LogPPO: A Log-Based Anomaly Detector Aided with Proximal Policy Optimization Algorithms

Cloud-based platforms form the backbone of smart city ecosystems, powering essential services such as transportation, energy management, and public safety. However, their operational complexity generates vast volumes of system logs, making manual anomaly detection infeasible and raising reliability concerns. This study addresses the challenge of data scarcity in log anomaly detection by leveraging Large Language Models (LLMs) to enhance domain-specific classification tasks. We empirically validate that domain-adapted classifiers preserve strong natural language understanding, and introduce a Proximal Policy Optimization (PPO)-based approach to align semantic patterns between LLM outputs and classifier preferences. Experiments were conducted using three Transformer-based baselines under few-shot conditions across four public datasets. Results indicate that integrating natural language analyses improves anomaly detection F1-Scores by 5–86% over the baselines, while iterative PPO refinement boosts classifier’s “confidence” in label prediction. This research pioneers a novel framework for few-shot log anomaly detection, establishing an innovative paradigm in resource-constrained diagnostic systems in smart city infrastructures.