Proceedings of International Conference on Applied Innovation in IT  ·  2026/03/31  ·  Vol. 14  ·  Issue 1  ·  pp. 153–162
A Semi-Supervised Ensemble Framework for Anomaly Detection in Cybersecurity Logs
Harbi Mahmood Abbas, Ziyad Tariq Mustafa Al-Ta’i and Hamza Aagela
📄 Download PDF DOI: 10.25673/123549
Abstract
Anomaly detection is crucial in cybersecurity logs; nevertheless, system logs' extensive size and complexity render manual analysis impractical. Traditional supervised methods necessitate extensive labelled datasets, whereas unsupervised methods lack robustness. To address these difficulties, we proposed a novel semi-supervised framework for anomaly detection in cybersecurity logs. It employs a hybrid feature representation, deep learning, traditional models, and ensemble techniques. The framework has many critical layers: hybrid feature representation TF-IDF (sparse feature), SBERT (semantic feature), and statistical features. Anomaly detection employs an Auto-Encoder, a Bi-LSTM module, and two traditional models: an isolation forest and a one-class support vector machine. The outputs of these models are integrated using a two-layer approach: weighted averaging (soft voting) and stacking via a random forest optimizer. Experimental findings on the HDFS dataset demonstrate that this hybrid semi-supervised approach enhances detection accuracy, scalability, and robustness, offering an efficient method for enhancing cybersecurity via log-based anomaly detection.
Keywords
Semi-Supervised Ensemble Learning Anomaly Detection Cybersecurity Logs Deep Learning.
References
  1. Z. T. M. Al-Ta’i and S. M. Sadoon, “Visual cryptography based on chaotic logistic map in multi-cloud,” in AIP Conference Proceedings, vol. 3097, no. 1, 2024.
  2. S. A. H. Sándor R. Répás, “Anomaly Detection in Log Files Based on Machine Learning Techniques,” J. Electr. Syst., vol. 20, no. 3s, pp. 1299-1311, 2024, doi: 10.52783/jes.1505.
  3. Y. Zhang et al., “Deep Learning for Anomaly Detection in Cybersecurity,” ACM Trans. Cybersecurity, no. February, 2021.
  4. Y. Alaca, Y. Çelik, and S. Goel, “Anomaly Detection in Cyber Security with Graph-Based LSTM in Log Analysis,” Chaos Theory Appl., pp. 188-197, 2023, doi: 10.51537/chaos.1348302.
  5. Y. Zhang, X. Chang, L. Fang, and Y. Lu, “Deeplog: Deep-learning-based log recommendation,” in 2023 IEEE/ACM 45th International Conference on Software Engineering: Companion Proceedings (ICSE-Companion), 2023, pp. 88-92.
  6. F. Hadadi, J. H. Dawes, D. Shin, D. Bianculli, and L. Briand, “Systematic evaluation of deep learning models for log-based failure prediction,” Empir. Softw. Eng., vol. 29, no. 5, p. 105, 2024.
  7. D. S. M. Meena Siwach, “Anomaly detection for web log data analysis: A review,” J. Algebr. Stat., vol. 13, no. 1, pp. 129-148, 2022.
  8. L. Yang et al., “Try with simpler-an evaluation of improved principal component analysis in log-based anomaly detection,” ACM Trans. Softw. Eng. Methodol., vol. 33, no. 5, pp. 1-27, 2024.
  9. C. Egersdoerfer, D. Zhang, and D. Dai, “Clusterlog: Clustering logs for effective log-based anomaly detection,” in 2022 IEEE/ACM 12th Workshop on Fault Tolerance for HPC at eXtreme Scale (FTXS), 2022, pp. 1-10.
  10. P. Jia, S. Cai, B. C. Ooi, P. Wang, and Y. Xiong, “Robust and transferable log-based anomaly detection,” Proc. ACM Manag. Data, vol. 1, no. 1, pp. 1-26, 2023.
  11. M. Goldstein and S. Uchida, “Behavior Analysis Using Unsupervised Anomaly Detection,” in 10th Jt. Work. Mach. Percept. Robot., no. October, 2014.
  12. A. Aziz and K. Munir, “Anomaly Detection in Logs Using Deep Learning,” IEEE Access, vol. 12, no. November, pp. 176124-176135, 2024, doi: 10.1109/ACCESS.2024.3506332.
  13. Y. Duan et al., “LogEDL: Log Anomaly Detection via Evidential Deep Learning,” Appl. Sci., vol. 14, no. 16, pp. 1-18, 2024, doi: 10.3390/app14167055.
  14. M. Siwach and S. Mann, “Anomaly Detection for Web Log based Data: A Survey,” in 2022 IEEE Delhi Sect. Conf. (DELCON), vol. 13, no. 1, pp. 129-148, 2022, doi: 10.1109/DELCON54057.2022.9753130.
  15. M. Fahim and A. Sillitti, “Anomaly Detection, Analysis and Prediction Techniques in IoT Environment: A Systematic Literature Review,” IEEE Access, vol. 7, pp. 81664-81681, 2019, doi: 10.1109/ACCESS.2019.2921912.
  16. Y. Lee, J. Kim, and P. Kang, “LAnoBERT: System log anomaly detection based on BERT masked language model,” Appl. Soft Comput., vol. 146, 2023, doi: 10.1016/j.asoc.2023.110689.
  17. C. Zhang et al., “LayerLog: Log sequence anomaly detection based on hierarchical semantics,” Appl. Soft Comput., vol. 132, p. 109860, 2023, doi: 10.1016/j.asoc.2022.109860.
  18. T. Rajendran, N. Mohamed Imtiaz, K. Jagadeesh, and B. Sampathkumar, “Cybersecurity Threat Detection Using Deep Learning and Anomaly Detection Techniques,” in 2024 Int. Conf. Knowl. Eng. Commun. Syst. (ICKECS), vol. 1, pp. 1-7, 2024, doi: 10.1109/ICKECS61492.2024.10617347.
  19. S. Wang, R. Jiang, Z. Wang, and Y. Zhou, “Deep Learning-based Anomaly Detection and Log Analysis for Computer Networks,” J. Inf. Comput., vol. 2024, no. 2, pp. 34-63, 2024, [Online]. Available: https://doi.org/10.30211/JIC.202402.005.
  20. V. Çetin and O. Yıldız, “A comprehensive review on data preprocessing techniques in data analysis,” Pamukkale Üniversitesi Mühendislik Bilim. Derg., vol. 28, no. 2, pp. 299-312, 2022.
  21. A. Sharma, M. Agrawal, S. D. Roy, V. Gupta, P. Vashisht, and T. Sidhu, “Deep learning to diagnose Peripapillary Atrophy in retinal images along with statistical features,” Biomed. Signal Process. Control, vol. 64, p. 102254, 2021.
  22. M. M. Lasiyono, N. Nurhayati, T. G. Soares, and M. Mulyadi, “Enhancing Support Vector Machine Performance for Heart Attack Prediction using RobustScaler-Based Outlier Handling,” Bull. Informatics Data Sci., vol. 4, no. 1, pp. 1-9, 2025.
  23. A. Falini, “A review on the selection criteria for the truncated SVD in Data Science applications,” J. Comput. Math. Data Sci., vol. 5, p. 100064, 2022.
  24. W. Xu, L. Huang, A. Fox, D. Patterson, and M. I. Jordan, “Detecting large-scale system problems by mining console logs,” in Proc. ACM SIGOPS 22nd Symp. Operating Systems Principles, 2009, pp. 117-132.

Proceedings of the International Conference on Applied Innovations in IT by Anhalt University of Applied Sciences is licensed under CC BY-SA 4.0  ·  This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License

ICAIIT 2026
International Conference on Applied Innovation in IT
Navigation
Publisher
ISSN2199-8876
Publisher Edition Hochschule Anhalt
Location Anhalt University of Applied Sciences
Email leiterin.hsb@hs-anhalt.de
Phone +49 (0) 3496 67 5611
Address Building 01, Room 425
Bernburger Str. 55
D-06366 Köthen, Germany
Open Access License
CC BY-SA 4.0

All works are licensed under the Creative Commons Attribution-ShareAlike 4.0 International License (CC BY-SA 4.0), unless otherwise noted.

Published by ICAIIT in cooperation with Anhalt University of Applied Sciences.

© 2026 ICAIIT — International Conference on Applied Innovations in IT. Anhalt University of Applied Sciences, Köthen, Germany.
Visitors: site traffic counter