Miguel Areias

• Home
• Publications
• Talks
• Teaching

Large Language Model Framework for Log Sequence Anomaly Detection

Abstract

Log analysis is fundamental to modern software observability systems, playing a key role in improving system reliability. Recently, there has been a growing adoption of Large Language Models (LLMs) for log anomaly detection, due to their ability to learn complex patterns. In this work, we propose a model-agnostic framework that allows seamless plug-and-play integration of different LLMs, making it easy to experiment with and select the model that fits specific needs. These models are first fine-tuned on normal log data, learning their patterns. During inference, the model predicts the most probable next tokens based on the preceding context in each sequence. Anomaly detection is performed using Top-K predictions, where sequences are flagged as anomalous if the actual log entry does not appear among the K most probable next tokens, with K determined using the validation dataset. Experimental results demonstrate that our framework outperforms state-of-the-art approaches on the most commonly used datasets in the field. The proposed framework is evaluated on three widely-used benchmark datasets - HDFS, BGL, and Thunderbird - where it consistently achieves competitive results, outperforming state-of-the-art methods in multiple scenarios. These results highlight the effectiveness of LLM-based log analysis and the importance of flexibility when selecting models for specific operational contexts. The work also demonstrates the practical relevance of incorporating modern AI techniques into enterprise observability pipelines, paving the way for more scalable, adaptable, and intelligent log analysis systems.

Bibtex

@InProceedings{reis-epia25,
  author =    {Reis, João and Areias, Miguel and G. Barbosa, Jorge},
  editor =    {Valente de Oliveira, José and Leite, João and Rodrigues, João 
              and Dias, João and Cardoso, Pedro},
  title =     {{Large Language Model Framework for Log Sequence Anomaly Detection}},
  booktitle = {Progress in Artificial Intelligence. 24th EPIA Conference on 
              Artificial Intelligence (EPIA 2025)},
  year =      {2026},
  publisher = {Springer Nature Switzerland},
  pages =     {324--334},
  isbn =      {978-3-032-05176-9}
  volume =    {16121},
  series =    {LNAI},
  note =      {(First online: September 2025)}
}

Download Paper

PDF file
Springer

© 2025 Miguel Areias
Template design by Andreas Viklund