Unsupervised Cross-system Log Anomaly Detection via Domain Adaptation

Log anomaly detection, which focuses on detecting anomalous log records, becomes an active research problem because of its importance in developing stable and sustainable systems. Currently, many unsupervised log anomaly detection approaches are developed to address the challenge of limited anomalous samples. However, collecting enough data to train an unsupervised model is not practical when the system is newly deployed online. To tackle this challenge, we propose a transferable log anomaly detection (LogTAD) framework that leverages the adversarial domain adaptation technique to make log data from different systems have a similar distribution so that the detection model is able to detect anomalies from multiple systems. Experimental results show that LogTAD can achieve high accuracy on cross-system anomaly detection by using a small number of logs from the new system.

[1]  Anand Sivasubramaniam,et al.  Failure Prediction in IBM BlueGene/L Event Logs , 2007, Seventh IEEE International Conference on Data Mining (ICDM 2007).

[2]  Shenglin Zhang,et al.  LogAnomaly: Unsupervised Detection of Sequential and Quantitative Anomalies in Unstructured Logs , 2019, IJCAI.

[3]  Shilin He,et al.  Towards Automated Log Parsing for Large-Scale Log Data Analysis , 2018, IEEE Transactions on Dependable and Secure Computing.

[4]  Xintao Wu,et al.  LogBERT: Log Anomaly Detection via BERT , 2021, 2021 International Joint Conference on Neural Networks (IJCNN).

[5]  Alexander Binder,et al.  Deep One-Class Classification , 2018, ICML.

[6]  Xiang Wei,et al.  Detecting Anomaly in Big Data System Logs Using Convolutional Neural Network , 2018, 2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech).

[7]  Shenglin Zhang,et al.  LogTransfer: Cross-System Log Anomaly Detection for Software Systems with Transfer Learning , 2020, 2020 IEEE 31st International Symposium on Software Reliability Engineering (ISSRE).

[8]  Shilin He,et al.  Experience Report: System Log Analysis for Anomaly Detection , 2016, 2016 IEEE 27th International Symposium on Software Reliability Engineering (ISSRE).

[9]  William K. Robertson,et al.  Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks , 2013, ACSAC.

[10]  Zibin Zheng,et al.  Drain: An Online Log Parsing Approach with Fixed Depth Tree , 2017, 2017 IEEE International Conference on Web Services (ICWS).

[11]  Michael I. Jordan,et al.  Detecting large-scale system problems by mining console logs , 2009, SOSP '09.

[12]  Feifei Li,et al.  DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning , 2017, CCS.

[13]  Jian Li,et al.  An Evaluation Study on Log Parsing and Its Use in Log Mining , 2016, 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[14]  Jon Stearley,et al.  What Supercomputers Say: A Study of Five System Logs , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[15]  Risto Vaarandi,et al.  LogCluster - A data clustering and pattern mining algorithm for event logs , 2015, 2015 11th International Conference on Network and Service Management (CNSM).