Zobraziť v EDS

ALogSCAN: A Self-Supervised Dual Network for Adaptive and Timely Log Anomaly Detection in Clouds

Uložené v:
Podrobná bibliografia
Názov: ALogSCAN: A Self-Supervised Dual Network for Adaptive and Timely Log Anomaly Detection in Clouds
Autori: Raeiszadeh, Mahsa, Estrada-Solano, Felipe, Glitho, Roch, Eker, Johan, Mini, Raquel
Prispievatelia: Lund University, Faculty of Engineering, LTH, Departments at LTH, Department of Automatic Control, Lunds universitet, Lunds Tekniska Högskola, Institutioner vid LTH, Institutionen för reglerteknik, Originator, Lund University, Profile areas and other strong research environments, Strategic research areas (SRA), ELLIIT: the Linköping-Lund initiative on IT and mobile communication, Lunds universitet, Profilområden och andra starka forskningsmiljöer, Strategiska forskningsområden (SFO), ELLIIT: the Linköping-Lund initiative on IT and mobile communication, Originator, Lund University, Faculty of Engineering, LTH, LTH Profile areas, LTH Profile Area: AI and Digitalization, Lunds universitet, Lunds Tekniska Högskola, LTH profilområden, LTH profilområde: AI och digitalisering, Originator, Lund University, Profile areas and other strong research environments, Lund University Profile areas, LU Profile Area: Natural and Artificial Cognition, Lunds universitet, Profilområden och andra starka forskningsmiljöer, Lunds universitets profilområden, LU profilområde: Naturlig och artificiell kognition, Originator
Zdroj: IEEE Transactions on Cognitive Communications and Networking.
Predmety: Engineering and Technology, Electrical Engineering, Electronic Engineering, Information Engineering, Control Engineering, Teknik, Elektroteknik och elektronik, Reglerteknik
Popis: Logs are prevalent in modern cloud systems and serve as a valuable source of information for system maintenance. Over the years, many supervised, semi-supervised, and unsupervised log analysis methods have been proposed to detect system anomalies. In particular, semi-supervised methods have garnered increasing attention as they balance reduced labeled data requirements and optimal detection performance, contrasting with their supervised and unsupervised counterparts. However, existing semi-supervised log analysis methods often suffer from practical challenges, such as log instability, imbalanced class data, and labeling dependency, which are pervasive issues in real-world systems. To address these challenges, we propose ALogSCAN, a self-supervised method to detect anomalies at the host level of cloud systems. ALogSCAN introduces the Dynamic Frequency-based Log Filtering (DFLF) technique to mitigate the potential bias introduced by highly frequent log messages, thereby focusing more on infrequent yet critical log messages. Moreover, the self-supervised nature of ALogSCAN eliminates the need for time-consuming manual labeling of log data, and enables the DFLF technique to continuously adapt to evolving log sequences, maintaining robustness against unstable log data. We have evaluated ALogSCAN on two widely used public datasets and one private dataset from Ericsson Research, and the experimental results demonstrate its effectiveness, consistently outperforming existing methods in various scenarios.
Prístupová URL adresa: https://doi.org/10.1109/TMLCN.2025.3594653
Databáza: SwePub
Popis
Abstrakt:Logs are prevalent in modern cloud systems and serve as a valuable source of information for system maintenance. Over the years, many supervised, semi-supervised, and unsupervised log analysis methods have been proposed to detect system anomalies. In particular, semi-supervised methods have garnered increasing attention as they balance reduced labeled data requirements and optimal detection performance, contrasting with their supervised and unsupervised counterparts. However, existing semi-supervised log analysis methods often suffer from practical challenges, such as log instability, imbalanced class data, and labeling dependency, which are pervasive issues in real-world systems. To address these challenges, we propose ALogSCAN, a self-supervised method to detect anomalies at the host level of cloud systems. ALogSCAN introduces the Dynamic Frequency-based Log Filtering (DFLF) technique to mitigate the potential bias introduced by highly frequent log messages, thereby focusing more on infrequent yet critical log messages. Moreover, the self-supervised nature of ALogSCAN eliminates the need for time-consuming manual labeling of log data, and enables the DFLF technique to continuously adapt to evolving log sequences, maintaining robustness against unstable log data. We have evaluated ALogSCAN on two widely used public datasets and one private dataset from Ericsson Research, and the experimental results demonstrate its effectiveness, consistently outperforming existing methods in various scenarios.
ISSN:23327731
DOI:10.1109/TMLCN.2025.3594653