From Few-Label to Zero-Label: An Approach for Cross-System Log-Based Anomaly Detection with Meta-Learning

• URL: http://arxiv.org/abs/2507.19806v1
• Date: Sat, 26 Jul 2025 05:38:51 GMT
• Title: From Few-Label to Zero-Label: An Approach for Cross-System Log-Based Anomaly Detection with Meta-Learning
• Authors: Xinlong Zhao, Tong Jia, Minghua He, Yihan Wu, Ying Li, Gang Huang,
• Abstract summary: Cross-system transfer has been identified as a key research direction.<n>We propose FreeLog, a system-agnostic representation meta-learning method that eliminates the need for labeled target system logs.<n>FreeLog achieves performance comparable to state-of-the-art methods that rely on a small amount of labeled data from the target system.
• Score: 14.506853344375342
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Log anomaly detection plays a critical role in ensuring the stability and reliability of software systems. However, existing approaches rely on large amounts of labeled log data, which poses significant challenges in real-world applications. To address this issue, cross-system transfer has been identified as a key research direction. State-of-the-art cross-system approaches achieve promising performance with only a few labels from the target system. However, their reliance on labeled target logs makes them susceptible to the cold-start problem when labeled logs are insufficient. To overcome this limitation, we explore a novel yet underexplored setting: zero-label cross-system log anomaly detection, where the target system logs are entirely unlabeled. To this end, we propose FreeLog, a system-agnostic representation meta-learning method that eliminates the need for labeled target system logs, enabling cross-system log anomaly detection under zero-label conditions. Experimental results on three public log datasets demonstrate that FreeLog achieves performance comparable to state-of-the-art methods that rely on a small amount of labeled data from the target system.

Related papers

• Generality Is Not Enough: Zero-Label Cross-System Log-Based Anomaly Detection via Knowledge-Level Collaboration [10.873294740040912]
  GeneralLog is a novel collaborative method for zero-label cross-system log anomaly detection.<n>GeneralLog achieves over 90% F1-score under a fully zero-label setting, significantly outperforming existing methods.
  arXiv  Detail & Related papers  (2025-11-08T06:47:28Z)
• FusionLog: Cross-System Log-based Anomaly Detection via Fusion of General and Proprietary Knowledge [10.135000927533385]
  FusionLog is a novel zero-label cross-system log-based anomaly detection method.<n>It achieves the fusion of general and proprietary knowledge, enabling cross-system generalization without labeled target logs.<n>Experiments show that FusionLog achieves over 90% F1-score under a fully zero-label setting.
  arXiv  Detail & Related papers  (2025-11-08T06:30:50Z)
• ZeroLog: Zero-Label Generalizable Cross-System Log-based Anomaly Detection [13.441063641941037]
  ZeroLog is a system-agnostic representation meta-learning method that enables cross-system log-based anomaly detection under zero-label conditions.<n>We show that ZeroLog reaches over 80% F1-score without labels, comparable to state-of-the-art cross-system methods trained with labeled logs, and outperforms existing methods under zero-label conditions.
  arXiv  Detail & Related papers  (2025-11-08T05:30:02Z)
• LogAction: Consistent Cross-system Anomaly Detection through Logs via Active Domain Adaptation [20.437756988997418]
  We propose LogAction, a novel log-based anomaly detection model based on active domain adaptation.<n>On one hand, it uses labeled data from a mature system to train a base model, mitigating the cold-start issue in active learning.<n>On the other hand, LogAction utilize free energy-based sampling and uncertainty-based sampling to select logs located at the distribution boundaries for manual labeling.
  arXiv  Detail & Related papers  (2025-09-29T07:09:19Z)
• Cross-System Software Log-based Anomaly Detection Using Meta-Learning [17.39262430769509]
  AIOps tools have been developed to automate the process of log-based anomaly detection for software systems.<n>Three practical challenges are widely recognized in this field: high data labeling costs, evolving logs in dynamic systems, and adaptability across different systems.<n>We propose CroSysLog, an AIOps tool for log-event level anomaly detection, specifically designed in response to these challenges.
  arXiv  Detail & Related papers  (2024-12-19T22:55:45Z)
• GLAD: Content-aware Dynamic Graphs For Log Anomaly Detection [49.9884374409624]
  GLAD is a Graph-based Log Anomaly Detection framework designed to detect anomalies in system logs. We introduce GLAD, a Graph-based Log Anomaly Detection framework designed to detect anomalies in system logs.
  arXiv  Detail & Related papers  (2023-09-12T04:21:30Z)
• AutoLog: A Log Sequence Synthesis Framework for Anomaly Detection [34.91789047641838]
  AutoLog is the first automated log generation methodology for anomaly detection. It generates run-time log sequences without actually running the system. It propagates the anomaly label to each acquired execution path based on human knowledge.
  arXiv  Detail & Related papers  (2023-08-18T05:56:18Z)
• Interactive System-wise Anomaly Detection [66.3766756452743]
  Anomaly detection plays a fundamental role in various applications. It is challenging for existing methods to handle the scenarios where the instances are systems whose characteristics are not readily observed as data. We develop an end-to-end approach which includes an encoder-decoder module that learns system embeddings.
  arXiv  Detail & Related papers  (2023-04-21T02:20:24Z)
• PULL: Reactive Log Anomaly Detection Based On Iterative PU Learning [58.85063149619348]
  We propose PULL, an iterative log analysis method for reactive anomaly detection based on estimated failure time windows. Our evaluation shows that PULL consistently outperforms ten benchmark baselines across three different datasets.
  arXiv  Detail & Related papers  (2023-01-25T16:34:43Z)
• LogGD:Detecting Anomalies from System Logs by Graph Neural Networks [14.813971618949068]
  We propose a novel graph-based log anomaly detection method, LogGD, to effectively address the issue. We exploit the powerful capability of Graph Transformer Neural Network, which combines graph structure and node semantics for log-based anomaly detection.
  arXiv  Detail & Related papers  (2022-09-16T11:51:58Z)
• Failure Identification from Unstable Log Data using Deep Learning [0.27998963147546146]
  We present CLog as a method for failure identification. By representing the log data as sequences of subprocesses instead of sequences of log events, the effect of the unstable log data is reduced. Our experimental results demonstrate that the learned subprocesses representations reduce the instability in the input.
  arXiv  Detail & Related papers  (2022-04-06T07:41:48Z)
• LogLAB: Attention-Based Labeling of Log Data Anomalies via Weak Supervision [63.08516384181491]
  We present LogLAB, a novel modeling approach for automated labeling of log messages without requiring manual work by experts. Our method relies on estimated failure time windows provided by monitoring systems to produce precise labeled datasets in retrospect. Our evaluation shows that LogLAB consistently outperforms nine benchmark approaches across three different datasets and maintains an F1-score of more than 0.98 even at large failure time windows.
  arXiv  Detail & Related papers  (2021-11-02T15:16:08Z)
• Log-based Anomaly Detection Without Log Parsing [7.66638994053231]
  We propose NeuralLog, a novel log-based anomaly detection approach that does not require log parsing. Our experimental results show that the proposed approach can effectively understand the semantic meaning of log messages. Overall, NeuralLog achieves F1-scores greater than 0.95 on four public datasets, outperforming the existing approaches.
  arXiv  Detail & Related papers  (2021-08-04T10:42:13Z)
• Robust and Transferable Anomaly Detection in Log Data using Pre-Trained Language Models [59.04636530383049]
  Anomalies or failures in large computer systems, such as the cloud, have an impact on a large number of users. We propose a framework for anomaly detection in log data, as a major troubleshooting source of system information.
  arXiv  Detail & Related papers  (2021-02-23T09:17:05Z)
• Self-Attentive Classification-Based Anomaly Detection in Unstructured Logs [59.04636530383049]
  We propose Logsy, a classification-based method to learn log representations. We show an average improvement of 0.25 in the F1 score, compared to the previous methods.
  arXiv  Detail & Related papers  (2020-08-21T07:26:55Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.