Log-based Anomaly Detection based on EVT Theory with feedback
- URL: http://arxiv.org/abs/2306.05032v2
- Date: Sat, 30 Sep 2023 04:09:55 GMT
- Title: Log-based Anomaly Detection based on EVT Theory with feedback
- Authors: Jinyang Liu, Junjie Huang, Yintong Huo, Zhihan Jiang, Jiazhen Gu,
Zhuangbin Chen, Cong Feng, Minzhi Yan and Michael R. Lyu
- Abstract summary: We present an accurate, lightweight, and adaptive log-based anomaly detection framework, referred to as SeaLog.
Our method introduces a Trie-based Detection Agent (TDA) that employs a lightweight, dynamically-growing trie structure for real-time anomaly detection.
To enhance TDA's accuracy in response to evolving log data, we enable it to receive feedback from experts.
- Score: 31.949892354842525
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: System logs play a critical role in maintaining the reliability of software
systems. Fruitful studies have explored automatic log-based anomaly detection
and achieved notable accuracy on benchmark datasets. However, when applied to
large-scale cloud systems, these solutions face limitations due to high
resource consumption and lack of adaptability to evolving logs. In this paper,
we present an accurate, lightweight, and adaptive log-based anomaly detection
framework, referred to as SeaLog. Our method introduces a Trie-based Detection
Agent (TDA) that employs a lightweight, dynamically-growing trie structure for
real-time anomaly detection. To enhance TDA's accuracy in response to evolving
log data, we enable it to receive feedback from experts. Interestingly, our
findings suggest that contemporary large language models, such as ChatGPT, can
provide feedback with a level of consistency comparable to human experts, which
can potentially reduce manual verification efforts. We extensively evaluate
SeaLog on two public datasets and an industrial dataset. The results show that
SeaLog outperforms all baseline methods in terms of effectiveness, runs 2X to
10X faster and only consumes 5% to 41% of the memory resource.
Related papers
- LogSD: Detecting Anomalies from System Logs through Self-supervised Learning and Frequency-based Masking [14.784236273395017]
We propose LogSD, a novel semi-supervised self-supervised learning approach.
We show that LogSD significantly outperforms eight state-of-the-art benchmark methods.
arXiv Detail & Related papers (2024-04-17T12:00:09Z) - PULL: Reactive Log Anomaly Detection Based On Iterative PU Learning [58.85063149619348]
We propose PULL, an iterative log analysis method for reactive anomaly detection based on estimated failure time windows.
Our evaluation shows that PULL consistently outperforms ten benchmark baselines across three different datasets.
arXiv Detail & Related papers (2023-01-25T16:34:43Z) - SKTR: Trace Recovery from Stochastically Known Logs [7.882975068446842]
Developments in machine learning together with the increasing usage of sensor data challenge the reliance on deterministic logs.
In this work we formulate the task of generating a deterministic log fromally known logs that is as faithful to reality as possible.
An effective trace recovery algorithm would be a powerful aid for maintaining credible process mining tools for uncertain settings.
arXiv Detail & Related papers (2022-06-25T15:29:20Z) - LogLAB: Attention-Based Labeling of Log Data Anomalies via Weak
Supervision [63.08516384181491]
We present LogLAB, a novel modeling approach for automated labeling of log messages without requiring manual work by experts.
Our method relies on estimated failure time windows provided by monitoring systems to produce precise labeled datasets in retrospect.
Our evaluation shows that LogLAB consistently outperforms nine benchmark approaches across three different datasets and maintains an F1-score of more than 0.98 even at large failure time windows.
arXiv Detail & Related papers (2021-11-02T15:16:08Z) - A2Log: Attentive Augmented Log Anomaly Detection [53.06341151551106]
Anomaly detection becomes increasingly important for the dependability and serviceability of IT services.
Existing unsupervised methods need anomaly examples to obtain a suitable decision boundary.
We develop A2Log, which is an unsupervised anomaly detection method consisting of two steps: Anomaly scoring and anomaly decision.
arXiv Detail & Related papers (2021-09-20T13:40:21Z) - Experience Report: Deep Learning-based System Log Analysis for Anomaly
Detection [30.52620190783608]
We provide a review and evaluation on five popular models used by six state-of-the-art anomaly detectors.
Four of the selected methods are unsupervised and the remaining two are supervised.
We believe our work can serve as a basis in this field and contribute to the future academic researches and industrial applications.
arXiv Detail & Related papers (2021-07-13T08:10:47Z) - Anomaly Detection Based on Selection and Weighting in Latent Space [73.01328671569759]
We propose a novel selection-and-weighting-based anomaly detection framework called SWAD.
Experiments on both benchmark and real-world datasets have shown the effectiveness and superiority of SWAD.
arXiv Detail & Related papers (2021-03-08T10:56:38Z) - Robust and Transferable Anomaly Detection in Log Data using Pre-Trained
Language Models [59.04636530383049]
Anomalies or failures in large computer systems, such as the cloud, have an impact on a large number of users.
We propose a framework for anomaly detection in log data, as a major troubleshooting source of system information.
arXiv Detail & Related papers (2021-02-23T09:17:05Z) - Self-Attentive Classification-Based Anomaly Detection in Unstructured
Logs [59.04636530383049]
We propose Logsy, a classification-based method to learn log representations.
We show an average improvement of 0.25 in the F1 score, compared to the previous methods.
arXiv Detail & Related papers (2020-08-21T07:26:55Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.