LogLLaMA: Transformer-based log anomaly detection with LLaMA
This work addresses log anomaly detection for system monitoring, presenting an incremental improvement by applying a transformer-based LLM with reinforcement learning to existing datasets.
The paper tackles log anomaly detection by proposing LogLLaMA, a framework that fine-tunes LLaMA2 on normal log messages and uses reinforcement learning to identify anomalies, achieving state-of-the-art performance on BGL, Thunderbird, and HDFS datasets.
Log anomaly detection refers to the task that distinguishes the anomalous log messages from normal log messages. Transformer-based large language models (LLMs) are becoming popular for log anomaly detection because of their superb ability to understand complex and long language patterns. In this paper, we propose LogLLaMA, a novel framework that leverages LLaMA2. LogLLaMA is first finetuned on normal log messages from three large-scale datasets to learn their patterns. After finetuning, the model is capable of generating successive log messages given previous log messages. Our generative model is further trained to identify anomalous log messages using reinforcement learning (RL). The experimental results show that LogLLaMA outperforms the state-of-the-art approaches for anomaly detection on BGL, Thunderbird, and HDFS datasets.