Anomaly Detection in Unstructured Logs Using Attention-based Bi-LSTM Network

2021 7th IEEE International Conference on Network Intelligence and Digital Content (IC-NIDC) Pub Date : 2021-11-17 DOI:10.1109/IC-NIDC54101.2021.9660476

Dongqing Yu, Xia Hou, Ce Li, Qiujian Lv, Yan Wang, Ning Li

{"title":"Anomaly Detection in Unstructured Logs Using Attention-based Bi-LSTM Network","authors":"Dongqing Yu, Xia Hou, Ce Li, Qiujian Lv, Yan Wang, Ning Li","doi":"10.1109/IC-NIDC54101.2021.9660476","DOIUrl":null,"url":null,"abstract":"System logs record valuable information about the runtime status of IT systems. Therefore, system logs are a naturally excellent source of information for anomaly detection. Most of the existing studies on log-based anomaly detection construct a detection model to identify anomalous logs. Generally, the model treats historical logs as natural language sequences and learns the normal patterns from normal log sequences, and detects deviations from normal patterns as anomalies. However, the majority of existing methods focus on sequential and quantitative information and ignore semantic information hidden in log sequence so that they are inefficient in anomaly detection. In this paper, we propose a novel framework for automatically detecting log anomalies by utilizing an attention-based Bi-LSTM model. To demonstrate the effectiveness of our proposed model, we evaluate the performance on a public production log dataset. Extensive experimental results show that the proposed approach outperforms all comparison methods for anomaly detection.","PeriodicalId":264468,"journal":{"name":"2021 7th IEEE International Conference on Network Intelligence and Digital Content (IC-NIDC)","volume":"60 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 7th IEEE International Conference on Network Intelligence and Digital Content (IC-NIDC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IC-NIDC54101.2021.9660476","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

System logs record valuable information about the runtime status of IT systems. Therefore, system logs are a naturally excellent source of information for anomaly detection. Most of the existing studies on log-based anomaly detection construct a detection model to identify anomalous logs. Generally, the model treats historical logs as natural language sequences and learns the normal patterns from normal log sequences, and detects deviations from normal patterns as anomalies. However, the majority of existing methods focus on sequential and quantitative information and ignore semantic information hidden in log sequence so that they are inefficient in anomaly detection. In this paper, we propose a novel framework for automatically detecting log anomalies by utilizing an attention-based Bi-LSTM model. To demonstrate the effectiveness of our proposed model, we evaluate the performance on a public production log dataset. Extensive experimental results show that the proposed approach outperforms all comparison methods for anomaly detection.

查看原文本刊更多论文

基于注意力的Bi-LSTM网络非结构化日志异常检测

系统日志记录了IT系统运行状态的重要信息。因此，系统日志自然是异常检测的极佳信息源。现有的基于日志的异常检测研究大多是构建一个检测模型来识别异常日志。通常，该模型将历史日志视为自然语言序列，并从正常日志序列中学习正常模式，将偏离正常模式的情况检测为异常。然而，现有的方法大多侧重于序列信息和定量信息，忽略了日志序列中隐藏的语义信息，导致异常检测效率低下。在本文中，我们提出了一个利用基于注意力的Bi-LSTM模型自动检测日志异常的新框架。为了证明我们提出的模型的有效性，我们在一个公共生产日志数据集上评估了性能。大量的实验结果表明，该方法优于所有的异常检测比较方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 7th IEEE International Conference on Network Intelligence and Digital Content (IC-NIDC)

自引率

0.00%

发文量