research-article

An Approach to Cloud Platform Log Anomaly Detection Based on Natural Language Processing and LSTM

Authors:

Bei Zhu,

Jing Li,

Rongbin Gu,

Liang WangAuthors Info & Claims

ACAI '20: Proceedings of the 2020 3rd International Conference on Algorithms, Computing and Artificial Intelligence

Article No.: 88, Pages 1 - 7

https://doi.org/10.1145/3446132.3446415

Published: 09 March 2021 Publication History

Get Access

Abstract

Cloud platform logs record platform runtime information and are important data for cloud platform anomaly detection. Due to the complex log format and rich semantic information, simple statistical analysis methods cannot fully capture log information. And the cloud platform architecture is constantly being updated, log statements are constantly evolving, and new abnormal logs may appear. In addition, most of the existing methods only perform anomaly detection on log templates, and the information is relatively one-sided, which limits the types of anomalies they can detect. Aiming at the problems that most of the current methods will not be able to diagnose or misjudge the unknown log status and miss the abnormality, this paper proposes an anomaly detection method LogNL based on (Natural Language Processing, NLP) and LSTM (Long Short Term Memory, LSTM). LogNL first uses automatic analysis methods to extract log templates and parameters, uses TF-IDF (Term Frequency–Inverse Document Frequency, TF-IDF) to obtain template feature representations, and then constructs parameter value vectors for logs of different templates, and finally uses LSTM network-based construction of pattern anomaly detection models and parameter value anomaly detection models to achieve cloud Platform log anomaly detection. Experiments on two real cloud platform log data sets show that LogNL has higher accuracy than existing supervised learning methods and unsupervised learning methods.

References

[1]

Chalapathy R, Chawla S. Deep learning for anomaly detection: A survey[J]. arXiv preprint arXiv:1901.03407, 2019.

Google Scholar

[2]

Chandola V, Banerjee A, Kumar V. Anomaly detection: A survey[J]. ACM computing surveys (CSUR), 2009, 41(3): 1-58.

Digital Library

Google Scholar

[3]

Kruegel C, Vigna G. Anomaly detection of web-based attacks[C]// Proceedings of the 10th ACM conference on Computer and communications security. 2003: 251-261.

Google Scholar

[4]

Liang Y, Zhang Y, Xiong H, Failure prediction in ibm bluegene/l event logs[C]// Seventh IEEE International Conference on Data Mining (ICDM 2007). IEEE, 2007: 583-588.

Google Scholar

[5]

Bodik P, Goldszmidt M, Fox A, Fingerprinting the datacenter: automated classification of performance crises[C]// Proceedings of the 5th European conference on Computer systems. 2010: 111-124.

Google Scholar

[6]

Du M, Li F, Zheng G, Deeplog: Anomaly detection and diagnosis from system logs through deep learning[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 2017: 1285-1298.

Google Scholar

[7]

Hochreiter S, Schmidhuber J. Long short-term memory[J]. Neural computation, 1997, 9(8): 1735-1780.

Digital Library

Google Scholar

[8]

Sundermeyer M, Schlüter R, Ney H. LSTM neural networks for language modeling[C]//Thirteenth annual conference of the international speech communication association. 2012.

Google Scholar

[9]

Zheng Z, Lan Z, Park B H, System log pre-processing to improve failure prediction[C]// 2009 IEEE/IFIP International Conference on Dependable Systems & Networks. IEEE, 2009: 572-577.

Google Scholar

[10]

He P, Zhu J, Zheng Z, Drain: An online log parsing approach with fixed depth tree[C]// 2017 IEEE International Conference on Web Services (ICWS). IEEE, 2017: 33-40.

Google Scholar

[11]

Salton G, Buckley C. Term-weighting approaches in automatic text retrieval[J]. Information processing & management, 1988, 24(5): 513-523.

Google Scholar

[12]

Xu W, Huang L, Fox A, Detecting large-scale system problems by mining console logs[C]// Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles. 2009: 117-132.

Google Scholar

[13]

Meng W, Liu Y, Zhu Y, LogAnomaly: Unsupervised Detection of Sequential and Quantitative Anomalies in Unstructured Logs[C]// IJCAI. 2019: 4739-4745.

Google Scholar

[14]

Zhang X, Xu Y, Lin Q, Robust log-based anomaly detection on unstable log data[C]// Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 2019: 807-817.

Google Scholar

Cited By

View all

Lupton SWashizaki HYoshioka NFukazawa Y(2024)Landscape and Taxonomy of Online Parser-Supported Log Anomaly Detection MethodsIEEE Access10.1109/ACCESS.2024.338728712(78193-78218)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3387287
Al-Mazrawe AAl-Musawi B(2024)Anomaly Detection in Cloud Network: A ReviewBIO Web of Conferences10.1051/bioconf/2024970001997(00019)Online publication date: 5-Apr-2024
https://doi.org/10.1051/bioconf/20249700019
Yuan JZhou HLi LChen GLi F(2023)DeepSipi: A Log Anomaly Detection Method with Events and Variables2023 IEEE 6th International Conference on Automation, Electronics and Electrical Engineering (AUTEEE)10.1109/AUTEEE60196.2023.10407821(665-668)Online publication date: 15-Dec-2023
https://doi.org/10.1109/AUTEEE60196.2023.10407821
Show More Cited By

Recommendations

Robust log-based anomaly detection on unstable log data
ESEC/FSE 2019: Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering

Logs are widely used by large and complex software-intensive systems for troubleshooting. There have been a lot of studies on log-based anomaly detection. To detect the anomalies, the existing methods mainly construct a detection model using log event ...
An empirical study of the impact of log parsers on the performance of log-based anomaly detection
Abstract
Log-based anomaly detection plays an essential role in the fast-emerging Artificial Intelligence for IT Operations (AIOps) of software systems. Many log-based anomaly detection methods have been proposed. Due to the variety and unstructured ...
Impact of log parsing on deep learning-based anomaly detection
Abstract
Software systems log massive amounts of data, recording important runtime information. Such logs are used, for example, for log-based anomaly detection, which aims to automatically detect abnormal behaviors of the system under analysis by ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ACAI '20: Proceedings of the 2020 3rd International Conference on Algorithms, Computing and Artificial Intelligence

December 2020

576 pages

ISBN:9781450388115

DOI:10.1145/3446132

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 March 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ACAI 2020

ACAI 2020: 2020 3rd International Conference on Algorithms, Computing and Artificial Intelligence

December 24 - 26, 2020

Sanya, China

Acceptance Rates

Overall Acceptance Rate 173 of 395 submissions, 44%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
257
Total Downloads

Downloads (Last 12 months)73
Downloads (Last 6 weeks)6

Reflects downloads up to 28 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Lupton SWashizaki HYoshioka NFukazawa Y(2024)Landscape and Taxonomy of Online Parser-Supported Log Anomaly Detection MethodsIEEE Access10.1109/ACCESS.2024.338728712(78193-78218)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3387287
Al-Mazrawe AAl-Musawi B(2024)Anomaly Detection in Cloud Network: A ReviewBIO Web of Conferences10.1051/bioconf/2024970001997(00019)Online publication date: 5-Apr-2024
https://doi.org/10.1051/bioconf/20249700019
Yuan JZhou HLi LChen GLi F(2023)DeepSipi: A Log Anomaly Detection Method with Events and Variables2023 IEEE 6th International Conference on Automation, Electronics and Electrical Engineering (AUTEEE)10.1109/AUTEEE60196.2023.10407821(665-668)Online publication date: 15-Dec-2023
https://doi.org/10.1109/AUTEEE60196.2023.10407821
Landauer MOnder SSkopik FWurzenberger M(2023)Deep learning for anomaly detection in log data: A surveyMachine Learning with Applications10.1016/j.mlwa.2023.10047012(100470)Online publication date: Jun-2023
https://doi.org/10.1016/j.mlwa.2023.100470
Lupton SWashizaki HYoshioka NFukazawa Y(2023)Log Drift Impact on Online Anomaly Detection WorkflowsProduct-Focused Software Process Improvement10.1007/978-3-031-49266-2_19(267-283)Online publication date: 11-Dec-2023
https://dl.acm.org/doi/10.1007/978-3-031-49266-2_19
Lupton SWashizaki HYoshioka NFukazawa Y(2021)Literature Review on Log Anomaly Detection Approaches Utilizing Online Parsing Methodology2021 28th Asia-Pacific Software Engineering Conference (APSEC)10.1109/APSEC53868.2021.00068(559-563)Online publication date: Dec-2021
https://doi.org/10.1109/APSEC53868.2021.00068

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Abstract

References

Cited By

Recommendations

Robust log-based anomaly detection on unstable log data

An empirical study of the impact of log parsers on the performance of log-based anomaly detection

Impact of log parsing on deep learning-based anomaly detection

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

HTML Format

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations