LogAnomaly: Unsupervised Detection of Sequential and Quantitative Anomalies in Unstructured Logs

Meng, Weibin; Liu, Ying; Zhu, Yichen; Zhang, Shenglin; Pei, Dan; Liu, Yuqing; Chen, Yi-Hao; Zhang, Ruizhi; Tao, Shimin; Sun, Pei; Zhou, Rong

doi:10.24963/ijcai.2019/658

Cited by 311 publications

(195 citation statements)

References 9 publications

Supporting

Mentioning

194

Contrasting

Order By: Relevance

“…Observation 8.2: Most works in this survey adopted Phase II when parsing the raw log data. After reviewing the six works proposed recently, we found that five works (Du et al 2017;Meng et al 2019;Das et al 2018;Brown et al 2018;) employed parsing technique, while only one work (Bertero et al 2017) did not. DeepLog (Du et al 2017) parsed the raw log to different log type using Spell (Du and Li 2016) which is based a longest common subsequence.…”

Section: Key Findings From a Closer Lookmentioning

confidence: 95%

“…Recently, a large number of scholars employed deep learning techniques (Du et al 2017;Meng et al 2019;Das et al 2018;Brown et al 2018;Bertero et al 2017) to detect anomaly events in the system logs and diagnosis system failures. The raw log data are unstructured, while their formats and semantics can vary significantly.…”

Section: Introductionmentioning

confidence: 99%

“…In this section, we will review the very recent six representative papers that use deep learning for system-eventbased anomaly detection (Du et al 2017;Meng et al 2019;Das et al 2018;Brown et al 2018;Bertero et al 2017). DeepLog (Du et al 2017) utilizes LSTM to model the system log as a natural language sequence, which automatically learns log patterns from the normal event, and detects anomalies when log patterns deviate from the trained model.…”

Section: Introductionmentioning

confidence: 99%

“…DeepLog (Du et al 2017) utilizes LSTM to model the system log as a natural language sequence, which automatically learns log patterns from the normal event, and detects anomalies when log patterns deviate from the trained model. LogAnom (Meng et al 2019) employs Word2vec to extract the semantic and syntax information from log templates. Moreover, it uses sequential and quantitative features simultaneously.…”

Section: Introductionmentioning

confidence: 99%

“…Bertero et al (2017) map log word to a high dimensional metric space using Google's word2vec algorithm and take it as features to classify. Among these six papers, we select two representative works (Du et al 2017;Meng et al 2019) and summarize the four phases of their approaches. We direct interested readers to Table 2 for a concise overview of these two works.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Using deep learning to solve computer security challenges: a survey

et al. 2020

View full text Add to dashboard Cite

Although using machine learning techniques to solve computer security challenges is not a new idea, the rapidly emerging Deep Learning technology has recently triggered a substantial amount of interests in the computer security community. This paper seeks to provide a dedicated review of the very recent research works on using Deep Learning techniques to solve computer security challenges. In particular, the review covers eight computer security problems being solved by applications of Deep Learning: security-oriented program analysis, defending return-oriented programming (ROP) attacks, achieving control-flow integrity (CFI), defending network attacks, malware classification, system-event-based anomaly detection, memory forensics, and fuzzing for software security.

show abstract

Section: Key Findings From a Closer Lookmentioning

confidence: 95%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Using deep learning to solve computer security challenges: a survey

et al. 2020

View full text Add to dashboard Cite

show abstract

Anomaly Classification with Unknown, Imbalanced and Few Labeled Log Data

2022

AI and Machine Learning for Network and Security Management

View full text Add to dashboard Cite

amulog: A general log analysis framework for comparison and combination of diverse template generation methods*

et al. 2021

View full text Add to dashboard Cite

Summary One of the ways to analyze unstructured log messages from large‐scale IT systems is to classify log messages with log templates generated by template generation methods. However, there is currently no common knowledge pertained to the comparison and practical use of log template generation methods because they are implemented on the basis of diverse environments. To this end, we design and implement amulog, a general log analysis framework for comparing and combining diverse log template generation methods. Amulog consists of three key functions: (1) parsing log messages into headers and segmented messages, (2) classifying the log messages using a scalable template‐matching method, and (3) storing the structured data in a database. This framework helps us easily utilize time‐series data corresponding to the log templates for further analysis. We evaluate amulog with a log dataset collected from a nation‐wide academic network and demonstrate that it classifies the log data in a reasonable amount of time even with over 100,000 log template candidates. The template‐matching method in amulog also reduces 75% processing time for template generation and keeps the accuracy when combined with an existing structure‐based template generation method. In order to show the effectiveness of amulog in comparing log template generation methods, we demonstrate that the appropriate template generation methods and accuracy metrics largely depend on the purpose of further analysis by comparing the accuracy of six existing log template generation methods with 10 different accuracy metrics on amulog.

show abstract

LogAnomaly: Unsupervised Detection of Sequential and Quantitative Anomalies in Unstructured Logs

Cited by 311 publications

References 9 publications

Using deep learning to solve computer security challenges: a survey

Using deep learning to solve computer security challenges: a survey

Anomaly Classification with Unknown, Imbalanced and Few Labeled Log Data

amulog: A general log analysis framework for comparison and combination of diverse template generation methods*

Contact Info

Product

Resources

About