SemiSMAC: A semi-supervised framework for log anomaly detection with automated hyperparameter tuning

Logs generated during software operations are critical for system reliability and anomaly detection. However, their diversity, the scarcity of labeled data, and hyperparameter tuning challenges hinder traditional detection methods. This paper presents SemiSMAC, a novel semi-supervised framework that...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Information and software technology Jg. 187; S. 107869
Hauptverfasser: Sun, Yicheng, Keung, Jacky Wai, Yang, Zhen, Liu, Shuo, Liao, Yihan
Format: Journal Article
Sprache:Englisch
Veröffentlicht: Elsevier B.V 01.11.2025
Schlagworte:
Anomaly detection
Hyperparameter optimization
Semi-supervised learning
Sequential algorithm configuration
Software log analysis
Software reliability
Sequential algorithm configuration
Software log analysis
Hyperparameter optimization
Software reliability
Semi-supervised learning
Anomaly detection
ISSN:0950-5849
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Logs generated during software operations are critical for system reliability and anomaly detection. However, their diversity, the scarcity of labeled data, and hyperparameter tuning challenges hinder traditional detection methods. This paper presents SemiSMAC, a novel semi-supervised framework that leverages the Large Language Model for log parsing and grouping, combined with Sequential Model-based Algorithm Configuration (SMAC) for hyperparameter optimization to enhance anomaly detection. In this work, we leverage ChatGPT for log parsing and introduce a novel log grouping approach. This grouping process requires only a small number of labeled samples, which ChatGPT uses to generate pseudo-labels for the remaining data, thereby expanding the training set. Furthermore, SemiSMAC utilizes a Sequential Model-based Algorithm Configuration (SMAC) to automatically optimize the hyperparameters of the embedded models. This integration leads to consistent performance improvements, particularly in resource-constrained environments. SemiSMAC-LSTM, which uses LSTM as the backbone of the SemiSMAC framework, demonstrates superior performance in experiments on four widely used datasets. It outperforms six benchmark models, including three supervised learning models. In low-resource scenarios, SemiSMAC-LSTM exhibits exceptional robustness, showcasing its effectiveness in handling challenging detection tasks. SemiSMAC demonstrates its potential to revolutionize anomaly detection in both large-scale and low-resource datasets. Its ability to deliver outstanding performance makes it a valuable tool for scalable and automated anomaly detection in real-world applications, paving the way for more reliable and scalable software engineering practices
ISSN:0950-5849
DOI:10.1016/j.infsof.2025.107869