TY - JOUR
T1 - LogETA
T2 - Time-aware cross-system log-based anomaly detection with inter-class boundary optimization
AU - Gong, Kun
AU - Luo, Senlin
AU - Pan, Limin
AU - Zhang, Linghao
AU - Zhang, Yifei
AU - Yu, Haomiao
N1 - Publisher Copyright:
© 2024 Elsevier B.V.
PY - 2024/8
Y1 - 2024/8
N2 - Log-based anomaly detection is of vital importance for maintaining the stability and security of software systems. Cross-system log-based anomaly detection methods are proposed to solve the problem of limited anomalous logs in newly deployed software systems, transferring knowledge from rich logs to the newly deployed system logs. However, previous methods have difficulty modeling implicit time interval information in log sequences, hindering the identification of anomalous logs with changing time intervals. Moreover, there is a lack of inter-class measurement when transferring knowledge, which fails to effectively align the same class distributions of the source and target domains, resulting in poor anomaly detection results. In this paper, we propose a novel cross-system log-based anomaly detection method called LogETA. First, time-aware self-attention is used to extract similar contextual information containing log semantic and temporal features. Second, the inter-class boundary optimization method is designed to expand the difference in sample distributions between classes while narrowing the domain discrepancy, optimizing the inter-class boundary to reduce misclassification. The experimental results show that LogETA achieves state-of-the-art results. LogETA adapts to cross-system time-related anomalies automatically and adjusts the classification boundary to fit the newly deployed system log distribution, demonstrating excellent adaptability on both source and target systems.
AB - Log-based anomaly detection is of vital importance for maintaining the stability and security of software systems. Cross-system log-based anomaly detection methods are proposed to solve the problem of limited anomalous logs in newly deployed software systems, transferring knowledge from rich logs to the newly deployed system logs. However, previous methods have difficulty modeling implicit time interval information in log sequences, hindering the identification of anomalous logs with changing time intervals. Moreover, there is a lack of inter-class measurement when transferring knowledge, which fails to effectively align the same class distributions of the source and target domains, resulting in poor anomaly detection results. In this paper, we propose a novel cross-system log-based anomaly detection method called LogETA. First, time-aware self-attention is used to extract similar contextual information containing log semantic and temporal features. Second, the inter-class boundary optimization method is designed to expand the difference in sample distributions between classes while narrowing the domain discrepancy, optimizing the inter-class boundary to reduce misclassification. The experimental results show that LogETA achieves state-of-the-art results. LogETA adapts to cross-system time-related anomalies automatically and adjusts the classification boundary to fit the newly deployed system log distribution, demonstrating excellent adaptability on both source and target systems.
KW - Anomaly detection
KW - Cold-start system
KW - Deep learning
KW - Log analysis
KW - Time interval encoding
KW - Transfer learning
UR - http://www.scopus.com/inward/record.url?scp=85188599331&partnerID=8YFLogxK
U2 - 10.1016/j.future.2024.03.028
DO - 10.1016/j.future.2024.03.028
M3 - Article
AN - SCOPUS:85188599331
SN - 0167-739X
VL - 157
SP - 16
EP - 28
JO - Future Generation Computer Systems
JF - Future Generation Computer Systems
ER -