Anomaly Detection in System Logs Through Contrastive Self-Supervised Learning Integrated with the Wazuh SIEM Platform
DOI:
https://doi.org/10.3126/dgjbc.v1i1.91070Keywords:
Anomaly Detection, Contrastive Learning, Random Forest, Isolation Forest, Wazuh SIEM, NSL-KDDAbstract
Anomalies in system logs nowadays are very hard and difficult to identify due to their nature and originations from accounts of legitimate users. Traditional security systems seem to be very struggling to detect because threats depend on explicit attack signatures and the complex behavioral patterns of insider persons. This study gives us a framework which integrates contrastive self-supervised learning with the Security Information and Event Management (SIEM) platform to improve the detection of anomalies in system logs. The proposed system is using a data preprocessing pipeline, contrastive learning engine, and also integration interface which is capable of analyzing logs without hampering operational works. To evaluate the performance this study evaluated unsupervised and supervised algorithms. The results gain a high accuracy and an F1-score in favor of Random Forest algorithm. This research shows if we combine temporal activity patterns with organizational context in open source SIEM platform we can find improved threat detection capabilities. The research focuses on modern SIEM platforms for better detection of anomalies in real time environments, showing better results which are based on different evaluation techniques.
Downloads
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 The Author(s)

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
This license enables reusers to distribute, remix, adapt, and build upon the material in any medium or format for noncommercial purposes only, and only so long as attribution is given to the creator.