PULL: Reactive Log Anomaly Detection Based On Iterative PU Learning
- URL: http://arxiv.org/abs/2301.10681v1
- Date: Wed, 25 Jan 2023 16:34:43 GMT
- Title: PULL: Reactive Log Anomaly Detection Based On Iterative PU Learning
- Authors: Thorsten Wittkopp, Dominik Scheinert, Philipp Wiesner, Alexander
Acker, Odej Kao
- Abstract summary: We propose PULL, an iterative log analysis method for reactive anomaly detection based on estimated failure time windows.
Our evaluation shows that PULL consistently outperforms ten benchmark baselines across three different datasets.
- Score: 58.85063149619348
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Due to the complexity of modern IT services, failures can be manifold, occur
at any stage, and are hard to detect. For this reason, anomaly detection
applied to monitoring data such as logs allows gaining relevant insights to
improve IT services steadily and eradicate failures. However, existing anomaly
detection methods that provide high accuracy often rely on labeled training
data, which are time-consuming to obtain in practice. Therefore, we propose
PULL, an iterative log analysis method for reactive anomaly detection based on
estimated failure time windows provided by monitoring systems instead of
labeled data. Our attention-based model uses a novel objective function for
weak supervision deep learning that accounts for imbalanced data and applies an
iterative learning strategy for positive and unknown samples (PU learning) to
identify anomalous logs. Our evaluation shows that PULL consistently
outperforms ten benchmark baselines across three different datasets and detects
anomalous log messages with an F1-score of more than 0.99 even within imprecise
failure time windows.
Related papers
- Anomaly Detection by Context Contrasting [57.695202846009714]
Anomaly Detection focuses on identifying samples that deviate from the norm.
Recent advances in self-supervised learning have shown great promise in this regard.
We propose Con2, which addresses this problem by setting normal training data into distinct contexts.
Our approach achieves state-of-the-art performance on various benchmarks while exhibiting superior performance in a more realistic healthcare setting.
arXiv Detail & Related papers (2024-05-29T07:59:06Z) - Semi-supervised learning via DQN for log anomaly detection [1.5339370927841764]
We propose a semi-supervised log anomaly detection method that combines the DQN algorithm from deep reinforcement learning, which is called DQNLog.
Our evaluation on three widely-used datasets demonstrates that DQNLog significantly improves recall rate and F1-score while maintaining precision, validating its practicality.
arXiv Detail & Related papers (2024-01-06T08:04:13Z) - RAPID: Training-free Retrieval-based Log Anomaly Detection with PLM
considering Token-level information [7.861095039299132]
The need for log anomaly detection is growing, especially in real-world applications.
Traditional deep learning-based anomaly detection models require dataset-specific training, leading to corresponding delays.
We introduce RAPID, a model that capitalizes on the inherent features of log data to enable anomaly detection without training delays.
arXiv Detail & Related papers (2023-11-09T06:11:44Z) - Label-Efficient Interactive Time-Series Anomaly Detection [17.799924009674694]
We propose a Label-Efficient Interactive Time-Series Anomaly Detection (LEIAD) system.
To achieve this goal, the system integrates weak supervision and active learning collaboratively.
We conduct experiments on three time-series anomaly detection datasets, demonstrating that the proposed system is superior to existing solutions.
arXiv Detail & Related papers (2022-12-30T10:16:15Z) - LogLAB: Attention-Based Labeling of Log Data Anomalies via Weak
Supervision [63.08516384181491]
We present LogLAB, a novel modeling approach for automated labeling of log messages without requiring manual work by experts.
Our method relies on estimated failure time windows provided by monitoring systems to produce precise labeled datasets in retrospect.
Our evaluation shows that LogLAB consistently outperforms nine benchmark approaches across three different datasets and maintains an F1-score of more than 0.98 even at large failure time windows.
arXiv Detail & Related papers (2021-11-02T15:16:08Z) - A2Log: Attentive Augmented Log Anomaly Detection [53.06341151551106]
Anomaly detection becomes increasingly important for the dependability and serviceability of IT services.
Existing unsupervised methods need anomaly examples to obtain a suitable decision boundary.
We develop A2Log, which is an unsupervised anomaly detection method consisting of two steps: Anomaly scoring and anomaly decision.
arXiv Detail & Related papers (2021-09-20T13:40:21Z) - TadGAN: Time Series Anomaly Detection Using Generative Adversarial
Networks [73.01104041298031]
TadGAN is an unsupervised anomaly detection approach built on Generative Adversarial Networks (GANs)
To capture the temporal correlations of time series, we use LSTM Recurrent Neural Networks as base models for Generators and Critics.
To demonstrate the performance and generalizability of our approach, we test several anomaly scoring techniques and report the best-suited one.
arXiv Detail & Related papers (2020-09-16T15:52:04Z) - Self-Attentive Classification-Based Anomaly Detection in Unstructured
Logs [59.04636530383049]
We propose Logsy, a classification-based method to learn log representations.
We show an average improvement of 0.25 in the F1 score, compared to the previous methods.
arXiv Detail & Related papers (2020-08-21T07:26:55Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.