REVIEW 11 cited by
Not yet reviewed by Pith; the record is open.
This paper has not been read by Pith yet. Machine review is queued; the pith claim, tier, and objections will appear here once it completes.
SPECIMEN: schema-true, not a live event
T0 review · schema-true
One-sentence machine reading of the paper's core claim.
pith:XXXXXXXX · record.json · timestamp
LogLLM: Log-based Anomaly Detection Using Large Language Models
read the original abstract
Software systems often record important runtime information in logs to help with troubleshooting. Log-based anomaly detection has become a key research area that aims to identify system issues through log data, ultimately enhancing the reliability of software systems. Traditional deep learning methods often struggle to capture the semantic information embedded in log data, which is typically organized in natural language. In this paper, we propose LogLLM, a log-based anomaly detection framework that leverages large language models (LLMs). LogLLM employs BERT for extracting semantic vectors from log messages, while utilizing Llama, a transformer decoder-based model, for classifying log sequences. Additionally, we introduce a projector to align the vector representation spaces of BERT and Llama, ensuring a cohesive understanding of log semantics. Unlike conventional methods that require log parsers to extract templates, LogLLM preprocesses log messages with regular expressions, streamlining the entire process. Our framework is trained through a novel three-stage procedure designed to enhance performance and adaptability. Experimental results across four public datasets demonstrate that LogLLM outperforms state-of-the-art methods. Even when handling unstable logs, it effectively captures the semantic meaning of log messages and detects anomalies accurately.
Forward citations
Cited by 11 Pith papers
-
ZERO-APT: A Closed-Loop Adversarial Framework for LLM-Driven Automated Penetration Testing under Intelligent Defense
ZERO-APT is a closed-loop framework that integrates an LLM attacker, configurable LLM defender, and judge agent to achieve 79% attack success rate, 0.860 causal consistency, and full decision auditability in penetrati...
-
LLM4Log: A Systematic Review of Large Language Model-based Log Analysis
LLM4Log is a systematic review of 145 papers on LLM-based log analysis that delivers a unified taxonomy, design patterns, and open challenges for reliable adoption in AIOps.
-
Can Large Language Models Generate Observability-Aware Code?
AI coding agents produce microservice systems where only 4.95–13.99% of injected faults generate explicit fault signals in logs, revealing a semantic observability gap that lightweight guidance only partially addresses.
-
Holmes: Multimodal Agentic Diagnosis for Mixed-Language Mobile Crashes at Industrial Scale
Holmes is a multimodal multi-agent system using a hierarchical Retrieve-Explore-Reason architecture to automate root cause analysis of mobile crashes, achieving 87.6% function-level accuracy and 98% time reduction on ...
-
Benchmarking and Exploring the Capabilities of LLMs for Attack Investigations
AuditBench is a new benchmark of audit logs from 50+ malicious and benign scenarios that evaluates five LLMs on four security investigation tasks and analyzes their performance and error profiles.
-
Sample-Efficient LLM-Based Detection of Malicious Web Server Logs with Forensically Explainable Reasoning
CEF-Log achieves 0.99 F1 on CSIC 2010 logs with four examples via expert-methodology prompting and introduces ForenWebLog dataset for explainable forensic detection.
-
Retrieval-Augmented LLMs for Security Incident Analysis
A RAG system with query-based log filtering achieves up to 94% recall in malware incident analysis and 96% attack-step detection, with ablation studies confirming the filtering step is essential.
-
NLLog: Lightweight, Explainable SOC Anomaly Detection via Log-to-Language Rewriting
NLLog rewrites log templates into WHO-WHAT-SEVERITY sentences, applies TF-IDF pooling and tree-ensemble classification with TreeSHAP back-projection, and reports better performance than two reproduced baselines on HDF...
-
DP-FlogTinyLLM: Differentially private federated log anomaly detection using Tiny LLMs
DP-FLogTinyLLM combines federated learning, differential privacy, and LoRA-tuned tiny LLMs to match centralized log anomaly detection performance on Thunderbird and BGL datasets while preserving privacy.
-
LLM4Log: A Systematic Review of Large Language Model-based Log Analysis
Systematic review of 145 papers on LLM-based log analysis, providing a unified taxonomy, common design patterns, evaluation practices, and challenges for deployment under drift and limited labels.
-
AI-Driven Security Alert Screening and Alert Fatigue Mitigation in Security Operations Centers: A Comprehensive Survey
A literature survey synthesizes 119 studies on AI-driven alert screening into a four-stage taxonomy of filtering, triage, correlation, and generative augmentation while identifying gaps in deployment realism and robustness.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.