OpenSOC-AI: Democratizing Security Operations with Parameter Efficient LLM Log Analysis
Enables SMBs without dedicated SOC resources to perform automated log analysis, though the approach is incremental (LoRA fine-tuning) and results are on a small held-out set.
OpenSOC-AI uses parameter-efficient fine-tuning of a 1.1B parameter language model on 450 SOC examples to achieve 68% threat classification accuracy (from 0%) and 58% severity accuracy (from 28%) in under five minutes on a single GPU, democratizing SOC capabilities for SMBs.
Small and medium sized businesses (SMBs) face an escalating cybersecurity threat landscape, yet most lack the resources to staff full Security Operations Centers (SOCs) or deploy enterprise grade detection platforms. This paper presents OpenSOC-AI, a lightweight log analysis framework that uses parameter efficient fine tuning of a 1.1-billion parameter language model (TinyLlama-1.1B) to perform automated threat classification, MITRE ATT&CK technique mapping, and severity assessment on raw security log entries. Using Low-Rank Adaptation (LoRA) with only 12.6 million trainable parameters (roughly 1.13% of the base model), we fine tuned on 450 domain specific SOC examples in under five minutes on a single NVIDIA T4 GPU. Testing on a heldout set of 50 examples showed a 68% point gain in threat classification accuracy (from 0% to 68%), a 30% point gain in severity accuracy (from 28% to 58%), and an F1 score of 0.68 compared to the untuned baseline. Full codebase, adapter weights, and datasets are publicly released to support reproducibility and community extension.