A Survey on Log Anomaly Detection Methods Based on Large Language Models

doi:10.19678/j.issn.1000-3428.0270211

Abstract

Abstract: As the scale and complexity of complex intelligent systems represented by high-performance computing systems and embedded systems continue to grow, automated anomaly detection of logs, as core operational data, has become critical to ensuring reliable system operation. Traditional log anomaly detection methods driven by machine learning and deep learning focus mostly on log sequence modeling, and suffer from insufficient semantic understanding and limited generalization ability. Large language models have effectively overcome this limitation with their outstanding semantic understanding and contextual reasoning capabilities. Since the rise of large language model technology, relevant research has emerged rapidly, but achievements are scattered across multiple technical paths and lack a systematic review. This paper provides a comprehensive survey of log anomaly detection methods based on large language models, selects 35 core literatures, and establishes a unified technical classification framework. Existing methods are categorized into five technical routes: prompt engineering, retrieval-augmented generation, domain fine-tuning, reinforcement learning, and large-small model collaboration. Research shows that supervised fine-tuning is the most widely used technical route at present, while the large-small model collaborative architecture, as an emerging paradigm, is shifting the research focus from pure pursuit of detection accuracy to balancing inference efficiency and industrial deployability. Current evaluation systems focus heavily on detection performance metrics, with insufficient attention to efficiency overhead and interpretability. Finally, this paper identifies the inference latency bottlenecks and data privacy challenges of large language models in processing ultra-long massive log streams, and proposes insights into frontier directions such as lightweight deployment and online continuous learning.

摘要： 随着以高性能计算系统、嵌入式系统为代表的复杂智能系统规模与复杂度攀升，日志作为核心运维数据，其自动化异常检测已成为保障系统可靠运行的关键。传统机器学习与深度学习驱动的日志异常检测方法，多侧重日志序列建模，存在语义理解能力不足、泛化性能受限的问题。大语言模型凭借卓越的语义理解与上下文推理能力，有效突破了这一局限，自大语言模型技术兴起以来相关研究快速涌现，但成果分散于多条技术路径，尚未形成系统性梳理。本文针对基于大语言模型的日志异常检测方法开展全面综述，筛选纳入35篇核心文献，构建统一的技术分类框架，将现有方法归纳为提示工程、检索增强生成、领域微调、强化学习与大小模型协作五类技术路线。研究分析发现监督微调是当前应用最广泛的技术路线，而大小模型协同架构作为新兴范式，正推动研究重心从单纯追求检测精度向兼顾推理效率与工业可部署性转变；现有评估体系高度集中于检测性能指标，对效率开销与可解释性的关注存在不足。最后，本文揭示了大语言模型在处理超长海量日志流时的推理延迟瓶颈与数据隐私挑战，并针对轻量化部署与在线持续学习等前沿方向提出了见解。

CHEN Xin, SUN Yicheng, TAN Cheng. A Survey on Log Anomaly Detection Methods Based on Large Language Models[J]. Computer Engineering, doi: 10.19678/j.issn.1000-3428.0270211.

陈昕, 孙溢成, 谈诚. 基于大语言模型的日志异常检测方法综述[J]. 计算机工程, doi: 10.19678/j.issn.1000-3428.0270211.

/ Recommend / Download Citations

URL: https://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0270211

References

[1] 苏娜,裴厚清,徐力,等.基于双粒度时空建模的日志异常检测方法[J/OL].计算机工程,1-14[2026-01-19].https://doi.org/10.19678/j.issn.1000-3428.0252847. SU Na, PEI Houqing, XU Li, et al. Log Anomaly Detection Method Based on Dual-Granularity Spatiotemporal Modeling[J/OL]. Computer Engineering, 1-14[2026-01-19]. https://doi.org/10.19678/j.issn.1000-3428.0252847. (in Chinese)
[2] Zhen L, Kamarudin N H, Kok V J, et al. Anomaly detection model in network security situational awareness based on machine learning: Limitation, techniques, future trends[J]. IEEE Access, 2025.
[3] Paparrizos J, Boniol P, Liu Q, et al. Advances in time-series anomaly detection: Algorithms, benchmarks, and evaluation measures[C]//Proceedings of the 31st ACM SIGKDD conference on knowledge discovery and data mining v. 2. 2025: 6151-6161.
[4] Du M, Li F, Zheng G, et al. Deeplog: Anomaly detection and diagnosis from system logs through deep learning[C]//Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. 2017: 1285-1298.
[5] 孙嘉,张建辉,卜佑军,等.基于CNN-BiLSTM模型的日志异常检测方法[J].计算机工程,2022,48(07):151-158+167.DOI:10.19678/j.issn.1000-3428.0061750. SUN Jia, ZHANG Jianhui, BU Youjun, et al. Log Anomaly Detection Method Based on CNN-BiLSTM Model[J]. Computer Engineering, 2022, 48(07): 151-158+167. DOI:10.19678/j.issn.1000-3428.0061750. (in Chinese)
[6] 杨瑞朋,屈丹,朱少卫,等.基于改进时间卷积网络的日志序列异常检测[J].计算机工程,2020,46(08):50-57.DOI:10.19678/j.issn.1000-3428.0055553. YANG Ruipeng, QU Dan, ZHU Shaowei, et al. Log Sequence Anomaly Detection Based on Improved Temporal Convolutional Network[J]. Computer Engineering, 2020, 46(08): 50-57. DOI:10.19678/j.issn.1000-3428.0055553. (in Chinese)
[7] 杜诗晴,王鹏,汪卫.一种基于MDL的日志序列模式挖掘算法[J].计算机工程,2021,47(02):118-125.DOI:10.19678/j.issn.1000-3428.0057181. DU Shiqing, WANG Peng, WANG Wei. A Log Sequence Pattern Mining Algorithm Based on MDL[J]. Computer Engineering, 2021, 47(02): 118-125. DOI:10.19678/j.issn.1000-3428.0057181. (in Chinese)
[8] 张弼铖,张晨曦,彭鑫,等.基于大语言模型的在线服务系统故障诊断研究综述[J/OL].计算机应用与软件,1-11[2026-01-23].https://link.cnki.net/urlid/31.1260.TP.20250421.1435.006. ZHANG Bicheng, ZHANG Chenxi, PENG Xin, et al. A Review of Fault Diagnosis Research for Online Service Systems Based on Large Language Models[J/OL]. Computer Applications and Software, 1-11[2026-01-23]. https://link.cnki.net/urlid/31.1260.TP.20250421.1435.006. (in Chinese)
[9] Han X, Yuan S, Trabelsi M. Loggpt: Log anomaly detection via gpt[C]//2023 IEEE International Conference on Big Data (BigData). IEEE, 2023: 1117-1122.
[10] Egersdoerfer C, Zhang D, Dai D. Early exploration of using chatgpt for log-based anomaly detection on parallel file systems logs[C]//Proceedings of the 32nd International Symposium on High-Performance Parallel and Distributed Computing. 2023: 315-316.
[11] Qi J, Huang S, Luan Z, et al. Loggpt: Exploring chatgpt for log-based anomaly detection[C]//2023 IEEE International Conference on High Performance Computing & Communications, Data Science & Systems, Smart City & Dependability in Sensor, Cloud & Big Data Systems & Application (HPCC/DSS/SmartCity/DependSys). IEEE, 2023: 273-280.
[12] Liu Y, Tao S, Meng W, et al. Interpretable online log analysis using large language models with prompt strategies[C]//Proceedings of the 32nd IEEE/ACM International Conference on Program Comprehension. 2024: 35-46.
[13] Fariha A, Gharavian V, Makrehchi M, et al. Log anomaly detection by leveraging LLM-Based parsing and embedding with attention mechanism[C]//2024 IEEE Canadian Conference on Electrical and Computer Engineering (CCECE). IEEE, 2024: 859-863.
[14] Ren H, Lan K, Sun Z, et al. CLogLLM: A Large Language Model Enabled Approach to Cybersecurity Log Anomaly Analysis[C]//2024 4th International Conference on Electronic Information Engineering and Computer Communication (EIECC). IEEE, 2024: 963-970.
[15] Zhang W, Zhang Q, Yu E, et al. Leveraging RAG-Enhanced Large Language Model for Semi-Supervised Log Anomaly Detection[C]//2024 IEEE 35th International Symposium on Software Reliability Engineering (ISSRE). IEEE, 2024: 168-179.
[16] He M, Jia T, Duan C, et al. Llmelog: An approach for anomaly detection based on llm-enriched log events[C]//2024 IEEE 35th International Symposium on Software Reliability Engineering (ISSRE). IEEE, 2024: 132-143.
[17] Karlsen E, Luo X, Zincir-Heywood N, et al. Benchmarking large language models for log analysis, security, and interpretation[J]. Journal of Network and Systems Management, 2024, 32(3): 59.
[18] Jin H, Papadimitriou G, Raghavan K, et al. Large language models for anomaly detection in computational workflows: from supervised fine-tuning to in-context learning[C]//SC24: International Conference for High Performance Computing, Networking, Storage and Analysis. IEEE, 2024: 1-17.
[19] Guan W, Cao J, Qian S, et al. Logllm: Log-based anomaly detection using large language models[J]. arXiv preprint arXiv:2411.08561, 2024.
[20] Pan J, Liang W S, Yidi Y. Raglog: Log anomaly detection using retrieval augmented generation[C]//2024 IEEE World Forum on Public Safety Technology (WFPST). IEEE, 2024: 169-174.
[21] Ji Y, Liu Y, Yao F, et al. Adapting large language models to log analysis with interpretable domain knowledge[C]//Proceedings of the 34th ACM International Conference on Information and Knowledge Management. 2025: 1135-1144.
[22] Li X, Huo Y, Mao C, et al. AnomalyGen: An Automated Semantic Log Sequence Generation Framework with LLM for Anomaly Detection[J]. arXiv preprint arXiv:2504.12250, 2025.
[23] Reis J, Areias M, G. Barbosa J. Large Language Model Framework for Log Sequence Anomaly Detection[C]//EPIA Conference on Artificial Intelligence. Cham: Springer Nature Switzerland, 2025: 324-334.
[24] Xiao P, Jia T, Duan C, et al. CLSLog: Collaborating Large and Small Models for Log-based Anomaly Detection[C]//Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering. 2025: 686-690.
[25] Duan C, Jia T, Yang Y, et al. EagerLog: Active Learning Enhanced Retrieval Augmented Generation for Log-based Anomaly Detection[C]//ICASSP 2025-2025 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE, 2025: 1-5.
[26] Sui Y, Wang X, Cui T, et al. Bridging the gap: Llm-powered transfer learning for log anomaly detection in new software systems[C]//2025 IEEE 41st International Conference on Data Engineering (ICDE). IEEE, 2025: 4414-4427.
[27] Pospieszny P, Mormul W, Szyndler K, et al. ADALog: Adaptive Unsupervised Anomaly detection in Logs with Self-attention Masked Language Model[J]. arXiv preprint arXiv:2505.13496, 2025.
[28] Horváth A, Oláh A, Pintér A, et al. Anomaly Detection Algorithms for Real-Time Log Data Analysis at Scale[J]. IEEE Access, 2025.
[29] Yang Z, Harris I G. LogLLaMA: Transformer-based log anomaly detection with LLaMA[J]. arXiv preprint arXiv:2503.14849, 2025.
[30] Ma L, Li Y, Yang W, et al. LogReasoner: Empowering LLMs with Expert-like Coarse-to-Fine Reasoning for Automated Log Analysis[J]. arXiv preprint arXiv:2509.20798, 2025.
[31] Ocansey I T, Bhattacharya R, Sen T. LogTinyLLM: Tiny Large Language Models Based Contextual Log Anomaly Detection[J]. arXiv preprint arXiv:2507.11071, 2025.
[32] Xu S, Liu Y, He M, et al. RationAnomaly: Log Anomaly Detection with Rationality via Chain-of-Thought and Reinforcement Learning[J]. arXiv preprint arXiv:2509.14693, 2025.
[33] Liu Y, Chen Z, Xu S, et al. R-Log: Incentivizing Log Analysis Capability in LLMs via Reasoning-based Reinforcement Learning[J]. arXiv preprint arXiv:2509.25987, 2025.
[34] Hadadi F, Xu Q, Bianculli D, et al. LLM meets ML: Data-efficient Anomaly Detection on Unstable Logs[J]. ACM Transactions on Software Engineering and Methodology, 2025.
[35] Zhu X, Tang X, Wu S, et al. CoLA: Model Collaboration for Log-based Anomaly Detection[J]. Proceedings of the VLDB Endowment, 2025, 18(11): 3979-3987.
[36] Zhang L, Jia T, Jia M, et al. XRAGLog: A Resource-Efficient and Context-Aware Log-Based Anomaly Detection Method Using Retrieval-Augmented Generation[C]//AAAI 2025 Workshop on Preventing and Detecting LLM Misinformation (PDLM). 2025.
[37] Cui T, Ma S, Chen Z, et al. LogEval: A comprehensive benchmark suite for LLMs in log analysis[J]. Empirical Software Engineering, 2025, 30(6): 173.
[38] Liu Y, Ji Y, Tao S, et al. Loglm: From task-based to instruction-based automated log analysis[C]//2025 IEEE/ACM 47th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP). IEEE, 2025: 401-412.
[39] Ma L, Yang W, Li Y, et al. Adaptivelog: An adaptive log analysis framework with the collaboration of large and small language model[J]. ACM Transactions on Software Engineering and Methodology, 2025.
[40] Zhang Z, Li S, Zhang L, et al. LLM-LADE: Large language model-based log anomaly detection with explanation[J]. Knowledge-Based Systems, 2025, 326: 114064.
[41] Qiu K, Zhang Y, Feng Y, et al. Loganomex: An unsupervised log anomaly detection method based on electra-dp and gated bilinear neural networks[J]. Journal of Network and Systems Management, 2025, 33(2): 33.
[42] Peng A, Chathoth A K, Lee S. Log anomaly detection with large language models via knowledge-enriched fusion[J]. arXiv preprint arXiv:2512.11997, 2025.
[43] Ye J, Liu C, Gu Z, et al. LogOW: A semi-supervised log anomaly detection model in open-world setting[J]. Journal of Systems and Software, 2025, 222: 112305.
[44] 钟忺,陈亮,刘文璇,等.时空语义驱动的渐进多视角行为去偏置研究[J].计算机工程,2025,51(01):1-10.DOI:10.19678/j.issn.1000-3428.0069307. ZHONG Xian, CHEN Liang, LIU Wenxuan, et al. Research on Progressive Multi-View Behavior Debiasing Driven by Spatiotemporal Semantics[J]. Computer Engineering, 2025, 51(01): 1-10. DOI:10.19678/j.issn.1000-3428.0069307. (in Chinese)

Please choose a citation manager

Content to export