Designing an Enhanced LSTM – XGBoost Architecture for Context-Oriented Anomaly Detection in Event Logs (CPU-based)

Abstract

Traditional IT infrastructure monitoring systems do not account for contextual relationships between events in log files, which leads to a high rate of false positives (up to 60–80%). This work proposes an innovative hybrid architecture that combines semantic understanding of event sequences (LSTM) with the classification accuracy of tabular models (XGBoost). The main idea is to create a “semantic fingerprint” of the event history for each service. The expected experimental results are anticipated to demonstrate an improvement in the F1 score by 15–25% while maintaining a low latency of less than 50 ms when running exclusively on CPU.