Large Language Models for Anomaly Detection in Computational Workflows: from Supervised Fine-Tuning to In-Context Learning

TL;DR

This paper explores the use of large language models for anomaly detection in computational workflows, comparing supervised fine-tuning and in-context learning approaches to improve detection accuracy and interpretability.

Contribution

It introduces and evaluates two novel LLM-based methods for workflow anomaly detection, highlighting their effectiveness and potential advantages over traditional techniques.

Findings

Supervised fine-tuning improves detection accuracy with labeled data.

In-context learning enables few-shot anomaly detection without fine-tuning.

Chain-of-thought prompting enhances interpretability of LLM decisions.

Abstract

Anomaly detection in computational workflows is critical for ensuring system reliability and security. However, traditional rule-based methods struggle to detect novel anomalies. This paper leverages large language models (LLMs) for workflow anomaly detection by exploiting their ability to learn complex data patterns. Two approaches are investigated: 1) supervised fine-tuning (SFT), where pre-trained LLMs are fine-tuned on labeled data for sentence classification to identify anomalies, and 2) in-context learning (ICL) where prompts containing task descriptions and examples guide LLMs in few-shot anomaly detection without fine-tuning. The paper evaluates the performance, efficiency, generalization of SFT models, and explores zero-shot and few-shot ICL prompts and interpretability enhancement via chain-of-thought prompting. Experiments across multiple workflow datasets demonstrate the promising potential of LLMs for effective anomaly detection in complex executions.