Knowledge-Augmented Log Anomaly Detection with Large Language Models
Log anomaly detection is critical for maintaining system reliability, yet existing large language model (LLM)-based methods suffer from limited accuracy, high computational costs, and poor explainability. In this paper, we introduce LogPipe, a novel framework that enhances LLM-based log anomaly detection by integrating a dynamic knowledge base. LogPipe constructs a knowledge base using discrete and semantic log patterns, augmented by dynamic patterns that are generated by a sentiment dictionary and frequent pattern mining. During inference, log sequences are matched against the knowledge base to provide specific guidance to the LLM, improving detection accuracy and generating detailed explanations. A continuous update mechanism ensures the knowledge base remains relevant while minimizing redundant LLM queries, significantly reducing inference costs. Evaluated on eight public datasets, LogPipe achieves an average F1 score of 97.5%, outperforming state-of-the-art models, with reduced token consumption. Additionally, LogPipe excels in fault localization, which enhances the explainability of detected anomalies.
Fri 17 AprDisplayed time zone: Brasilia, Distrito Federal, Brazil change
16:00 - 17:30 | AI for Software Engineering 28Journal-first Papers / New Ideas and Emerging Results (NIER) / Research Track / SE in Society (SEIS) at Europa II Chair(s): Daye Nam University of California, Irvine | ||
16:00 15mTalk | ConfLogger: Enhance Systems' Configuration Diagnosability through Configuration Logging Research Track Shiwen Shan Sun Yat-sen University, Yintong Huo Singapore Management University, Singapore, Yuxin Su Sun Yat-sen University, Zhining Wang Sun Yat-sen University, Dan Li Sun Yat-sen University, Zibin Zheng Sun Yat-sen University Media Attached | ||
16:15 15mTalk | Towards Better Linux Kernel Fault Localization: Leveraging Contrastive Reasoning and Hierarchical Context Analysis Research Track Haichi Wang College of Intelligence and Computing, Tianjin University, Ruiguo Yu College of Intelligence and Computing, Tianjin University, Yesong Pang College of Intelligence and Computing, Tianjin University, Yingquan Zhao Tianjin University, Junjie Chen Tianjin University, Jiajun Jiang Tianjin University, Zan Wang Tianjin University | ||
16:30 15mTalk | LLM meets ML: Data-efficient Anomaly Detection on Unstable Logs Journal-first Papers Fatemeh (Bahar) Hadadi University of Ottawa, Xu Qinghua Research Ireland Lero Centre for Software, University of Limerick Limerick, Domenico Bianculli University of Luxembourg, Lionel Briand University of Ottawa, Canada; Lero centre, University of Limerick, Ireland Link to publication DOI Pre-print | ||
16:45 15mTalk | Generality Is Not Enough: Zero-Label Cross-System Log-Based Anomaly Detection via Knowledge-Level Collaboration New Ideas and Emerging Results (NIER) Xinlong Zhao School of Software and Microelectronics, Peking University, Tong Jia Institute for Artificial Intelligence, Peking University, Beijing, China, Minghua He Peking University, Ying Li School of Software and Microelectronics, Peking University, Beijing, China | ||
17:00 15mTalk | Knowledge-Augmented Log Anomaly Detection with Large Language Models Research Track Yongliang Tao Chongqing University, Hongyu Zhang Chongqing University, Van-Hoang Le University of Luxembourg, Luxembourg, Yi Xiao Chongqing University | ||
17:15 15mTalk | FairRF: Multi-Objective Search for Single and Intersectional Software Fairness SE in Society (SEIS) Giordano d'Aloisio University of L'Aquila, Max Hort Simula Research Laboratory, Rebecca Moussa University College London, Federica Sarro University College London Pre-print | ||