Have a personal or library account? Click to login
FRLog: Log Anomaly Detection Based on Three-Stage Training with Reft Fine-Tuning for Large Language Model Cover

FRLog: Log Anomaly Detection Based on Three-Stage Training with Reft Fine-Tuning for Large Language Model

Journal of Artificial Intelligence and Soft Computing Research
Volume 16 (2026): Issue 2 (March 2026)
By: Keyuan Qiu,  Zhejie Xu,  Tao Luo,  Meifang Yan,  Ruru Liu,  Pengjin Liu and  Feng Chen  
Open Access
|Feb 2026

References

  1. Jia Tong, Li Ying, Wu Zhonghai. Review of fault diagnosis of distributed software system based on log data. Journal of Software, 2020, 31(7): 1997–2018.
    Search in Google ScholarBack to article
  2. Qiu K, Zhang Y, Chen F. MSM: point cloud alignment algorithm through multi-scale feature fusion and cross-attention mechanism. Intelligent Service Robotics, 2025: 1–17.
    Search in Google ScholarBack to article
  3. Qiu K, Zhang Y, Zhao J, et al. A Multimodal Sentiment Analysis Approach Based on a Joint Chained Interactive Attention Mechanism. Electronics, 2024, 13(10): 1922.
    Search in Google ScholarBack to article
  4. Qiu K, Zhang Y, Ren Z, et al. SpemNet: A Cotton Disease and Pest Identification Method Based on Efficient Multi-Scale Attention and Stacking Patch Embedding. Insects, 2024, 15(9): 667.
    Search in Google ScholarBack to article
  5. Qiu K, Yan M, Luo T, et al. FedAware: a distributed IoT intrusion detection method based on fractal shrinking autoencoder. Journal of King Saud University - Computer and Information Sciences, 2025, 37(7): 1–21.
    Search in Google ScholarBack to article
  6. Guo H, Yuan S, Wu X. Logbert: Log anomaly detection via BERT. In: Proc. of IJCNN, IEEE, 2021: 1–8.
    Search in Google ScholarBack to article
  7. Le V H, Zhang H. Log-based anomaly detection without log parsing. In: ASE, IEEE, 2021: 492–504.
    Search in Google ScholarBack to article
  8. Devlin J, Chang M W, Lee K, et al. BERT: Pre-training of deep bidirectional transformers for language understanding,2018. http://arxiv.org/abs/1810.04805
    Search in Google ScholarBack to article
  9. Vaswani A, Shazeer N, Parmar N, et al. Attention is all you need. In: Advances in Neural Information Processing Systems, 2017.
    Search in Google ScholarBack to article
  10. He S, Zhu J, He P, et al. Experience report: system log analysis for anomaly detection. In: ISSRE, IEEE, 2016.
    Search in Google ScholarBack to article
  11. Xu W, Huang L, Fox A, et al. Detecting large-scale system problems by mining console logs. In: SOSP, ACM, 2009.
    Search in Google ScholarBack to article
  12. Lin Q, Zhang H, Lou J G, et al. Log clustering based problem identification for online service systems. In: ICSE-C, ACM, 2016.
    Search in Google ScholarBack to article
  13. Liang Y, Zhang Y, Xiong H, et al. Failure prediction in IBM BlueGene/L event logs. In: ICDM, IEEE, 2007.
    Search in Google ScholarBack to article
  14. Bodik P, Goldszmidt M, Fox A, et al. Fingerprinting the datacenter: automated classification of performance crises. In: EuroSys, ACM, 2010.
    Search in Google ScholarBack to article
  15. Chen M, Zheng A X, Lloyd J, et al. Failure diagnosis using decision trees. In: Autonomic Computing, IEEE, 2004.
    Search in Google ScholarBack to article
  16. Liu Z, Qin T, Guan X, Jiang H, Wang C. An integrated method for anomaly detection from massive system logs. IEEE Access, 2018, 6: 30602–30611.
    Search in Google ScholarBack to article
  17. Elmrabit N, Yang S, Yang L, Zhou H. Insider threat risk prediction based on Bayesian network. Computers & Security, 2020, 96: 101908.
    Search in Google ScholarBack to article
  18. d’Ambrosio N, Perrone G, Romano S.P. Including insider threats into risk management through Bayesian threat graph networks. Computers & Security, 2023, 133: 103410.
    Search in Google ScholarBack to article
  19. Rashid T, Agrafiotis I, Nurse J R C. A new take on detecting insider threats: Exploring the use of hidden Markov models. In: MIST, ACM, 2016: 47–56.
    Search in Google ScholarBack to article
  20. Ye X, Han M. An improved feature extraction algorithm for insider threat using hidden Markov model on user behavior detection. Information & Computer Security, 2022, 30(1): 19–36.
    Search in Google ScholarBack to article
  21. Liu F T, Ting K M, Zhou Z-H. Isolation-based anomaly detection. ACM Trans. Knowl. Discov. Data, 2012, 6(1): 1–39.
    Search in Google ScholarBack to article
  22. Ding Z, Fei M. An anomaly detection approach based on isolation forest algorithm for streaming data using sliding window. IFAC Proc. Vol., 2013, 46(20): 12–17.
    Search in Google ScholarBack to article
  23. Karev D, McCubbin C, Vaulin R. Cyber threat hunting through the use of an isolation forest. In: CompSysTech, 2017: 163–170.
    Search in Google ScholarBack to article
  24. Du M, Li F, Zheng G, et al. DeepLog: anomaly detection and diagnosis from system logs through deep learning. In: CCS, ACM, 2017.
    Search in Google ScholarBack to article
  25. Liu F, Wen Y, Zhang D, et al. Log2vec: a heterogeneous graph embedding based approach for detecting cyber threats within enterprise. In: CCS, ACM, 2019.
    Search in Google ScholarBack to article
  26. Sasaki S, Suzuki J, Inui K. Subword-based compact reconstruction of word embeddings. In: NAACL-HLT, ACL, 2019.
    Search in Google ScholarBack to article
  27. Wang J, Yu L C, Lai K R, et al. Dimensional sentiment analysis using a regional CNN-LSTM model. In: ACL, 2016.
    Search in Google ScholarBack to article
  28. Luo L X. Network text sentiment analysis method combining LDA text representation and GRUCNN. Pers Ubiquit Comput, 2019, 23: 405.
    Search in Google ScholarBack to article
  29. Yu H, Yang J. A direct LDA algorithm for high-dimensional data—application to face recognition. Pattern Recognition, 2001, 34: 2067.
    Search in Google ScholarBack to article
  30. Xiao T, Quan Z, Wang Z J, et al. Loader: A log anomaly detector based on transformer. IEEE Trans. Serv. Comput., 2023, 16(5): 3479–3492.
    Search in Google ScholarBack to article
  31. Guo H, Yuan S, Wu X. Logbert: Log anomaly detection via BERT. In: IJCNN, IEEE, 2021: 1–8.
    Search in Google ScholarBack to article
  32. Yu J, Hu Z, Jiang C. Multi-feature-based log event anomaly detection. Computer Engineering and Science, 2024, 46(09): 1587–1597.
    Search in Google ScholarBack to article
  33. Qiu K, Zhang Y, Feng Y, et al. LogAnomEX: An Unsupervised Log Anomaly Detection Method Based on Electra-DP and Gated Bilinear Neural Networks. Journal of Network and Systems Management, 2025, 33(2): 1–29.
    Search in Google ScholarBack to article
  34. Qi J, Huang S, Luan Z, et al. LogGPT: Exploring ChatGPT for log-based anomaly detection. In: HPCC/DSS/SmartCity/DependSys, IEEE, 2023: 273–280.
    Search in Google ScholarBack to article
  35. He M, Jia T, Duan C, et al. LLMeLog: An Approach for Anomaly Detection based on LLM-enriched Log Events. In: ISSRE, IEEE, 2024: 132–143.
    Search in Google ScholarBack to article
  36. Han X, Yuan S, Trabelsi M. LogGPT: Log anomaly detection via GPT. In: BigData, IEEE, 2023: 1117–1122.
    Search in Google ScholarBack to article
  37. Hadadi F, Xu Q, Bianculli D, et al. Anomaly detection on unstable logs with GPT models. arXiv preprint arXiv:2406.07467, 2024.
    Search in Google ScholarBack to article
  38. Guan W, Cao J, Qian S, et al. LogLLM: Log-based Anomaly Detection Using Large Language Models. arXiv preprint arXiv:2411.08561, 2024.
    Search in Google ScholarBack to article
  39. Lim Y F, Zhu J, Pang G. Adapting Large Language Models for Parameter-Efficient Log Anomaly Detection. arXiv preprint arXiv:2503.08045, 2025.
    Search in Google ScholarBack to article
  40. Nasser H, Trad F, Chehab A. Stacking Large Language Models is All You Need: A Case Study on Phishing URL Detection. Journal of Artificial Intelligence and Soft Computing Research, 2025, 15(4): 337–356.
    Search in Google ScholarBack to article
  41. Romaszewski M, Sekuła P, Głomb P, et al. Through the Thicket: A Study of Number-Oriented LLMs Derived from Random Forest Models. Journal of Artificial Intelligence and Soft Computing Research, 2025, 15(3): 279–298.
    Search in Google ScholarBack to article
  42. Oliner A J, Stearley J. What Supercomputers Say: A Study of Five System Logs. In: DSN, IEEE/IFIP, 2007.
    Search in Google ScholarBack to article
  43. Zhu J, He S, He P, et al. Loghub: A Large Collection of System Log Datasets for AI-driven Log Analytics. In: ISSRE, IEEE, 2023.
    Search in Google ScholarBack to article
  44. Xu W, Huang L, Fox A, et al. Detecting Large-Scale System Problems by Mining Console Logs. In: SOSP, ACM, 2009.
    Search in Google ScholarBack to article
  45. Lin Y, Deng H, Li X. FastLogAD: Log Anomaly Detection with Mask-Guided Pseudo Anomaly Generation and Discrimination. arXiv preprint arXiv:2404.08750, 2024.
    Search in Google ScholarBack to article
  46. Li Z, Shi J, Van Leeuwen M. Graph neural networks based log anomaly detection and explanation. In: ICSE Companion, IEEE/ACM, 2024: 306–307.
    Search in Google ScholarBack to article
DOI: https://doi.org/10.2478/jaiscr-2026-0007
Journal RSS Feed
Language: English
Page range: 125 - 144
Submitted on: Jun 11, 2025
|
Accepted on: Dec 27, 2025
|
Published on: Feb 9, 2026
Published by: SAN University
In partnership with: Paradigm Publishing Services
Publication frequency: 4 issues per year
Keywords:
anomaly detection,
system security,
model optimisation,
log analysis
Related subjects:
Computer sciences,
Databases and data mining,
Artificial intelligence

© 2026 Keyuan Qiu, Zhejie Xu, Tao Luo, Meifang Yan, Ruru Liu, Pengjin Liu, Feng Chen, published by SAN University
This work is licensed under the Creative Commons Attribution 4.0 License.

Previous articleVolume 16 (2026): Issue 2 (March 2026)Next article