2026-05-05T14:33:01.440Z http://ezaposleni.singidunum.ac.rs/rest/sciNaucniRezultati/oai

ezaposleni.singidunum.ac.rs/rest/sciNaucniRezultati/oai:2:11883 2026-04-16T07:49:01Z 2

Framework for Semantic Threat Detection in Docker Container Environments with Local MoE LLMs 2026 http://ezaposleni.singidunum.ac.rs/rest/sciNaucniRezultati/oai/record/2/11883 https://www.mdpi.com/2079-9292/15/8/1664 I. Petrović M. Veinović S. Ilić M. Jovićević Docker systems are gaining widespread use due to their consistency, scalability, and ease of application portability, which addresses specific security challenges. Traditional monitoring and intrusion detection systems based on predefined rules often struggle with advanced attack patterns due to a lack of the capability to correlate incoming log messages. This paper proposes a correlation-aware log analysis approach based on a Mixture-of-Experts (MoE) large language models, enabling detection of malicious activity by analyzing both individual log entries and their contextual relationships within sequences of logs. The system processes each log in the context of 50 preceding messages, allowing identification of attack patterns that are not observable from isolated logs. To evaluate the approach, we generated a comprehensive dataset based on OWASP Top 10 attack scenarios, enriched with zero-day attacks such as Log4j and React2Shell, deployed in a distributed Docker Swarm environment. Multiple LLMs were evaluated under identical hardware conditions to ensure fair comparison. Experimental results demonstrate that while most models achieve comparable performance on single-log detection, significant differences emerge in contextual analysis. The proposed MoE-based approach demonstrates superior effectiveness, achieving an F1 score from 0.993 to 0.998 for contextual-log analysis. The contribution of this research is the novel use of MoE LLMs for log analysis, the distinct novel attack log dataset, and the unique framework based on offline technology that conserves hardware resources and data privacy. article 10.3390/electronics15081664 15 8 1664 2079-9292 ELECTRONICS