.2上，RedChronos在准确率、精确率和检出率方面均优于或持平现有方法。此外，在小红书安全运营中心的实际部署中，RedChronos将安全日志审查所需的人工干预减少了约90%。因此，我们的RedChronos系统在处理内部威胁检测任务时表现出卓越性能，为应对相关挑战提供了创新解决方案。我们相信，未来研究可继续提升该系统在内部威胁检测任务中的性能，同时进一步缩短对内部风险事件的响应时间。