TY - GEN
T1 - Anomaly Detection in Application Logs with Attention Mechanism-Enhanced LSTM
AU - Nusantara, Adetiya Bagus
AU - Studiawan, Hudan
AU - Ijtihadie, Royyana Muslim
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - As digital technology continues to spread across various sectors, the need for robust cybersecurity becomes increasingly critical. One way to ensure security is by identifying potential threats and anomalies through application log analysis. Traditional methods that rely only on rule-based detection are often insufficient to adapt to new attack patterns. This research addresses these limitations by integrating rule-based detection with Sigma rules into the ELK (Elasticsearch, Logstash, Kibana) platform to generate a structured dataset. Logs are collected from monitored applications and categorized into normal, system anomalies, or user anomalies. A modified long short-term memory (lstm) model with an attention mechanism is trained on the labeled dataset to improve anomaly detection. Experimental results show that the LSTM model with the attention mechanism achieves the highest performance, with an accuracy of 98.52%, precision of 98.66%, recall of 98.52%, and an F1-score of 98.55%, outperforming RNN, GRU, and standard LSTM models in anomaly detection.
AB - As digital technology continues to spread across various sectors, the need for robust cybersecurity becomes increasingly critical. One way to ensure security is by identifying potential threats and anomalies through application log analysis. Traditional methods that rely only on rule-based detection are often insufficient to adapt to new attack patterns. This research addresses these limitations by integrating rule-based detection with Sigma rules into the ELK (Elasticsearch, Logstash, Kibana) platform to generate a structured dataset. Logs are collected from monitored applications and categorized into normal, system anomalies, or user anomalies. A modified long short-term memory (lstm) model with an attention mechanism is trained on the labeled dataset to improve anomaly detection. Experimental results show that the LSTM model with the attention mechanism achieves the highest performance, with an accuracy of 98.52%, precision of 98.66%, recall of 98.52%, and an F1-score of 98.55%, outperforming RNN, GRU, and standard LSTM models in anomaly detection.
KW - anomaly detection
KW - application logs
KW - cybersecurity
KW - deep learning
KW - long short term memory
KW - rule-based
UR - https://www.scopus.com/pages/publications/105018308686
U2 - 10.1109/CONIT65521.2025.11167751
DO - 10.1109/CONIT65521.2025.11167751
M3 - Conference contribution
AN - SCOPUS:105018308686
T3 - 2025 5th International Conference on Intelligent Technologies, CONIT 2025
BT - 2025 5th International Conference on Intelligent Technologies, CONIT 2025
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 5th IEEE International Conference on Intelligent Technologies, CONIT 2025
Y2 - 20 June 2025 through 22 June 2025
ER -