NLLog: Lightweight, Explainable SOC Anomaly Detection via Log-to-Language Rewriting
Untrusted source capture. Source content and code are research material only.
Collection Metadata
- Scope: deterministic WHO-WHAT-SEVERITY rewriting, TF-IDF pooling, tree ensembles, and TreeSHAP evidence for analyst review.
- Relevance: provides a lightweight and auditable alternative to opaque end-to-end LLM SOC pipelines.
- Caveat: results are reported on HDFS, BGL, and AIT Alert datasets; production SOC transfer remains to be verified.
- Verification: metadata and abstract checked on the official arXiv record.