https://www.comsys.rwth-aachen.de/tags/security-log-data-management/Security Log Data ManagementHugo Blox Builder (https://hugoblox.com)en-usMon, 04 May 2026 00:00:00 +0000https://www.comsys.rwth-aachen.de/media/logo.svghttps://www.comsys.rwth-aachen.de/tags/security-log-data-management/https://www.comsys.rwth-aachen.de/openings/2026/2026-05-security-dt-logs/Mon, 04 May 2026 00:00:00 +0000https://www.comsys.rwth-aachen.de/openings/2026/2026-05-security-dt-logs/<h2 id="background">Background</h2> <img src="telekom.png" style="margin: 10px 5%; width: 20%; float:right;"> <p>In increasingly digital and high-throughput networks, retaining log data for extended periods is crucial for incident response and forensic analysis. Yet because truly malicious activity is rare relative to benign behavior, organizations often store massive volumes of logs only to discard them after a retention window (e.g., 12–16 months) without ever using them. An intelligent approach that prioritizes security-relevant logs can preserve storage capacity, extend retention for truly valuable data, and concentrate analysis on information that matters during investigations. In collaboration with Deutsche Telekom Technik, this thesis aims to define and operationalize &ldquo;heightened interest&rdquo; for logs, ensuring long-term retention is risk-aware, cost-effective, and aligned with incident response needs.</p> <h2 id="your-approach">Your Approach</h2> <p>This thesis will develop an AI-assisted framework for long-term log retention that prioritizes security relevance while respecting storage budgets and compliance requirements. Building on modern Transformer‑based models (e.g., BERT or domain variants like LogBERT), complemented by selectively used LLMs for normalization and analyst‑facing explanations, the approach estimates the significance of individual logs and their surrounding context. These signals are combined with asset criticality, incident response needs, and storage constraints to drive a transparent, budget-aware retention policy that keeps high-value events (and relevant context windows) for longer, while judiciously downsampling lower-value records within regulatory bounds.</p> <h2 id="what-we-offer">What we offer</h2> <ul> <li>The opportunity to address cutting-edge <strong>security challenges</strong></li> <li>This thesis is in collaboration with Deutsche Telekom Technik GmbH, which will support the thesis with <strong>real-world data</strong> and <strong>expert knowledge from cybersecurity professionals</strong>.</li> </ul> <h2 id="what-we-expect">What we expect</h2> <ul> <li>Good understanding of <strong>machien learning techniques</strong></li> <li>Solid programming skills (preferably in Python)</li> <li>Experience with the <strong>Transformers/LLMs</strong> is a plus, but not mandatory</li> <li>Ability to work independently and <strong>communicate effectively and regularly</strong></li> </ul> <h2 id="contact--application">Contact &amp; Application</h2> <p>If you are interested, please send a brief motivation explaining how your skills fit the topic and your transcript of records via email.</p>