AI for Scalable Defensive Cyber Log Analysis
DownloadMain Report (1.890Mb)
Metadata
Show full item recordAbstract
Centralized cyber logging platforms ingest large
volumes of heterogeneous telemetry, yet high dimensionality
and query-driven workflows often limit scalable analytic insight
on these systems. This work presents an automated pipeline
for ingesting, characterizing, and analyzing large-scale hostbased
logs using sparse representations and distribution-aware
statistics. A systematic dimensional analysis reduces hundreds of
raw log fields to a small set of informative dimensions suitable
for aggregation across extended time windows. Temporal analysis
of the reduced representation reveals coordinated deviations
in activity volume and distributional behavior that are not
apparent in individual log streams. The results demonstrate that
dimensional reduction enables scalable, interpretable analysis
of enterprise cyber telemetry. Furthermore, these results were
obtained using host-based sensors designed for event-oriented
point-defense and demonstrate the feasibility of integrating such
sensors to enable long-range, long-duration area defense.
Date issued
2026-03-20Department
Lincoln LaboratoryKeywords
defensive cyber operations, log analysis, anomaly detection, sparse matrices, enterprise networks