{"ID":2861879,"CreatedAt":"2026-06-01T04:54:23.091178241Z","UpdatedAt":"2026-06-01T04:54:23.091178241Z","DeletedAt":null,"paper_url":"https://arxiv.org/abs/2510.00529","arxiv_id":"2510.00529","title":"Memory-Augmented Log Analysis with Phi-4-mini: Enhancing Threat Detection in Structured Security Logs","abstract":"Structured security logs are critical for detecting advanced persistent threats (APTs). Large language models (LLMs) struggle in this domain due to limited context and domain mismatch. We propose \\textbf{DM-RAG}, a dual-memory retrieval-augmented generation framework for structured log analysis. It integrates a short-term memory buffer for recent summaries and a long-term FAISS-indexed memory for historical patterns. An instruction-tuned Phi-4-mini processes the combined context and outputs structured predictions. Bayesian fusion promotes reliable persistence into memory. On the UNSW-NB15 dataset, DM-RAG achieves 53.64% accuracy and 98.70% recall, surpassing fine-tuned and RAG baselines in recall. The architecture is lightweight, interpretable, and scalable, enabling real-time threat monitoring without extra corpora or heavy tuning.","short_abstract":"Structured security logs are critical for detecting advanced persistent threats (APTs). Large language models (LLMs) struggle in this domain due to limited context and domain mismatch. We propose \\textbf{DM-RAG}, a dual-memory retrieval-augmented generation framework for structured log analysis. It integrates a short-t...","url_abs":"https://arxiv.org/abs/2510.00529","url_pdf":"https://arxiv.org/pdf/2510.00529v1","authors":"[\"Anbi Guo\",\"Mahfuza Farooque\"]","published":"2025-10-01T05:23:05Z","proceeding":"cs.CR","tasks":"[\"cs.CR\"]","methods":"[\"RAG\",\"Large Language Model\",\"Language Model\"]","has_code":false}