{"title":"基于Informer的在线日志异常检测模型研究","authors":"Yimin Guo, Yiling Sun, Ping Xiong","doi":"10.1002/cpe.70300","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>To address the limitations of conventional reactive log anomaly detection in high-availability systems, this paper presents OADS—an online anomaly detection system that synergizes time-series prediction with real-time detection. The system features LSP-Informer, a multivariate log sequence predictor built upon Informer architecture and enhanced by a novel weighted combination loss (WCL) that simultaneously optimizes both prediction accuracy and semantic consistency. Furthermore, OADS implements a unique prediction-detection cascade by integrating LSP-Informer with a Temporal Convolutional Network + Attention (TCNA)-based Log Anomaly Detection Model (LADM), enabling proactive anomaly forecasting 5–10 steps ahead. Experimental results on HDFS logs demonstrate exceptional performance: The TCNA-based LADM achieves an F1-score of 0.9860, while LSP-Informer maintains a 0.9801 F1-score for 5-step-ahead prediction. The complete OADS system successfully predicts potential anomalies in advance, maintaining a robust 0.73+ Jaccard index under heavy masking conditions while preserving interpretability in real-world deployments.</p>\n </div>","PeriodicalId":55214,"journal":{"name":"Concurrency and Computation-Practice & Experience","volume":"37 25-26","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2025-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Research on Online Log Anomaly Detection Model Based on Informer\",\"authors\":\"Yimin Guo, Yiling Sun, Ping Xiong\",\"doi\":\"10.1002/cpe.70300\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div>\\n \\n <p>To address the limitations of conventional reactive log anomaly detection in high-availability systems, this paper presents OADS—an online anomaly detection system that synergizes time-series prediction with real-time detection. The system features LSP-Informer, a multivariate log sequence predictor built upon Informer architecture and enhanced by a novel weighted combination loss (WCL) that simultaneously optimizes both prediction accuracy and semantic consistency. Furthermore, OADS implements a unique prediction-detection cascade by integrating LSP-Informer with a Temporal Convolutional Network + Attention (TCNA)-based Log Anomaly Detection Model (LADM), enabling proactive anomaly forecasting 5–10 steps ahead. Experimental results on HDFS logs demonstrate exceptional performance: The TCNA-based LADM achieves an F1-score of 0.9860, while LSP-Informer maintains a 0.9801 F1-score for 5-step-ahead prediction. The complete OADS system successfully predicts potential anomalies in advance, maintaining a robust 0.73+ Jaccard index under heavy masking conditions while preserving interpretability in real-world deployments.</p>\\n </div>\",\"PeriodicalId\":55214,\"journal\":{\"name\":\"Concurrency and Computation-Practice & Experience\",\"volume\":\"37 25-26\",\"pages\":\"\"},\"PeriodicalIF\":1.5000,\"publicationDate\":\"2025-09-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Concurrency and Computation-Practice & Experience\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1002/cpe.70300\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Concurrency and Computation-Practice & Experience","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/cpe.70300","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
Research on Online Log Anomaly Detection Model Based on Informer
To address the limitations of conventional reactive log anomaly detection in high-availability systems, this paper presents OADS—an online anomaly detection system that synergizes time-series prediction with real-time detection. The system features LSP-Informer, a multivariate log sequence predictor built upon Informer architecture and enhanced by a novel weighted combination loss (WCL) that simultaneously optimizes both prediction accuracy and semantic consistency. Furthermore, OADS implements a unique prediction-detection cascade by integrating LSP-Informer with a Temporal Convolutional Network + Attention (TCNA)-based Log Anomaly Detection Model (LADM), enabling proactive anomaly forecasting 5–10 steps ahead. Experimental results on HDFS logs demonstrate exceptional performance: The TCNA-based LADM achieves an F1-score of 0.9860, while LSP-Informer maintains a 0.9801 F1-score for 5-step-ahead prediction. The complete OADS system successfully predicts potential anomalies in advance, maintaining a robust 0.73+ Jaccard index under heavy masking conditions while preserving interpretability in real-world deployments.
期刊介绍:
Concurrency and Computation: Practice and Experience (CCPE) publishes high-quality, original research papers, and authoritative research review papers, in the overlapping fields of:
Parallel and distributed computing;
High-performance computing;
Computational and data science;
Artificial intelligence and machine learning;
Big data applications, algorithms, and systems;
Network science;
Ontologies and semantics;
Security and privacy;
Cloud/edge/fog computing;
Green computing; and
Quantum computing.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
