English

Memory-Augmented Log Analysis with Phi-4-mini: Enhancing Threat Detection in Structured Security Logs

Cryptography and Security 2025-10-02 v1

Abstract

Structured security logs are critical for detecting advanced persistent threats (APTs). Large language models (LLMs) struggle in this domain due to limited context and domain mismatch. We propose \textbf{DM-RAG}, a dual-memory retrieval-augmented generation framework for structured log analysis. It integrates a short-term memory buffer for recent summaries and a long-term FAISS-indexed memory for historical patterns. An instruction-tuned Phi-4-mini processes the combined context and outputs structured predictions. Bayesian fusion promotes reliable persistence into memory. On the UNSW-NB15 dataset, DM-RAG achieves 53.64% accuracy and 98.70% recall, surpassing fine-tuned and RAG baselines in recall. The architecture is lightweight, interpretable, and scalable, enabling real-time threat monitoring without extra corpora or heavy tuning.

Keywords

Cite

@article{arxiv.2510.00529,
  title  = {Memory-Augmented Log Analysis with Phi-4-mini: Enhancing Threat Detection in Structured Security Logs},
  author = {Anbi Guo and Mahfuza Farooque},
  journal= {arXiv preprint arXiv:2510.00529},
  year   = {2025}
}
R2 v1 2026-07-01T06:09:41.419Z