AUTOMATED DATABASE AUDIT LOG ANALYSIS USING LARGE LANGUAGE MODELS: EVENT CORRELATION, INCIDENT RECONSTRUCTION AND EXPLAINABLE INSIGHTS

Abstract

The article investigates the application of large language models (LLMs) and machine learning techniques for automated analysis of database audit logs. Particular attention is given to event correlation, reconstruction of security incidents, and generation of explainable analytical insights based on database activity logs.

A conceptual framework for integrating LLMs into database auditing processes is proposed. The approach enables automatic detection of anomalies, suspicious access patterns, and potential violations of data access policies.

The study includes the analysis of audit log structures, preprocessing methods, and the use of NLP models for interpreting SQL queries and identifying behavioral patterns in database access. Examples of LLM-based analysis of user roles, SQL operations, and time-based sequences of events are presented.

The results demonstrate that the integration of artificial intelligence into database auditing systems can significantly improve cybersecurity monitoring capabilities, enhance incident investigation processes, and support explainable decision-making in data security management.