Published Paper Details:

Abstract--Modern organizations generate massive volumes of security telemetry--from endpoints, network appliances, identity providers, and cloud services--making manual triage of threats infeasible. This paper presents an AI-driven framework for anomaly detection in security events that couples representation learning with streaming inference to surface rare, high-risk behaviors in near real time. We unify heterogeneous logs through a compact event schema, learn temporal and relational patterns via deep sequence models and graph encoders, and compute calibrated anomaly scores that adapt to environment drift. The system blends unsupervised methods (autoencoders, isolation- based detectors), weakly supervised signals (heuristics, watch- lists), and supervised fine-tuning when ground truth is available. We address practical challenges such as extreme class imbalance, concept drift, noisy labels, and high-latency pipelines, and we incorporate privacy-preserving and explainability mechanisms suitable for regulated settings. Experiments on mixed enterprise- like datasets show consistent gains in precision at low false- positive rate and significant reductions in mean time to detect. We release a set of implementation guidelines covering feature design, thresholding under uncertainty, and robust evaluation for security operations (SecOps) workflows.