{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,5]],"date-time":"2026-02-05T11:55:00Z","timestamp":1770292500878,"version":"3.49.0"},"reference-count":30,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T00:00:00Z","timestamp":1743033600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"},{"start":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T00:00:00Z","timestamp":1743033600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"}],"funder":[{"DOI":"10.13039\/501100003510","name":"Haridus- ja Teadusministeerium","doi-asserted-by":"publisher","award":["EXAI (TK213U10)"],"award-info":[{"award-number":["EXAI (TK213U10)"]}],"id":[{"id":"10.13039\/501100003510","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100003510","name":"Haridus- ja Teadusministeerium","doi-asserted-by":"publisher","award":["EXAI (TK213U10)"],"award-info":[{"award-number":["EXAI (TK213U10)"]}],"id":[{"id":"10.13039\/501100003510","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,6]]},"DOI":"10.1007\/s10207-025-01018-y","type":"journal-article","created":{"date-parts":[[2025,3,30]],"date-time":"2025-03-30T04:56:14Z","timestamp":1743310574000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["Using large language models for template detection from security event logs"],"prefix":"10.1007","volume":"24","author":[{"given":"Risto","family":"Vaarandi","sequence":"first","affiliation":[]},{"given":"Hayretdin","family":"Bah\u015fi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,3,27]]},"reference":[{"key":"1018_CR1","unstructured":"Splunk (2024). https:\/\/www.splunk.com\/. Accessed 10 Jul"},{"key":"1018_CR2","unstructured":"ElasticStack (2024). https:\/\/www.elastic.co\/elastic-stack. Accessed 10 Jul"},{"key":"1018_CR3","doi-asserted-by":"publisher","unstructured":"Vaarandi, R., Blumbergs, B., \u00c7al\u0131\u015fkan, E.: Simple event correlator\u2014best practices for creating scalable configurations. In: IEEE CogSIMA Conference, pp. 96\u2013100 (2015). https:\/\/doi.org\/10.1109\/COGSIMA.2015.7108181","DOI":"10.1109\/COGSIMA.2015.7108181"},{"key":"1018_CR4","unstructured":"RFC3164 (2024). https:\/\/www.ietf.org\/rfc\/rfc3164.txt. Accessed 10 Jul"},{"key":"1018_CR5","doi-asserted-by":"publisher","unstructured":"He, P., Zhu, J., Zheng, Z., Lyu, M.R.: Drain: an online log parsing approach with fixed depth tree. In: IEEE International Conference on Web Services, pp. 33\u201340 (2017). https:\/\/doi.org\/10.1109\/ICWS.2017.13","DOI":"10.1109\/ICWS.2017.13"},{"key":"1018_CR6","doi-asserted-by":"publisher","unstructured":"Tang, L., Li, T., Perng, C.-S.: LogSig: generating system events from raw textual logs. In: ACM International Conference on Information and Knowledge Management, pp. 785\u2013794 (2011). https:\/\/doi.org\/10.1145\/2063576.2063690","DOI":"10.1145\/2063576.2063690"},{"key":"1018_CR7","doi-asserted-by":"publisher","unstructured":"Makanju, A.A.O., Zincir-Heywood, A.N., Milios, E.E.: Clustering event logs using iterative partitioning. In: ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1255\u20131264 (2009). https:\/\/doi.org\/10.1145\/1557019.1557154","DOI":"10.1145\/1557019.1557154"},{"key":"1018_CR8","doi-asserted-by":"publisher","unstructured":"Du, M., Li, F.: Spell: streaming parsing of system event logs. In: IEEE International Conference on Data Mining, pp. 859\u2013864 (2016). https:\/\/doi.org\/10.1109\/ICDM.2016.0103","DOI":"10.1109\/ICDM.2016.0103"},{"key":"1018_CR9","doi-asserted-by":"publisher","unstructured":"Jiang, Z.M., Hassan, A.E., Flora, P., Hamann, G.: Abstracting execution logs to execution events for enterprise applications. In: International Conference on Quality Software, pp. 181\u2013186 (2008). https:\/\/doi.org\/10.1109\/QSIC.2008.50","DOI":"10.1109\/QSIC.2008.50"},{"key":"1018_CR10","doi-asserted-by":"publisher","unstructured":"Fu, Q., Lou, J.-G., Wang, Y., Li, J.: Execution anomaly detection in distributed systems through unstructured log analysis. In: IEEE International Conference on Data Mining, pp. 149\u2013158 (2009). https:\/\/doi.org\/10.1109\/ICDM.2009.60","DOI":"10.1109\/ICDM.2009.60"},{"key":"1018_CR11","unstructured":"Shima, K.: Length matters: clustering system log messages using length of words (2016). https:\/\/arxiv.org\/abs\/1611.03213"},{"key":"1018_CR12","doi-asserted-by":"publisher","unstructured":"Vaarandi, R., Pihelgas, M.: LogCluster\u2014a data clustering and pattern mining algorithm for event logs. In: International Conference on Network and Service Management, pp. 1\u20137 (2015). https:\/\/doi.org\/10.1109\/CNSM.2015.7367331","DOI":"10.1109\/CNSM.2015.7367331"},{"key":"1018_CR13","doi-asserted-by":"publisher","unstructured":"Vaarandi, R.: A data clustering algorithm for mining patterns from event logs. In: IEEE Workshop on IP Operations and Management, pp. 119\u2013126 (2003). https:\/\/doi.org\/10.1109\/IPOM.2003.1251233","DOI":"10.1109\/IPOM.2003.1251233"},{"key":"1018_CR14","doi-asserted-by":"publisher","unstructured":"Nagappan, M., Vouk, M.A.: Abstracting log lines to log event types for mining software system logs. In: IEEE Working Conference on Mining Software Repositories, pp. 114\u2013117 (2010). https:\/\/doi.org\/10.1109\/MSR.2010.5463281","DOI":"10.1109\/MSR.2010.5463281"},{"key":"1018_CR15","doi-asserted-by":"publisher","unstructured":"Hamooni, H., Debnath, B., Xu, J., Zhang, H., Jiang, G., Mueen, A.: LogMine: fast pattern recognition for log analytics. In: ACM International on Conference on Information and Knowledge Management, pp. 1573\u20131582 (2016). https:\/\/doi.org\/10.1145\/2983323.2983358","DOI":"10.1145\/2983323.2983358"},{"key":"1018_CR16","doi-asserted-by":"publisher","unstructured":"Messaoudi, S., Panichella, A., Bianculli, D., Briand, L., Sasnauskas, R.: A search-based approach for accurate identification of log message formats. In: Conference on Program Comprehension, pp. 167\u2013177 (2018). https:\/\/doi.org\/10.1145\/3196321.3196340","DOI":"10.1145\/3196321.3196340"},{"key":"1018_CR17","doi-asserted-by":"publisher","unstructured":"Mizutani, M.: Incremental mining of system log format. In: IEEE International Conference on Services Computing, pp. 595\u2013602 (2013). https:\/\/doi.org\/10.1109\/SCC.2013.73","DOI":"10.1109\/SCC.2013.73"},{"issue":"3","key":"1018_CR18","doi-asserted-by":"publisher","first-page":"879","DOI":"10.1109\/TSE.2020.3007554","volume":"48","author":"H Dai","year":"2020","unstructured":"Dai, H., Li, H., Chen, C.-S., Shang, W., Chen, T.-H.: Logram: efficient log parsing using n-gram dictionaries. IEEE Trans. Softw. Eng. 48(3), 879\u2013892 (2020). https:\/\/doi.org\/10.1109\/TSE.2020.3007554","journal-title":"IEEE Trans. Softw. Eng."},{"key":"1018_CR19","doi-asserted-by":"publisher","unstructured":"Ma, Z., Chen, A.R., Kim, D.J., Chen, T.-H., Wang, S.: LLMParser: an exploratory study on using large language models for log parsing. In: International Conference on Software Engineering, Article 99 (2024). https:\/\/doi.org\/10.1145\/3597503.3639150","DOI":"10.1145\/3597503.3639150"},{"key":"1018_CR20","doi-asserted-by":"publisher","unstructured":"Xu, J., Yang, R., Huo, Y., Zhang, C., He, P.: DivLog: log parsing with prompt enhanced in-context learning. In: International Conference on Software Engineering, Article 199 (2024). https:\/\/doi.org\/10.1145\/3597503.3639155","DOI":"10.1145\/3597503.3639155"},{"key":"1018_CR21","doi-asserted-by":"publisher","unstructured":"Le, V.-H., Zhang, H.: Log parsing with prompt-based few-shot learning. In: International Conference on Software Engineering, pp. 2438\u20132449 (2023). https:\/\/doi.org\/10.1109\/ICSE48619.2023.00204","DOI":"10.1109\/ICSE48619.2023.00204"},{"key":"1018_CR22","doi-asserted-by":"publisher","unstructured":"Jiang, Z., Liu, J., Chen, Z., Li, Y., Huang, J., Huo, Y., He, P., Gu, J., Lyu, M.R.: LILAC: log parsing using LLMs with adaptive parsing cache. In: International Conference on the Foundations of Software Engineering, pp. 137\u2013160 (2024). https:\/\/doi.org\/10.1145\/3643733","DOI":"10.1145\/3643733"},{"key":"1018_CR23","doi-asserted-by":"crossref","unstructured":"Huang, J., Jiang, Z., Chen, Z., Lyu, M.R.: LUNAR: unsupervised LLM-based log parsing (2024). https:\/\/arxiv.org\/abs\/2406.07174v2","DOI":"10.1145\/3729377"},{"key":"1018_CR24","doi-asserted-by":"publisher","unstructured":"Zhu, J., He, S., Liu, J., He, P., Xie, Q., Zheng, Z., Lyu, M.R.: Tools and benchmarks for automated log parsing. In: International Conference on Software Engineering: Software Engineering in Practice, pp. 121\u2013130 (2019). https:\/\/doi.org\/10.1109\/ICSE-SEIP.2019.00021","DOI":"10.1109\/ICSE-SEIP.2019.00021"},{"key":"1018_CR25","doi-asserted-by":"publisher","unstructured":"Khan, Z.A., Shin, D., Bianculli, D., Briand, L.: Guidelines for assessing the accuracy of log message template identification techniques. In: International Conference on Software Engineering, pp. 1095\u20131106 (2022). https:\/\/doi.org\/10.1145\/3510003.3510101","DOI":"10.1145\/3510003.3510101"},{"key":"1018_CR26","doi-asserted-by":"publisher","unstructured":"Gasimov, O., Vaarandi, R., Pihelgas, M.: Comparative analysis of pattern mining algorithms for event logs. In: IEEE International Conference on Cyber Security and Resilience, pp. 1\u20137 (2023). https:\/\/doi.org\/10.1109\/CSR57506.2023.10224996","DOI":"10.1109\/CSR57506.2023.10224996"},{"key":"1018_CR27","doi-asserted-by":"publisher","unstructured":"Zhu, J., He, S., He, P., Liu, J., Lyu, M.R.: Loghub: a large collection of system log datasets for AI-driven log analytics. In: International Symposium on Software Reliability Engineering, pp. 355\u2013366 (2023). https:\/\/doi.org\/10.1109\/ISSRE59848.2023.00071","DOI":"10.1109\/ISSRE59848.2023.00071"},{"key":"1018_CR28","unstructured":"Wang, G., Cheng, S., Zhan, X., Li, X., Song, S., Liu, Y.: OpenChat: advancing open-source language models with mixed-quality data. In: International Conference on Learning Representations (2024). https:\/\/arxiv.org\/pdf\/2309.11235"},{"key":"1018_CR29","unstructured":"Mistral (2024). https:\/\/mistral.ai\/news\/announcing-mistral-7b\/. Accessed 10 Jul"},{"key":"1018_CR30","unstructured":"Wizardlm2 (2024). https:\/\/wizardlm.github.io\/WizardLM2\/. Accessed 10 Jul"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01018-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-01018-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01018-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,21]],"date-time":"2025-06-21T10:11:59Z","timestamp":1750500719000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-01018-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,3,27]]},"references-count":30,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2025,6]]}},"alternative-id":["1018"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-01018-y","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,3,27]]},"assertion":[{"value":"27 March 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}],"article-number":"104"}}