Research on Online Log Anomaly Detection Model Based on Informer

IF 1.5 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Concurrency and Computation-Practice & Experience Pub Date : 2025-09-28 DOI:10.1002/cpe.70300

Yimin Guo, Yiling Sun, Ping Xiong

{"title":"Research on Online Log Anomaly Detection Model Based on Informer","authors":"Yimin Guo, Yiling Sun, Ping Xiong","doi":"10.1002/cpe.70300","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>To address the limitations of conventional reactive log anomaly detection in high-availability systems, this paper presents OADS—an online anomaly detection system that synergizes time-series prediction with real-time detection. The system features LSP-Informer, a multivariate log sequence predictor built upon Informer architecture and enhanced by a novel weighted combination loss (WCL) that simultaneously optimizes both prediction accuracy and semantic consistency. Furthermore, OADS implements a unique prediction-detection cascade by integrating LSP-Informer with a Temporal Convolutional Network + Attention (TCNA)-based Log Anomaly Detection Model (LADM), enabling proactive anomaly forecasting 5–10 steps ahead. Experimental results on HDFS logs demonstrate exceptional performance: The TCNA-based LADM achieves an F1-score of 0.9860, while LSP-Informer maintains a 0.9801 F1-score for 5-step-ahead prediction. The complete OADS system successfully predicts potential anomalies in advance, maintaining a robust 0.73+ Jaccard index under heavy masking conditions while preserving interpretability in real-world deployments.</p>\n </div>","PeriodicalId":55214,"journal":{"name":"Concurrency and Computation-Practice & Experience","volume":"37 25-26","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2025-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Concurrency and Computation-Practice & Experience","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/cpe.70300","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

To address the limitations of conventional reactive log anomaly detection in high-availability systems, this paper presents OADS—an online anomaly detection system that synergizes time-series prediction with real-time detection. The system features LSP-Informer, a multivariate log sequence predictor built upon Informer architecture and enhanced by a novel weighted combination loss (WCL) that simultaneously optimizes both prediction accuracy and semantic consistency. Furthermore, OADS implements a unique prediction-detection cascade by integrating LSP-Informer with a Temporal Convolutional Network + Attention (TCNA)-based Log Anomaly Detection Model (LADM), enabling proactive anomaly forecasting 5–10 steps ahead. Experimental results on HDFS logs demonstrate exceptional performance: The TCNA-based LADM achieves an F1-score of 0.9860, while LSP-Informer maintains a 0.9801 F1-score for 5-step-ahead prediction. The complete OADS system successfully predicts potential anomalies in advance, maintaining a robust 0.73+ Jaccard index under heavy masking conditions while preserving interpretability in real-world deployments.

Abstract Image

查看原文本刊更多论文

基于Informer的在线日志异常检测模型研究

为了解决传统的响应式日志异常检测在高可用性系统中的局限性，本文提出了一种将时间序列预测与实时检测相结合的在线异常检测系统oads。该系统的特点是LSP-Informer，一个基于Informer架构的多元对数序列预测器，并通过一种新的加权组合损失（WCL）来增强，同时优化了预测精度和语义一致性。此外，OADS通过将LSP-Informer与基于时间卷积网络+注意力（TCNA）的日志异常检测模型（LADM）集成，实现了独特的预测检测级联，能够提前5-10步进行主动异常预测。在HDFS日志上的实验结果显示了卓越的性能：基于tcna的LADM达到了0.9860的f1分数，而LSP-Informer在5步预测中保持了0.9801的f1分数。整个OADS系统成功地提前预测了潜在的异常，在严重掩蔽条件下保持了0.73+ Jaccard指数，同时在实际部署中保持了可解释性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Concurrency and Computation-Practice & Experience 工程技术-计算机：理论方法

CiteScore

5.00

自引率

10.00%

发文量

664

审稿时长

9.6 months

期刊介绍： Concurrency and Computation: Practice and Experience (CCPE) publishes high-quality, original research papers, and authoritative research review papers, in the overlapping fields of: Parallel and distributed computing; High-performance computing; Computational and data science; Artificial intelligence and machine learning; Big data applications, algorithms, and systems; Network science; Ontologies and semantics; Security and privacy; Cloud/edge/fog computing; Green computing; and Quantum computing.