SemiSMAC: A semi-supervised framework for log anomaly detection with automated hyperparameter tuning

IF 4.3 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Information and Software Technology Pub Date : 2025-08-16 DOI:10.1016/j.infsof.2025.107869

Yicheng Sun , Jacky Wai Keung , Zhen Yang , Shuo Liu , Yihan Liao

{"title":"SemiSMAC: A semi-supervised framework for log anomaly detection with automated hyperparameter tuning","authors":"Yicheng Sun , Jacky Wai Keung , Zhen Yang , Shuo Liu , Yihan Liao","doi":"10.1016/j.infsof.2025.107869","DOIUrl":null,"url":null,"abstract":"<div><h3>Context:</h3><div>Logs generated during software operations are critical for system reliability and anomaly detection. However, their diversity, the scarcity of labeled data, and hyperparameter tuning challenges hinder traditional detection methods.</div></div><div><h3>Objective:</h3><div>This paper presents SemiSMAC, a novel semi-supervised framework that leverages the Large Language Model for log parsing and grouping, combined with Sequential Model-based Algorithm Configuration (SMAC) for hyperparameter optimization to enhance anomaly detection.</div></div><div><h3>Method:</h3><div>In this work, we leverage ChatGPT for log parsing and introduce a novel log grouping approach. This grouping process requires only a small number of labeled samples, which ChatGPT uses to generate pseudo-labels for the remaining data, thereby expanding the training set. Furthermore, SemiSMAC utilizes a Sequential Model-based Algorithm Configuration (SMAC) to automatically optimize the hyperparameters of the embedded models. This integration leads to consistent performance improvements, particularly in resource-constrained environments.</div></div><div><h3>Results:</h3><div>SemiSMAC-LSTM, which uses LSTM as the backbone of the SemiSMAC framework, demonstrates superior performance in experiments on four widely used datasets. It outperforms six benchmark models, including three supervised learning models. In low-resource scenarios, SemiSMAC-LSTM exhibits exceptional robustness, showcasing its effectiveness in handling challenging detection tasks.</div></div><div><h3>Conclusion:</h3><div>SemiSMAC demonstrates its potential to revolutionize anomaly detection in both large-scale and low-resource datasets. Its ability to deliver outstanding performance makes it a valuable tool for scalable and automated anomaly detection in real-world applications, paving the way for more reliable and scalable software engineering practices</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"187 ","pages":"Article 107869"},"PeriodicalIF":4.3000,"publicationDate":"2025-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information and Software Technology","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0950584925002083","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Context:

Logs generated during software operations are critical for system reliability and anomaly detection. However, their diversity, the scarcity of labeled data, and hyperparameter tuning challenges hinder traditional detection methods.

Objective:

This paper presents SemiSMAC, a novel semi-supervised framework that leverages the Large Language Model for log parsing and grouping, combined with Sequential Model-based Algorithm Configuration (SMAC) for hyperparameter optimization to enhance anomaly detection.

Method:

In this work, we leverage ChatGPT for log parsing and introduce a novel log grouping approach. This grouping process requires only a small number of labeled samples, which ChatGPT uses to generate pseudo-labels for the remaining data, thereby expanding the training set. Furthermore, SemiSMAC utilizes a Sequential Model-based Algorithm Configuration (SMAC) to automatically optimize the hyperparameters of the embedded models. This integration leads to consistent performance improvements, particularly in resource-constrained environments.

Results:

SemiSMAC-LSTM, which uses LSTM as the backbone of the SemiSMAC framework, demonstrates superior performance in experiments on four widely used datasets. It outperforms six benchmark models, including three supervised learning models. In low-resource scenarios, SemiSMAC-LSTM exhibits exceptional robustness, showcasing its effectiveness in handling challenging detection tasks.

Conclusion:

SemiSMAC demonstrates its potential to revolutionize anomaly detection in both large-scale and low-resource datasets. Its ability to deliver outstanding performance makes it a valuable tool for scalable and automated anomaly detection in real-world applications, paving the way for more reliable and scalable software engineering practices

查看原文本刊更多论文

一个半监督框架，用于自动超参数调优的日志异常检测

背景信息：软件运行过程中产生的日志对系统的可靠性和异常检测至关重要。然而，它们的多样性、标记数据的稀缺性和超参数调优挑战阻碍了传统的检测方法。目的：本文提出了一种新的半监督框架，利用大语言模型进行日志解析和分组，结合基于序列模型的算法配置（SMAC）进行超参数优化，以增强异常检测。方法：在这项工作中，我们利用ChatGPT进行日志解析，并引入了一种新的日志分组方法。这个分组过程只需要少量的标记样本，ChatGPT使用这些样本为剩余的数据生成伪标签，从而扩展训练集。此外，SemiSMAC利用基于序列模型的算法配置（SMAC）来自动优化嵌入模型的超参数。这种集成带来了一致的性能改进，特别是在资源受限的环境中。结果：以LSTM为骨架的SemiSMAC-LSTM在4个广泛使用的数据集上表现出了优异的性能。它优于6个基准模型，包括3个监督学习模型。在低资源情况下，semimac - lstm表现出出色的鲁棒性，在处理具有挑战性的检测任务时显示出其有效性。结论：SemiSMAC展示了其在大规模和低资源数据集中彻底改变异常检测的潜力。它提供卓越性能的能力使其成为在现实世界应用程序中可扩展和自动异常检测的有价值的工具，为更可靠和可扩展的软件工程实践铺平了道路

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Information and Software Technology 工程技术-计算机：软件工程

CiteScore

9.10

自引率

7.70%

发文量

164

审稿时长

9.6 weeks

期刊介绍： Information and Software Technology is the international archival journal focusing on research and experience that contributes to the improvement of software development practices. The journal''s scope includes methods and techniques to better engineer software and manage its development. Articles submitted for review should have a clear component of software engineering or address ways to improve the engineering and management of software development. Areas covered by the journal include: • Software management, quality and metrics, • Software processes, • Software architecture, modelling, specification, design and programming • Functional and non-functional software requirements • Software testing and verification & validation • Empirical studies of all aspects of engineering and managing software development Short Communications is a new section dedicated to short papers addressing new ideas, controversial opinions, "Negative" results and much more. Read the Guide for authors for more information. The journal encourages and welcomes submissions of systematic literature studies (reviews and maps) within the scope of the journal. Information and Software Technology is the premiere outlet for systematic literature studies in software engineering.