LUK is a novel framework that extracts expert knowledge from large language models to enhance log understanding systems while maintaining cost efficiency and performance.

• Combines the expertise of LLMs with the efficiency of smaller models
• Employs a knowledge distillation approach from LLMs to specialized log parsers
• Achieves comparable accuracy to direct LLM use at significantly lower cost
• Improves security monitoring by enabling more efficient anomaly detection in system logs

This research matters for security teams who need high-quality log analysis without the computational overhead of full LLM deployment, allowing for more practical implementation in real-time security monitoring systems.

LUK: Empowering Log Understanding with Expert Knowledge from Large Language Models