NLLog: Lightweight, Explainable SOC Anomaly Detection via Log-to-Language Rewriting
Researchers have developed NLLog, a novel pipeline that transforms system logs into human-readable sentences for enhanced security anomaly detection. This method uses a deterministic rewriting process, TF-IDF weighting, and tree ensemble classification, achieving superior performance over baseline methods on Hadoop Distributed File System and Blue Gene/L corpora. NLLog also maintains low false-positive rates with latency suitable for security operations centers, while ablations confirm its effectiveness and highlight corpus-dependent requirements for optimal deployment. AI
IMPACT Enhances security operations center efficiency by providing explainable anomaly detection from system logs.