Experience Report: System Log Analysis for Anomaly Detection
Anomaly detection plays an important role in management of modern large-scale distributed systems. Logs, which record system runtime information, are widely used for anomaly detection. Traditionally, developers (or operators) often inspect the logs manually with keyword search and rule matching. The...
Uloženo v:
| Vydáno v: | Proceedings - International Symposium on Software Reliability Engineering s. 207 - 218 |
|---|---|
| Hlavní autoři: | , , , |
| Médium: | Konferenční příspěvek |
| Jazyk: | angličtina |
| Vydáno: |
IEEE
01.10.2016
|
| Témata: | |
| ISSN: | 2332-6549 |
| On-line přístup: | Získat plný text |
| Tagy: |
Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
| Abstract | Anomaly detection plays an important role in management of modern large-scale distributed systems. Logs, which record system runtime information, are widely used for anomaly detection. Traditionally, developers (or operators) often inspect the logs manually with keyword search and rule matching. The increasing scale and complexity of modern systems, however, make the volume of logs explode, which renders the infeasibility of manual inspection. To reduce manual effort, many anomaly detection methods based on automated log analysis are proposed. However, developers may still have no idea which anomaly detection methods they should adopt, because there is a lack of a review and comparison among these anomaly detection methods. Moreover, even if developers decide to employ an anomaly detection method, re-implementation requires a nontrivial effort. To address these problems, we provide a detailed review and evaluation of six state-of-the-art log-based anomaly detection methods, including three supervised methods and three unsupervised methods, and also release an open-source toolkit allowing ease of reuse. These methods have been evaluated on two publicly-available production log datasets, with a total of 15,923,592 log messages and 365,298 anomaly instances. We believe that our work, with the evaluation results as well as the corresponding findings, can provide guidelines for adoption of these methods and provide references for future development. |
|---|---|
| AbstractList | Anomaly detection plays an important role in management of modern large-scale distributed systems. Logs, which record system runtime information, are widely used for anomaly detection. Traditionally, developers (or operators) often inspect the logs manually with keyword search and rule matching. The increasing scale and complexity of modern systems, however, make the volume of logs explode, which renders the infeasibility of manual inspection. To reduce manual effort, many anomaly detection methods based on automated log analysis are proposed. However, developers may still have no idea which anomaly detection methods they should adopt, because there is a lack of a review and comparison among these anomaly detection methods. Moreover, even if developers decide to employ an anomaly detection method, re-implementation requires a nontrivial effort. To address these problems, we provide a detailed review and evaluation of six state-of-the-art log-based anomaly detection methods, including three supervised methods and three unsupervised methods, and also release an open-source toolkit allowing ease of reuse. These methods have been evaluated on two publicly-available production log datasets, with a total of 15,923,592 log messages and 365,298 anomaly instances. We believe that our work, with the evaluation results as well as the corresponding findings, can provide guidelines for adoption of these methods and provide references for future development. |
| Author | Pinjia He Jieming Zhu Lyu, Michael R. Shilin He |
| Author_xml | – sequence: 1 surname: Shilin He fullname: Shilin He email: slhe@cse.cuhk.edu.hk organization: Dept. of Comput. Sci. & Eng., Chinese Univ. of Hong Kong, Hong Kong, China – sequence: 2 surname: Jieming Zhu fullname: Jieming Zhu email: jmzhu@cse.cuhk.edu.hk organization: Dept. of Comput. Sci. & Eng., Chinese Univ. of Hong Kong, Hong Kong, China – sequence: 3 surname: Pinjia He fullname: Pinjia He email: pjhe@cse.cuhk.edu.hk organization: Dept. of Comput. Sci. & Eng., Chinese Univ. of Hong Kong, Hong Kong, China – sequence: 4 givenname: Michael R. surname: Lyu fullname: Lyu, Michael R. email: lyu@cse.cuhk.edu.hk organization: Dept. of Comput. Sci. & Eng., Chinese Univ. of Hong Kong, Hong Kong, China |
| BookMark | eNotjE9LwzAcQKMouE6PnrzkC7Tml7-NeBlz6qAgrAreRpb9KpG1KU0P9ttb0NPjvcPLyEUXOyTkFlgBwOz9tq53m4Iz0AWHM5KB1EZYxvjnOVlwIXiulbRXJEvpe65MAl-Qx81Pj0PAziPdYR-H8YHWUxqxpVX8oqvOnaYUEm3iMEtsZ6VPOKIfQ-yuyWXjTglv_rkkH8-b9_VrXr29bNerKg9g1Jh7qRVyaVEbr43TvkSmvS5LeywPByeNPXpjHHfABTO2VIo3UkuN3jNnLYglufv7BkTc90No3TDtjTFScRC_uCJHvQ |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/ISSRE.2016.21 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 146739002X 9781467390026 |
| EISSN | 2332-6549 |
| EndPage | 218 |
| ExternalDocumentID | 7774521 |
| Genre | orig-research |
| GroupedDBID | 23M 29G 29N 29O 6IE 6IF 6IH 6IK 6IL 6IN AAJGR AAWTH ABLEC ACGFS ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IEGSK IPLJI M43 OCL RIE RIL RNS |
| ID | FETCH-LOGICAL-i175t-c465e249e67c67a6c8e06c6889d8bba479dc77a2a1230798552f4646ecc0a9913 |
| IEDL.DBID | RIE |
| ISICitedReferencesCount | 367 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000391437700020&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| IngestDate | Wed Aug 27 01:53:14 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i175t-c465e249e67c67a6c8e06c6889d8bba479dc77a2a1230798552f4646ecc0a9913 |
| PageCount | 12 |
| ParticipantIDs | ieee_primary_7774521 |
| PublicationCentury | 2000 |
| PublicationDate | 2016-Oct. |
| PublicationDateYYYYMMDD | 2016-10-01 |
| PublicationDate_xml | – month: 10 year: 2016 text: 2016-Oct. |
| PublicationDecade | 2010 |
| PublicationTitle | Proceedings - International Symposium on Software Reliability Engineering |
| PublicationTitleAbbrev | ISSRE |
| PublicationYear | 2016 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0020412 |
| Score | 2.515953 |
| Snippet | Anomaly detection plays an important role in management of modern large-scale distributed systems. Logs, which record system runtime information, are widely... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 207 |
| SubjectTerms | Feature extraction Industries Inspection Large-scale systems Manuals Open source software Runtime |
| Title | Experience Report: System Log Analysis for Anomaly Detection |
| URI | https://ieeexplore.ieee.org/document/7774521 |
| WOSCitedRecordID | wos000391437700020&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV09T8MwED2VioGpQIv4lgdG3IbE8Qdig1YgoaqiIHWrbOeCOpCgkvL7sZM0YWBh83mxdJb97ux37wCuhLYikkxRd9PFlBktqdRa0Sh1eGRtaFNVNZsQ06lcLNSsA9dNLQwiluQzHPph-Zef5Hbjn8pGwsUqsa8a3xGCV7VaTXLldaNaDc3R03z-MvbMLT70MqC_OqeUwDHp_W_JfRi0FXhk1mDLAXQwO4TetgUDqU9kH-5aqWJSxdK3pBIhJ8_5O9lKjhAXmjoj_3AmecCi5F9lA3ibjF_vH2ndEIGuHMoX1DIeo8uXkAvLheZWYsAtl1Il0hjNhEqsEDrUN57erWQchynjjLttCrQLBKMj6GZ5hsdAWJjExgrtAMzhEzeahzLBIMKAGcWMPIG-d8bys9K8WNZ-OP17-gz2vKsrkts5dIv1Bi9g134Xq6_1ZblRP0oPlGY |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3PT8IwGP1C0ERPqGD8bQ8eLcyt6w_jTSEQJyGCCbel7Yrh4GZw-PfbbmN48OKt7aXJ17Tva_u-9wBumNQs4ERge9KFmCjJMZdS4GBh8UhrXy9EaTbBxmM-n4tJA27rWhhjTEE-M13XLP7yk0yv3VNZj9lcJXRV4zvOOauq1qqvV045aqui2RtNp699x92iXScE-ss7pYCOQet_kx5AZ1uDhyY1uhxCw6RH0NqYMKBqT7bhYStWjMps-h6VMuQoyt7RRnQE2eTUdrIP20VPJi8YWGkH3gb92eMQV5YIeGlxPsea0NDYG5OhTFMmqebGo5pyLhKulCRMJJox6cs7R_AWPAz9BaGE2oXypE0Fg2NopllqTgARPwmVZtJCmEUoqiT1eWK8wHhECaL4KbRdMOLPUvUiruJw9vfwNewNZy9RHI3Gz-ew78JeUt4uoJmv1uYSdvV3vvxaXRWL9gM3T5ev |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=proceeding&rft.title=Proceedings+-+International+Symposium+on+Software+Reliability+Engineering&rft.atitle=Experience+Report%3A+System+Log+Analysis+for+Anomaly+Detection&rft.au=Shilin+He&rft.au=Jieming+Zhu&rft.au=Pinjia+He&rft.au=Lyu%2C+Michael+R.&rft.date=2016-10-01&rft.pub=IEEE&rft.eissn=2332-6549&rft.spage=207&rft.epage=218&rft_id=info:doi/10.1109%2FISSRE.2016.21&rft.externalDocID=7774521 |