Log Message Anomaly Detection and Classification Using Auto-B/LSTM and Auto-GRU

Farzad, Amir; Gulliver, T. Aaron

doi:10.48550/arxiv.1911.08744

Cited by 1 publication

(4 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some approaches make use of Bi-LSTM RNNs, which are basically two independent LSTM RNNs that work in parallel and process sequences in opposite directions, i.e., while one LSTM RNN processes the input sequences as usual from the first to the last element, the other LSTM RNN processes sequence elements starting from the last entry and predicts elements that chronologically precede them. Experiments suggest that Bi-LSTM RNNs outperform LSTM RNNs [17], [34], [46], [50], [55], [57], [72], [75]. Another popular choice for RNNs are Gated Recurrent Units (GRU) that simplify the cell architecture as they only rely on update and reset gates.…”

Section: B Deep Learning Techniquesmentioning

confidence: 99%

“…Another popular choice for RNNs are Gated Recurrent Units (GRU) that simplify the cell architecture as they only rely on update and reset gates. One of the main benefits of GRUs is that they are computationally more efficient than LSTM RNNs, which is a relevant aspect for use cases focusing on edge devices [21], [34], [35], [37], [53], [56], [62], [68], [69].…”

Section: B Deep Learning Techniquesmentioning

confidence: 99%

“…-Failures [24], [34]- [36], [38]- [41], [55], [60], [64], [71], [73] OpenStack [20] 2017 Virtual machines Failures [20], [26], [34]- [36], [42], [44], [50], [52], [63], [76]- [78] Hadoop [90] 2016 High-perf. comp.…”

Section: Data Setmentioning

confidence: 99%

“…2) Evaluation metrics: Quantitative evaluation (ER-2) of anomaly detection approaches typically revolves around counting the numbers of correctly detected anomalous samples as true positives (T P ), incorrectly detected non-anomalous samples as false positives (F P ), incorrectly undetected anomalous samples as false negatives (F N ), and correctly undetected non-anomalous samples as true negatives (T N ). In the most basic setting where events are labeled individually and samples represent single events (e.g., as in the BGL data set), it is relatively straightforward to evaluate detected events with binary classification [34], [36]. Some of the reviewed papers additionally consider a multi-class classification problem for data sets where different types of failures have distinct labels by computing the averages of evaluation metrics over all classes [55] or plotting confusion matrices [32].…”

Section: Data Setmentioning

confidence: 99%

See 3 more Smart Citations

Deep Learning for Anomaly Detection in Log Data: A Survey

Landauer¹,

Onder²,

Skopik³

et al. 2022

Preprint

View full text Add to dashboard Cite

Automatic log file analysis enables early detection of relevant incidents such as system failures. In particular, selflearning anomaly detection techniques capture patterns in log data and subsequently report unexpected log event occurrences to system operators without the need to provide or manually model anomalous scenarios in advance. Recently, an increasing number of approaches leveraging deep learning neural networks for this purpose have been presented. These approaches have demonstrated superior detection performance in comparison to conventional machine learning techniques and simultaneously resolve issues with unstable data formats. However, there exist many different architectures for deep learning and it is nontrivial to encode raw and unstructured log data to be analyzed by neural networks. We therefore carry out a systematic literature review that provides an overview of deployed models, data pre-processing mechanisms, anomaly detection techniques, and evaluations. The survey does not quantitatively compare existing approaches but instead aims to help readers understand relevant aspects of different model architectures and emphasizes open issues for future work.

show abstract