Publication: Threat Detection Based on Log Analysis for Automating Security Information and Event Management (SIEM) Functionality
| dc.contributor.author | Hewagama, C.A. | |
| dc.date.accessioned | 2026-02-10T09:58:54Z | |
| dc.date.issued | 2025-12 | |
| dc.description.abstract | The reliance of modern organizations on information systems continues to increase, making these infrastructures frequent targets for malicious activity. System logs represent a primary source of forensic evidence, yet the volume generated by large-scale environments renders manual inspection infeasible. Security Information and Event Management (SIEM) platforms automate log collection and correlation but remain limited in detecting evolving or previously unseen threats. As a result, there is growing interest in augmenting SIEM functionality through Natural Language Processing (NLP) and machine learning. This study investigates lightweight Transformer models as candidates for log-based anomaly detection in SIEM contexts. Two compressed architectures, DistilBERT and TinyBERT, are evaluated under parameter-efficient adaptation strategies: frozen encoders with linear classification heads and Low-Rank Adaptation (LoRA). Log templates are extracted using the Drain algorithm to normalize unstructured log data, and experiments are conducted on two benchmark datasets, BGL and HDFS. A classical baseline using TF-IDF with Logistic Regression is also included for comparison. Evaluation covers both detection metrics (precision, recall, F1-score, PR-AUC, ROC-AUC) and efficiency metrics (latency, throughput, memory usage). The scope of this research is limited to training and evaluation rather than live SIEM deployment. Its contribution lies in assessing the trade-offs between detection accuracy and computational efficiency across lightweight adaptation strategies, providing guidance on configurations most viable for integration into real-time SIEM pipelines. | |
| dc.identifier.uri | https://rda.sliit.lk/handle/123456789/4592 | |
| dc.language.iso | en | |
| dc.publisher | Sri Lanka Institute of Information Technology | |
| dc.subject | Threat detection based | |
| dc.subject | log analysis | |
| dc.subject | automating Security | |
| dc.subject | Security information | |
| dc.subject | event management | |
| dc.subject | (SIEM) functionality | |
| dc.title | Threat Detection Based on Log Analysis for Automating Security Information and Event Management (SIEM) Functionality | |
| dc.type | Thesis | |
| dspace.entity.type | Publication |
Files
Original bundle
1 - 2 of 2
- Name:
- Threat Detection Based on Log Analysis for Automating Security Information and Event Management (SIEM) Functionality 1-10.pdf
- Size:
- 379.79 KB
- Format:
- Adobe Portable Document Format
No Thumbnail Available
- Name:
- Threat Detection Based on Log Analysis for Automating Security Information and Event Management (SIEM) Functionality.pdf
- Size:
- 1.24 MB
- Format:
- Adobe Portable Document Format
License bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- license.txt
- Size:
- 1.69 KB
- Format:
- Item-specific license agreed upon to submission
- Description:
