Robust log anomaly detection based on contrastive learning and multi-scale MASS

System logs are an important data source for performance monitoring and anomaly detection. Analyzing logs for anomaly detection can improve service quality. At present, although machine learning algorithms for anomaly detection can achieve high accuracy, they lack robustness. The detection model can...

Full description

Saved in:
Bibliographic Details
Published in:The Journal of supercomputing Vol. 78; no. 16; pp. 17491 - 17512
Main Authors: Wang, Xuejie, Cao, Qilei, Wang, Qiaozheng, Cao, Zhiying, Zhang, Xiuguo, Wang, Peipeng
Format: Journal Article
Language:English
Published: New York Springer US 01.11.2022
Springer Nature B.V
Subjects:
Accuracy
Algorithms
Anomalies
Compilers
Computer Science
Feature extraction
Interpreters
Machine learning
Processor Architectures
Programming Languages
Robustness
Natural language processing
Log parsing
Anomaly detection
Multi-scale masked sequence to sequence
Contrastive learning
ISSN:0920-8542, 1573-0484
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:System logs are an important data source for performance monitoring and anomaly detection. Analyzing logs for anomaly detection can improve service quality. At present, although machine learning algorithms for anomaly detection can achieve high accuracy, they lack robustness. The detection model cannot dynamically adapt to changes of logs when system logs contain noises owing to the casualness of the operators or log templates update. In face of this challenge, the paper proposes a robust log anomaly detection method based on contrastive learning and multi-scale Masked Sequence to Sequence (MASS). First, a log feature extraction model integrating the BERT model with contrastive learning is proposed. It can extract effective features by pulling two related normal logs together and pushing apart normal and abnormal logs to ensure that the semantic similarity between normal and abnormal log templates is lower than that between normal log templates, effectively remove abnormal log templates and distinguish log categories to which normal log templates and normal noise log templates belong rather than rudely treating the noise log templates as anomalies, which enhances the robustness of anomaly detection. Then, a multi-scale Masked Sequence to Sequence (MSMASS) model is proposed, the Attention mechanism of the MASS model is replaced with multi-scale Attention to fully learn the context information of different scales of the log sequence, which improves the accuracy of anomaly detection. Contrast experiments are conducted with four baseline methods on common datasets, and the results show that the method proposed in this paper is superior to most existing log-based anomaly detection methods in terms of accuracy and robustness.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0920-8542
1573-0484
DOI:10.1007/s11227-022-04508-1