Abstract
In modern IT systems and computer networks, real-time and offline event log analysis is a crucial part of cyber security monitoring. In particular, event log analysis techniques are essential for the timely detection of cyber attacks and for assisting security experts with the analysis of past security incidents. The detection of line patterns or templates from unstructured textual event logs has been identified as an important task of event log analysis since detected templates represent event types in the event log and prepare the logs for downstream online or offline security monitoring tasks. During the last 2 decades, a number of template mining algorithms have been proposed. However, many proposed algorithms rely on traditional data mining techniques, and the usage of Large Language Models (LLMs) has received less attention so far. Also, most approaches that harness LLMs are supervised, and unsupervised LLM-based template mining remains an understudied area. The current paper addresses this research gap and investigates the application of LLMs for unsupervised detection of templates from unstructured security event logs.
| Original language | English (US) |
|---|---|
| Article number | 104 |
| Journal | International Journal of Information Security |
| Volume | 24 |
| Issue number | 3 |
| DOIs | |
| State | Published - Jun 2025 |
Keywords
- LLM-based template detection from security event logs
- LLMs for cyber security
- LLMs for event log analysis
- Security event log analysis
- Template detection from event logs
ASJC Scopus subject areas
- Software
- Information Systems
- Safety, Risk, Reliability and Quality
- Computer Networks and Communications