The reviewed record of science sign in
Pith

arxiv: 2311.14519 · v1 · pith:N22VTQJP · submitted 2023-11-24 · cs.NI

Benchmarking Large Language Models for Log Analysis, Security, and Interpretation

Reviewed by Pithpith:N22VTQJPopen to challenge →

classification cs.NI
keywords analysislanguagemodelsapplicationbenchmarkeddemonstratedifferentdistilroberta
0
0 comments X
read the original abstract

Large Language Models (LLM) continue to demonstrate their utility in a variety of emergent capabilities in different fields. An area that could benefit from effective language understanding in cybersecurity is the analysis of log files. This work explores LLMs with different architectures (BERT, RoBERTa, DistilRoBERTa, GPT-2, and GPT-Neo) that are benchmarked for their capacity to better analyze application and system log files for security. Specifically, 60 fine-tuned language models for log analysis are deployed and benchmarked. The resulting models demonstrate that they can be used to perform log analysis effectively with fine-tuning being particularly important for appropriate domain adaptation to specific log types. The best-performing fine-tuned sequence classification model (DistilRoBERTa) outperforms the current state-of-the-art; with an average F1-Score of 0.998 across six datasets from both web application and system log sources. To achieve this, we propose and implement a new experimentation pipeline (LLM4Sec) which leverages LLMs for log analysis experimentation, evaluation, and analysis.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Policy-Guided Threat Hunting: An LLM enabled Framework with Splunk SOC Triage

    cs.CR 2026-03 unverdicted novelty 4.0

    An integrated framework using autoencoders, deep reinforcement learning, and LLMs automates risk-based prioritization and contextual analysis of suspicious network traffic within Splunk SOC environments.