LLM-Based Semantic Threat Detection in Docker Container Environments




Abstract:
Simplicity of portability, ease of management, and scalability are significant characteristics of Docker systems, which is why they are widely used in modern business systems, but they also carry certain security risks. One of the effective forms of prevention of potential threats is active monitoring of system operation through logs and the detection of malicious behavior through log messages. However, traditional security systems are focused on predefined rules that are not capable of detecting complex attack patterns. This paper analyzes the effectiveness of applying LLMs in attack detection. The system is implemented in such a way that specially adapted log messages of a custom application in Docker are collected through Rsyslog and then sent to an LLM model, GPT-4.0 mini, for individual and correlation analysis to analyze the maliciousness of log messages. The proposed model proved effective in interpreting both individual log messages and 50 log messages in correlation. For individual analysis, the system achieved an F1 score of 0.92, and for correlation analysis, it achieved an F1 score of 0.935, confirming higher system efficiency when maliciousness of log messages is interpreted within a broader context, which distinguishes it from standard attack detection systems.

CITATION:

IEEE format

I. Petrović, M. Veinović, M. Premović, I. Tot, B. Stojanović, “LLM-Based Semantic Threat Detection in Docker Container Environments,” in Sinteza 2026 - International Scientific Conference on Information Technology, Computer Science, and Data Science, Belgrade, Singidunum University, Serbia, 2026, pp. 183-190. doi:10.15308/Sinteza-2026-183-190

APA format

Petrović, I., Veinović, M., Premović, M., Tot, I., Stojanović, B. (2026). LLM-Based Semantic Threat Detection in Docker Container Environments. Paper presented at Sinteza 2026 - International Scientific Conference on Information Technology, Computer Science, and Data Science. doi:10.15308/Sinteza-2026-183-190

BibTeX format
Download

RefWorks Tagged format
Download