Securing Systems Through Log Anomaly Detection: From Traditional Learning to LLMs
摘要
This article examines recent advancements in log anomaly detection, a key factor in ensuring system reliability and security. Research is categorized into four main approaches like traditional machine learning, deep learning, transformer-based models, and other emerging methods leveraging large language models (LLMs). Evaluations across benchmark datasets such as HDFS, BGL, Thunderbird, and Spirit reveal a steady progression in detection capabilities, with LLM-based approaches generally outperforming earlier methods. Techniques like LogRAG, LLMeLog, and EagerLog achieve F1-scores above 99% on certain datasets, marking substantial improvements over traditional baselines. Current research trends include multimodal analysis, few-shot and zero-shot learning, explainable AI, lightweight models, and deeper semantic understanding of logs. These directions are increasingly important as modern systems generate massive, diverse log volumes that demand more scalable and intelligent anomaly detection solutions. However, persistent challenges like log parsing accuracy, effective feature extraction, and model adaptability to evolving log formats continue to limit performance in real-world applications. This review provides a structured overview of current methods, highlights the strengths of LLM-based techniques, and outlines promising areas for future research to advance the field of log anomaly detection.