{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,20]],"date-time":"2026-03-20T11:18:56Z","timestamp":1774005536204,"version":"3.50.1"},"reference-count":39,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2026,3,20]],"date-time":"2026-03-20T00:00:00Z","timestamp":1773964800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2026,3,20]],"date-time":"2026-03-20T00:00:00Z","timestamp":1773964800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100012166","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["No.2023YFB3107601"],"award-info":[{"award-number":["No.2023YFB3107601"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"Abstract<\/jats:title>\n Modern systems generate massive amounts of logs during operation, which are the key foundation for anomaly log analysis. However, existing research typically breaks down log analysis into multiple isolated tasks, which lacks flexibility in complex application scenarios and requires significant manpower. Furthermore, the increasing diversity and complexity of log formats place higher demands on the accuracy of log analysis. To achieve a more robust, accurate, and comprehensive log analysis method, we propose an integrated framework, called LogLAA. We construct a log parser based on length and word frequency that runs stably in most log systems with minimal parameter tuning, supporting both offline and online parsing in various scenarios. By introducing variable substitution and combining it with a similarity prefix tree, we achieve high accuracy and efficiency. We introduce counting embeddings, sequence embeddings, and semantic embeddings, and combining them with a CNN-LSTM model based on a dual-attention mechanism, we significantly improve the precision of anomaly detection. To ensure the interpretability of anomaly logs, we combine them with a large language model (LLM) for analysis. Experimental results show that our log parsing method achieves a 0.8% improvement over the SOTA model and anomaly detection achieves 6% improvement over the average precision of other advanced methods. We use the weighted matching score to evaluate anomaly analysis. LogLAA scores 0.7, placing it at an upper-middle level.<\/jats:p>","DOI":"10.1186\/s42400-026-00573-8","type":"journal-article","created":{"date-parts":[[2026,3,20]],"date-time":"2026-03-20T09:12:35Z","timestamp":1773997955000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["LogLAA: an adaptive integrated log anomaly analysis framework"],"prefix":"10.1186","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0458-8481","authenticated-orcid":false,"given":"Yali","family":"Gao","sequence":"first","affiliation":[]},{"given":"Tianchao","family":"Luo","sequence":"additional","affiliation":[]},{"given":"Kangqian","family":"Huang","sequence":"additional","affiliation":[]},{"given":"Jialu","family":"Tang","sequence":"additional","affiliation":[]},{"given":"Xiaoyong","family":"Li","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,3,20]]},"reference":[{"key":"573_CR1","doi-asserted-by":"crossref","unstructured":"Chen X, He B, Sun L (2022) Groupwise query performance prediction with bert. In: European Conference on Information Retrieval, Springer, pp 64\u201374","DOI":"10.1007\/978-3-030-99739-7_8"},{"key":"573_CR2","doi-asserted-by":"crossref","unstructured":"Chen Y, Xie H, Ma M, et\u00a0al (2024) Automatic root cause analysis via large language models for cloud incidents. In: Proceedings of the Nineteenth European Conference on Computer Systems, pp 674\u2013688","DOI":"10.1145\/3627703.3629553"},{"key":"573_CR3","first-page":"915","volume":"2025","author":"H Cheng","year":"2025","unstructured":"Cheng H, Xu D, Yuan S (2025) Backdoor attack against log anomaly detection models. Companion Proceedings of the ACM on Web Conference 2025:915\u2013918","journal-title":"Companion Proceedings of the ACM on Web Conference"},{"key":"573_CR4","doi-asserted-by":"crossref","unstructured":"Chnib M, Gabsi W (2023) Detection of anomalies in the hdfs dataset. 2023 IEEE\/ACIS 21st International Conference on Software Engineering Research. IEEE, Management and Applications (SERA), pp 243\u2013250","DOI":"10.1109\/SERA57763.2023.10197797"},{"issue":"3","key":"573_CR5","first-page":"879","volume":"48","author":"H Dai","year":"2020","unstructured":"Dai H, Li H, Chen CS et al (2020) Logram: Efficient log parsing using $$n$$ n-gram dictionaries. IEEE Trans Software Eng 48(3):879\u2013892","journal-title":"IEEE Trans Software Eng"},{"key":"573_CR6","unstructured":"Devlin J, Chang MW, Lee K, et\u00a0al (2019) Bert: Pre-training of deep bidirectional transformers for language understanding. In: Proceedings of the 2019 conference of the North American chapter of the association for computational linguistics: human language technologies, volume 1 (long and short papers), pp 4171\u20134186"},{"key":"573_CR7","doi-asserted-by":"crossref","unstructured":"Du M, Li F (2016) Spell: Streaming parsing of system event logs. In: 2016 IEEE 16th International Conference on Data Mining (ICDM), IEEE, pp 859\u2013864","DOI":"10.1109\/ICDM.2016.0103"},{"key":"573_CR8","doi-asserted-by":"crossref","unstructured":"Du M, Li F, Zheng G, et\u00a0al (2017) Deeplog: Anomaly detection and diagnosis from system logs through deep learning. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security, pp 1285\u20131298","DOI":"10.1145\/3133956.3134015"},{"key":"573_CR9","first-page":"1","volume-title":"ICASSP 2025\u20132025 IEEE International Conference on Acoustics","author":"C Duan","year":"2025","unstructured":"Duan C, Jia T, Yang Y et al (2025) Eagerlog: Active learning enhanced retrieval augmented generation for log-based anomaly detection. ICASSP 2025\u20132025 IEEE International Conference on Acoustics. IEEE, Speech and Signal Processing (ICASSP), pp 1\u20135"},{"key":"573_CR10","unstructured":"Guan W, Cao J, Qian S, et\u00a0al (2024) Logllm: Log-based anomaly detection using large language models. arXiv preprint arXiv:2411.08561"},{"key":"573_CR11","doi-asserted-by":"publisher","first-page":"132","DOI":"10.1109\/ISSRE62328.2024.00023","volume-title":"2024 IEEE 35th International Symposium on Software Reliability Engineering (ISSRE)","author":"M He","year":"2024","unstructured":"He M, Jia T, Duan C et al (2024) Llmelog: An approach for anomaly detection based on llm-enriched log events. 2024 IEEE 35th International Symposium on Software Reliability Engineering (ISSRE). IEEE, Tsukuba, Japan, pp 132\u2013143"},{"key":"573_CR12","doi-asserted-by":"crossref","unstructured":"He M, Jia T, Duan C, et al (2025) Weakly-supervised log-based anomaly detection with inexact labels via multi-instance learning. In: 2025 IEEE\/ACM 47th International Conference on Software Engineering (ICSE), IEEE Computer Society, pp 2918-2930","DOI":"10.1109\/ICSE55347.2025.00189"},{"key":"573_CR13","doi-asserted-by":"crossref","unstructured":"He P, Zhu J, Zheng Z, et\u00a0al (2017) Drain: An online log parsing approach with fixed depth tree. In: 2017 IEEE international conference on web services (ICWS), IEEE, pp 33\u201340","DOI":"10.1109\/ICWS.2017.13"},{"key":"573_CR14","doi-asserted-by":"crossref","unstructured":"Jiang ZM, Hassan AE, Flora P, et\u00a0al (2008) Abstracting execution logs to execution events for enterprise applications. In: 2008 The Eighth International Conference on Quality Software, IEEE, pp 181\u2013186","DOI":"10.1109\/QSIC.2008.50"},{"key":"573_CR15","doi-asserted-by":"publisher","unstructured":"Kenter T, Borisov A, de\u00a0Rijke M (2016) Siamese CBOW: Optimizing word embeddings for sentence representations. In: Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers). Association for Computational Linguistics, Berlin, Germany, pp 941\u2013951, https:\/\/doi.org\/10.18653\/v1\/P16-1089, https:\/\/aclanthology.org\/P16-1089\/","DOI":"10.18653\/v1\/P16-1089"},{"key":"573_CR16","doi-asserted-by":"publisher","first-page":"58088","DOI":"10.1109\/ACCESS.2021.3071763","volume":"9","author":"C Kim","year":"2021","unstructured":"Kim C, Jang M, Seo S et al (2021) Intrusion detection based on sequential information preserving log embedding methods and anomaly detection algorithms. IEEE Access 9:58088\u201358101","journal-title":"IEEE Access"},{"key":"573_CR17","unstructured":"Lan Z, Chen M, Goodman S, et\u00a0al (2019) Albert: A lite bert for self-supervised learning of language representations. In: International Conference on Learning Representations"},{"key":"573_CR18","doi-asserted-by":"publisher","DOI":"10.1016\/j.mlwa.2023.100470","volume":"12","author":"M Landauer","year":"2023","unstructured":"Landauer M, Onder S, Skopik F et al (2023) Deep learning for anomaly detection in log data: A survey. Machine Learning with Applications 12:100470","journal-title":"Machine Learning with Applications"},{"key":"573_CR19","doi-asserted-by":"crossref","unstructured":"Le VH, Zhang H (2022) Log-based anomaly detection with deep learning: How far are we? In: Proceedings of the 44th international conference on software engineering, pp 1356\u20131367","DOI":"10.1145\/3510003.3510155"},{"key":"573_CR20","unstructured":"Lin Y, Deng H, Li X (2024) Fastlogad: Log anomaly detection with mask-guided pseudo anomaly generation and discrimination. arXiv preprint arXiv:2404.08750"},{"key":"573_CR21","doi-asserted-by":"crossref","unstructured":"Liu Y, Tao S, Meng W, et\u00a0al (2024) Logprompt: Prompt engineering towards zero-shot and interpretable log analysis. In: Proceedings of the 2024 IEEE\/ACM 46th International Conference on Software Engineering: Companion Proceedings, pp 364\u2013365","DOI":"10.1145\/3639478.3643108"},{"key":"573_CR22","doi-asserted-by":"publisher","unstructured":"Liu Y, Ji Y, Tao S, et\u00a0al (2025) Loglm: From task-based to instruction-based automated log analysis. In: 2025 IEEE\/ACM 47th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP), pp 401\u2013412, https:\/\/doi.org\/10.1109\/ICSE-SEIP66354.2025.00041","DOI":"10.1109\/ICSE-SEIP66354.2025.00041"},{"key":"573_CR23","doi-asserted-by":"crossref","unstructured":"Meng W, Liu Y, Zhu Y, et\u00a0al (2019) Loganomaly: Unsupervised detection of sequential and quantitative anomalies in unstructured logs. In: IJCAI, pp 4739\u20134745","DOI":"10.24963\/ijcai.2019\/658"},{"key":"573_CR24","doi-asserted-by":"publisher","first-page":"83765","DOI":"10.1109\/ACCESS.2020.2992044","volume":"8","author":"MP Novaes","year":"2020","unstructured":"Novaes MP, Carvalho LF, Lloret J et al (2020) Long short-term memory and fuzzy logic for anomaly detection and mitigation in software-defined network environment. Ieee Access 8:83765\u201383781","journal-title":"Ieee Access"},{"key":"573_CR25","doi-asserted-by":"crossref","unstructured":"Ren R, Cheng JC, Shi H et al (2021) Failure characterization based on lstm networks for bluegene\/l system logs. Intelligent Computing and Block Chain: FICC 2020. Springer Singapore, Singapore, pp 123\u2013133","DOI":"10.1007\/978-981-16-1160-5_11"},{"key":"573_CR26","doi-asserted-by":"crossref","unstructured":"Sun Y, Gao Y, Li X (2023) OptimizeLog: Log anomaly detection and localization based on optimized log parsing in distributed systems. 2023 9th International Conference on Computer and Communications (ICCC). IEEE, Chengdu, China, pp 2144\u20132148","DOI":"10.1109\/ICCC59590.2023.10507473"},{"key":"573_CR27","doi-asserted-by":"crossref","unstructured":"Vaarandi R, Pihelgas M (2015) Logcluster-a data clustering and pattern mining algorithm for event logs. In: 2015 11th International conference on network and service management (CNSM), IEEE, pp 1\u20137","DOI":"10.1109\/CNSM.2015.7367331"},{"key":"573_CR28","doi-asserted-by":"crossref","unstructured":"Wang J, Chu G, Wang J, et\u00a0al (2024) Logexpert: Log-based recommended resolutions generation using large language model. In: Proceedings of the 2024 ACM\/IEEE 44th International Conference on Software Engineering: New Ideas and Emerging Results, pp 42\u201346","DOI":"10.1145\/3639476.3639773"},{"key":"573_CR29","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2021.108616","volume":"203","author":"Z Wang","year":"2022","unstructured":"Wang Z, Tian J, Fang H et al (2022) Lightlog: A lightweight temporal convolutional network for log anomaly detection on the edge. Comput Netw 203:108616","journal-title":"Comput Netw"},{"key":"573_CR30","doi-asserted-by":"crossref","unstructured":"Xiao Y, Le VH, Zhang H (2024) free: Towards more practical log parsing with large language models. In: Proceedings of the 39th IEEE\/ACM International Conference on Automated Software Engineering, pp 153\u2013165","DOI":"10.1145\/3691620.3694994"},{"key":"573_CR31","doi-asserted-by":"crossref","unstructured":"Xu W, Huang L, Fox A, et\u00a0al (2009) Largescale system problem detection by mining console logs. In: Proceedings of SOSP, pp 1\u201317","DOI":"10.1109\/ICDM.2009.19"},{"issue":"3","key":"573_CR32","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3441448","volume":"15","author":"S Ying","year":"2021","unstructured":"Ying S, Wang B, Wang L et al (2021) An improved knn-based efficient log anomaly detection method with automatically labeled samples. ACM Transactions on Knowledge Discovery from Data (TKDD) 15(3):1\u201322","journal-title":"ACM Transactions on Knowledge Discovery from Data (TKDD)"},{"issue":"5","key":"573_CR33","doi-asserted-by":"publisher","first-page":"3224","DOI":"10.1109\/TSC.2023.3270566","volume":"16","author":"S Yu","year":"2023","unstructured":"Yu S, He P, Chen N et al (2023) Brain: Log parsing with bidirectional parallel tree. IEEE Trans Serv Comput 16(5):3224\u20133237","journal-title":"IEEE Trans Serv Comput"},{"key":"573_CR34","doi-asserted-by":"crossref","unstructured":"Zhang X, Xu Y, Lin Q, et\u00a0al (2019) Robust log-based anomaly detection on unstable log data. In: Proceedings of the 2019 27th ACM joint meeting on European software engineering conference and symposium on the foundations of software engineering, pp 807\u2013817","DOI":"10.1145\/3338906.3338931"},{"key":"573_CR35","doi-asserted-by":"crossref","unstructured":"Zhao X, Jia T, He M, et\u00a0al (2025) From few-label to zero-label: An approach for cross-system log-based anomaly detection with meta-learning. In: Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering, pp 661\u2013665","DOI":"10.1145\/3696630.3728519"},{"key":"573_CR36","doi-asserted-by":"publisher","first-page":"3051","DOI":"10.1109\/TIFS.2022.3201379","volume":"17","author":"J Zhou","year":"2022","unstructured":"Zhou J, Qian Y, Zou Q et al (2022) Deepsyslog: Deep anomaly detection on syslog using sentence embedding and metadata. IEEE Trans Inf Forensics Secur 17:3051\u20133061","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"573_CR37","doi-asserted-by":"crossref","unstructured":"Zhu J, He S, Liu J, et\u00a0al (2019) Tools and benchmarks for automated log parsing. In: 2019 IEEE\/ACM 41st International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP), IEEE, pp 121\u2013130","DOI":"10.1109\/ICSE-SEIP.2019.00021"},{"key":"573_CR38","doi-asserted-by":"crossref","unstructured":"Zhu J, He S, He P, et\u00a0al (2023) Loghub: A large collection of system log datasets for ai-driven log analytics. In: 2023 IEEE 34th International Symposium on Software Reliability Engineering (ISSRE), IEEE, pp 355\u2013366","DOI":"10.1109\/ISSRE59848.2023.00071"},{"issue":"1","key":"573_CR39","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1038\/s41377-022-00714-x","volume":"11","author":"C Zuo","year":"2022","unstructured":"Zuo C, Qian J, Feng S et al (2022) Deep learning in optical metrology: a review. Light Sci Appl 11(1):39","journal-title":"Light Sci Appl"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-026-00573-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-026-00573-8","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-026-00573-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,20]],"date-time":"2026-03-20T09:12:45Z","timestamp":1773997965000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1186\/s42400-026-00573-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,3,20]]},"references-count":39,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,12]]}},"alternative-id":["573"],"URL":"https:\/\/doi.org\/10.1186\/s42400-026-00573-8","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,3,20]]},"assertion":[{"value":"4 November 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"6 March 2026","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 March 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"All authors have read and approved the final manuscript and consent to its publication.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent for publication"}},{"value":"The authors declare that they have no conflict of interest.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"141"}}