A2Log: Attentive Augmented Log Anomaly Detection

  title={A2Log: Attentive Augmented Log Anomaly Detection},
  author={Thorsten Wittkopp and Alexander Acker and Sasho Nedelkoski and Jasmin Bogatinovski and Dominik Scheinert and Wu Fan and Odej Kao},
Anomaly detection becomes increasingly important for the dependability and serviceability of IT services. As log lines record events during the execution of IT services, they are a primary source for diagnostics. Thereby, unsupervised methods provide a significant benefit since not all anomalies can be known at training time. Existing unsupervised methods need anomaly examples to obtain a suitable decision boundary required for the anomaly detection task. This requirement poses practical… 
A Taxonomy of Anomalies in Log Data
A taxonomy for different kinds of log data anomalies is presented and a method for analyzing such anomalies in labeled datasets is introduced and it is shown that the most common anomaly type is also the easiest to predict.
TransLog: A Unified Transformer-based Framework for Log Anomaly Detection
A unified Transformer-based framework for Log anomaly detection (TRANSLOG), which is comprised of the pretraining and adapter-based tuning stage, and achieves state-of-the-art performance on three benchmarks.
LogLAB: Attention-Based Labeling of Log Data Anomalies via Weak Supervision
This work presents LogLAB, a novel modeling approach for automated labeling of log messages without requiring manual work by experts that relies on estimated failure time windows provided by monitoring systems to produce precise labeled datasets in retrospect.


Self-Attentive Classification-Based Anomaly Detection in Unstructured Logs
Logsy is proposed, a classification-based method to learn log representations that allow to distinguish between normal system log data and anomaly samples from auxiliary log datasets, easily accessible via the internet.
DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning
DeepLog, a deep neural network model utilizing Long Short-Term Memory (LSTM), is proposed, to model a system log as a natural language sequence, which allows DeepLog to automatically learn log patterns from normal execution, and detect anomalies when log patterns deviate from the model trained from log data under normal execution.
Semi-Supervised Log-Based Anomaly Detection via Probabilistic Label Estimation
This paper proposes a novel practical log-based anomaly detection approach, PLELog, which is semi-supervised to get rid of time-consuming manual labeling and incorporates the knowledge on historical anomalies via probabilistic label estimation to bring supervised approaches' superiority into play.
Improving Log-Based Anomaly Detection with Component-Aware Analysis
  • Kun Yin, Meng Yan, Xiaohong Zhang
  • Computer Science
    2020 IEEE International Conference on Software Maintenance and Evolution (ICSME)
  • 2020
Experimental results show that LogC overall outperforms three baselines (i.e., PCA, IM, and DeepLog) in terms of three metrics (precision, recall, and F-measure).
Experience Report: System Log Analysis for Anomaly Detection
A detailed review and evaluation of six state-of-the-art log-based anomaly detection methods, including three supervised methods and three unsupervised methods, and also releases an open-source toolkit allowing ease of reuse.
LogAnomaly: Unsupervised Detection of Sequential and Quantitative Anomalies in Unstructured Logs
Empowered by template2vec, a novel, simple yet effective method to extract the semantic information hidden in log templates, LogAnomaly can detect both sequential and quantitive log anomalies simultaneously, which has not been done by any previous work.
Robust log-based anomaly detection on unstable log data
The experimental results show that the proposed log-based anomaly detection approach, LogRobust, can well address the problem of log instability and achieve accurate and robust results on real-world, ever-changing log data.
Recurrent Neural Network Attention Mechanisms for Interpretable System Log Anomaly Detection
Recurrent neural network language models augmented with attention for anomaly detection in system logs are presented, creating opportunities for model introspection and analysis without sacrificing state-of-the art performance.
A Classification Framework for Anomaly Detection
It turns out that the empirical classification risk can serve as an empirical performance measure for the anomaly detection problem and this enables a support vector machine (SVM) for anomaly detection for which it can easily establish universal consistency.
Enhanced Network Anomaly Detection Based on Deep Neural Networks
Investigation of the suitability of deep learning approaches for anomaly-based intrusion detection system based on different deep neural network structures found promising results for real-world application in anomaly detection systems.