{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,10]],"date-time":"2026-04-10T16:41:52Z","timestamp":1775839312532,"version":"3.50.1"},"reference-count":33,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2024,6,13]],"date-time":"2024-06-13T00:00:00Z","timestamp":1718236800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,6,13]],"date-time":"2024-06-13T00:00:00Z","timestamp":1718236800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Netw Syst Manage"],"published-print":{"date-parts":[[2024,7]]},"DOI":"10.1007\/s10922-024-09831-x","type":"journal-article","created":{"date-parts":[[2024,6,13]],"date-time":"2024-06-13T15:03:15Z","timestamp":1718290995000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":42,"title":["Benchmarking Large Language Models for Log Analysis, Security, and Interpretation"],"prefix":"10.1007","volume":"32","author":[{"given":"Egil","family":"Karlsen","sequence":"first","affiliation":[]},{"given":"Xiao","family":"Luo","sequence":"additional","affiliation":[]},{"given":"Nur","family":"Zincir-Heywood","sequence":"additional","affiliation":[]},{"given":"Malcolm","family":"Heywood","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,6,13]]},"reference":[{"key":"9831_CR1","doi-asserted-by":"publisher","unstructured":"He, P., Zhu, J., Zheng, Z., Lyu, M.R.: Drain: an online log parsing approach with fixed depth tree. In: 2017 IEEE International Conference on Web Services (ICWS), 2017, pp. 33\u201340 (2017). https:\/\/doi.org\/10.1109\/ICWS.2017.13","DOI":"10.1109\/ICWS.2017.13"},{"key":"9831_CR2","doi-asserted-by":"publisher","DOI":"10.2172\/1113394","volume-title":"Classification of HTTP Attacks: A Study on the ECML\/PKDD 2007 Discovery challenge","author":"B Gallagher","year":"2009","unstructured":"Gallagher, B., Eliassi-Rad, T.: Classification of HTTP Attacks: A Study on the ECML\/PKDD 2007 Discovery challenge. Lawrence Livermore National Laboratory, Livermore (2009)"},{"key":"9831_CR3","doi-asserted-by":"publisher","unstructured":"Boffa, M., Milan, G., Vassio, L., Drago, I., Mellia, M., Ben Houidi, Z.: Towards NLP-based processing of honeypot logs. In: 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW), 2022, pp. 314\u2013321 (2022). https:\/\/doi.org\/10.1109\/EuroSPW55150.2022.00038","DOI":"10.1109\/EuroSPW55150.2022.00038"},{"key":"9831_CR4","doi-asserted-by":"crossref","unstructured":"Karlsen, E., Copstein, R., Luo, X., Schwartzentruber, J., Niblett, B., Johnston, A., Heywood, M.I., Zincir-Heywood, N.: Exploring semantic vs. syntactic features for unsupervised learning on application log files. In: 2023 7th Cyber Security in Networking Conference (CSNet), 2023, pp. 1\u20137. nPress (2023)","DOI":"10.1109\/CSNet59123.2023.10339765"},{"key":"9831_CR5","doi-asserted-by":"publisher","unstructured":"Nguyen, H.T., Franke, K.: Adaptive intrusion detection system via online machine learning. In: 2012 12th International Conference on Hybrid Intelligent Systems (HIS), 2012, pp. 271\u2013277 (2012). https:\/\/doi.org\/10.1109\/HIS.2012.6421346","DOI":"10.1109\/HIS.2012.6421346"},{"issue":"4","key":"9831_CR6","doi-asserted-by":"publisher","first-page":"352","DOI":"10.1049\/iet-ifs.2018.5404","volume":"13","author":"A Moradi Vartouni","year":"2019","unstructured":"Moradi Vartouni, A., Teshnehlab, M., Sedighian Kashi, S.: Leveraging deep neural networks for anomaly-based web application firewall. IET Inf. Secur. 13(4), 352\u2013361 (2019)","journal-title":"IET Inf. Secur."},{"key":"9831_CR7","doi-asserted-by":"publisher","unstructured":"Bhatnagar, M., Rozinaj, G., Yadav, P.K.: Web intrusion classification system using machine learning approaches. In: 2022 International Symposium ELMAR, 2022, pp. 57\u201360 (2022). https:\/\/doi.org\/10.1109\/ELMAR55880.2022.9899790","DOI":"10.1109\/ELMAR55880.2022.9899790"},{"key":"9831_CR8","doi-asserted-by":"crossref","unstructured":"Farzad, A., Gulliver, T.A.: Log Message Anomaly Detection and Classification Using Auto-B\/LSTM and Auto-GRU (2021)","DOI":"10.31224\/osf.io\/d4e6a"},{"key":"9831_CR9","doi-asserted-by":"publisher","unstructured":"T\u00fcmer Sivri, T., Pervan Akman, N., Berkol, A., Peker, C.: Web intrusion detection using character level machine learning approaches with upsampled data. In: Communication Papers of the 17th Conference on Computer Science and Intelligence Systems, pp. 269\u2013274 (2022). https:\/\/doi.org\/10.15439\/2022F147","DOI":"10.15439\/2022F147"},{"key":"9831_CR10","unstructured":"Adhikari, A., Bal, B.K.: Machine learning technique for intrusion detection in the field of the intrusion detection system (2023)"},{"issue":"1\u20132","key":"9831_CR11","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1515\/itit-2021-0064","volume":"64","author":"R Copstein","year":"2022","unstructured":"Copstein, R., Karlsen, E., Schwartzentruber, J., Zincir-Heywood, N., Heywood, M.: Exploring syntactical features for anomaly detection in application logs. Inf. Technol. 64(1\u20132), 15\u201327 (2022). https:\/\/doi.org\/10.1515\/itit-2021-0064","journal-title":"Inf. Technol."},{"key":"9831_CR12","doi-asserted-by":"publisher","unstructured":"Nam, S., Yoo, J.-H., Hong, J.W.-K.: VM failure prediction with log analysis using BERT-CNN model. In: 2022 18th International Conference on Network and Service Management (CNSM)\u2014Mini Conference, 2022, pp. 331\u2013337 (2022). https:\/\/doi.org\/10.23919\/CNSM55787.2022.9965187","DOI":"10.23919\/CNSM55787.2022.9965187"},{"key":"9831_CR13","doi-asserted-by":"publisher","unstructured":"Wang, M., Xu, L., Guo, L.: Anomaly detection of system logs based on natural language processing and deep learning. In: 2018 4th International Conference on Frontiers of Signal Processing (ICFSP), 2018, pp. 140\u2013144 (2018). https:\/\/doi.org\/10.1109\/ICFSP.2018.8552075","DOI":"10.1109\/ICFSP.2018.8552075"},{"key":"9831_CR14","doi-asserted-by":"publisher","unstructured":"Qi, J., Luan, Z., Huang, S., Wang, Y., Fung, C., Yang, H., Qian, D.: Adanomaly: adaptive anomaly detection for system logs with adversarial learning. In: NOMS 2022\u20142022 IEEE\/IFIP Network Operations and Management Symposium, 2022, pp. 1\u20135. IEEE Press (2022). https:\/\/doi.org\/10.1109\/NOMS54207.2022.9789917","DOI":"10.1109\/NOMS54207.2022.9789917"},{"key":"9831_CR15","doi-asserted-by":"publisher","unstructured":"Seyyar, Y.E., Yavuz, A.G., \u00dcnver, H.M.: Detection of web attacks using the BERT model. In: 2022 30th Signal Processing and Communications Applications Conference (SIU), 2022, pp. 1\u20134 (2022). https:\/\/doi.org\/10.1109\/SIU55565.2022.9864721","DOI":"10.1109\/SIU55565.2022.9864721"},{"key":"9831_CR16","doi-asserted-by":"crossref","unstructured":"Guo, H., Yuan, S., Wu, X.: LogBERT: log anomaly detection via BERT, pp. 1\u20138. IEEE (2021)","DOI":"10.1109\/IJCNN52387.2021.9534113"},{"key":"9831_CR17","doi-asserted-by":"publisher","unstructured":"Shao, Y., Zhang, W., Liu, P., Huyue, R., Tang, R., Yin, Q., Li, Q.: Log anomaly detection method based on BERT model optimization. In: 2022 7th International Conference on Cloud Computing and Big Data Analytics (ICCCBDA), 2022, pp. 161\u2013166 (2022). https:\/\/doi.org\/10.1109\/ICCCBDA55098.2022.9778900","DOI":"10.1109\/ICCCBDA55098.2022.9778900"},{"key":"9831_CR18","unstructured":"Guo, H., Lin, X., Yang, J., Zhuang, Y., Bai, J., Zheng, T., Zhang, B., Li, Z.: TransLog: A Unified Transformer-Based Framework for Log Anomaly Detection (2022)"},{"key":"9831_CR19","doi-asserted-by":"crossref","unstructured":"Le, V.-H., Zhang, H.: Log-Based Anomaly Detection Without Log Parsing (2021)","DOI":"10.1109\/ASE51524.2021.9678773"},{"key":"9831_CR20","doi-asserted-by":"publisher","unstructured":"Gniewkowski, M., Maciejewski, H., Surmacz, T., Walentynowicz, W.: Sec2vec: anomaly detection in HTTP traffic and malicious URLs. In: Proceedings of the 38th ACM\/SIGAPP Symposium on Applied Computing. SAC \u201923, 2023, pp. 1154\u20131162. Association for Computing Machinery, New York (2023). https:\/\/doi.org\/10.1145\/3555776.3577663","DOI":"10.1145\/3555776.3577663"},{"key":"9831_CR21","doi-asserted-by":"publisher","DOI":"10.21227\/vvvq-6w47","author":"MAA Hilmi","year":"2020","unstructured":"Hilmi, M.A.A., Cahyanto, K.A., Mustamiin, M.: Apache Web Server\u2014access log pre-processing for web intrusion detection. IEEE Dataport (2020). https:\/\/doi.org\/10.21227\/vvvq-6w47","journal-title":"IEEE Dataport"},{"key":"9831_CR22","doi-asserted-by":"publisher","unstructured":"Gim\u00e9nez, C.T., Villegas, A.P., Maran, G.: HTTP Dataset CSIC 2010. https:\/\/doi.org\/10.7910\/DVN\/3QBYB5","DOI":"10.7910\/DVN\/3QBYB5"},{"key":"9831_CR23","unstructured":"ECML\/PKDD: ECML\/PKDD 2007 Discovery Challenge (2021). https:\/\/gitlab.fing.edu.uy\/gsi\/web-application-attacks-datasets\/-\/tree\/master\/ecml_pkdd"},{"key":"9831_CR24","doi-asserted-by":"crossref","unstructured":"Oliner, A.J., Stearley, J.: What supercomputers say: a study of five system logs. In: 37th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN\u201907), 2007, pp. 575\u2013584 (2007)","DOI":"10.1109\/DSN.2007.103"},{"key":"9831_CR25","unstructured":"Vaswani, A., Shazeer, N., Parmar, N., Uszkoreit, J., Jones, L., Gomez, A.N., Kaiser, L., Polosukhin, I.: Attention is all you need. CoRR (2017). arXiv:abs\/1706.03762"},{"key":"9831_CR26","doi-asserted-by":"publisher","unstructured":"Schuster, M., Nakajima, K.: Japanese and Korean voice search. In: 2012 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), 2012, pp. 5149\u20135152 (2012). https:\/\/doi.org\/10.1109\/ICASSP.2012.6289079","DOI":"10.1109\/ICASSP.2012.6289079"},{"key":"9831_CR27","unstructured":"Liu, Y., Ott, M., Goyal, N., Du, J., Joshi, M., Chen, D., Levy, O., Lewis, M., Zettlemoyer, L., Stoyanov, V.: RoBERTa: a robustly optimized BERT pretraining approach. CoRR (2019). arXiv:abs\/1907.11692"},{"key":"9831_CR28","unstructured":"Sanh, V., Debut, L., Chaumond, J., Wolf, T.: DistilBERT, a distilled version of BERT: smaller, faster, cheaper and lighter (2019). ArXiv:abs\/1910.01108"},{"key":"9831_CR29","unstructured":"Radford, A., Wu, J., Child, R., Luan, D., Amodei, D., Sutskever, I.: Language models are unsupervised multitask learners (2019)"},{"key":"9831_CR30","doi-asserted-by":"publisher","unstructured":"Black, S., Leo, G., Wang, P., Leahy, C., Biderman, S.: GPT-Neo: Large Scale Autoregressive Language Modeling with Mesh-Tensorflow. If you use this software, please cite it using these metadata (2021). https:\/\/doi.org\/10.5281\/zenodo.5297715","DOI":"10.5281\/zenodo.5297715"},{"key":"9831_CR31","unstructured":"Kokalj, E., \u0160krlj, B., Lavra\u010d, N., Pollak, S., Robnik-\u0160ikonja, M.: BERT meets Shapley: extending SHAP explanations to transformer-based classifiers. In: Toivonen, H., Boggia, M. (eds.) Proceedings of the EACL Hackashop on News Media Content Analysis and Automated Report Generation, 2021, pp. 16\u201321. Association for Computational Linguistics (2021). https:\/\/aclanthology.org\/2021.hackashop-1.3"},{"key":"9831_CR32","first-page":"2579","volume":"9","author":"L Maaten","year":"2008","unstructured":"Maaten, L., Hinton, G.: Visualizing data using t-SNE. J. Mach. Learn. Res. 9, 2579\u20132605 (2008)","journal-title":"J. Mach. Learn. Res."},{"key":"9831_CR33","volume-title":"Foundations of Machine Learning","author":"M Mohri","year":"2012","unstructured":"Mohri, M., Rostamizadeh, A., Talwalkar, A.: Foundations of Machine Learning. The MIT Press, Cambridge (2012)"}],"container-title":["Journal of Network and Systems Management"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10922-024-09831-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10922-024-09831-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10922-024-09831-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,2]],"date-time":"2024-08-02T13:23:41Z","timestamp":1722605021000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10922-024-09831-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,6,13]]},"references-count":33,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2024,7]]}},"alternative-id":["9831"],"URL":"https:\/\/doi.org\/10.1007\/s10922-024-09831-x","relation":{},"ISSN":["1064-7570","1573-7705"],"issn-type":[{"value":"1064-7570","type":"print"},{"value":"1573-7705","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,6,13]]},"assertion":[{"value":"24 November 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"24 November 2023","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"10 May 2024","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"13 June 2024","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}],"article-number":"59"}}