More Web Proxy on the site http://driver.im/

research-article

LogGAN: a Log-level Generative Adversarial Network for Anomaly Detection using Permutation Event Modeling

Authors:

Jian XuAuthors Info & Claims

Information Systems Frontiers, Volume 23, Issue 2

Pages 285 - 298

https://doi.org/10.1007/s10796-020-10026-3

Published: 01 April 2021 Publication History

Abstract

System logs that trace system states and record valuable events comprise a significant component of any computer system in our daily life. Each log contains sufficient information (i.e., normal and abnormal instances) that assist administrators in diagnosing and maintaining the operation of systems. If administrators cannot detect and eliminate diverse and complex anomalies (i.e., bugs and failures) efficiently, running workflows and transactions, even systems, would break down. Therefore, the technique of anomaly detection has become increasingly significant and attracted a lot of research attention. However, current approaches concentrate on the anomaly detection analyzing a high-level granularity of logs (i.e., session) instead of detecting log-level anomalies which weakens the efficiency of responding anomalies and the diagnosis of system failures. To overcome the limitation, we propose an LSTM-based generative adversarial network for anomaly detection based on system logs using permutation event modeling named LogGAN, which detects log-level anomalies based on patterns (i.e., combinations of latest logs). On the one hand, the permutation event modeling mitigates the strong sequential characteristics of LSTM for solving the out-of-order problem caused by the arrival delays of logs. On the other hand, the generative adversarial network-based model mitigates the impact of imbalance between normal and abnormal instances to improve the performance of detecting anomalies. To evaluate LogGAN, we conduct extensive experiments on two real-world datasets, and the experimental results show the effectiveness of our proposed approach on the task of log-level anomaly detection.

References

[1]

Bodik, P., Goldszmidt, M., Fox, A., Woodard, D.B., & Andersen, H. (2010). Fingerprinting the datacenter: automated classification of performance crises. In inproceedings of the 5th european conference on computer systems (pp. 111–124): ACM.

[2]

Chae, D.-K., Kang, J.-S., Kim, S.-W., & Lee, J.-T. (2018). Cfgan: A generic collaborative filtering framework based on generative adversarial networks. In Inproceedings of the 27th ACM International Conference on Information and Knowledge Management (pp. 137–146): ACM.

[3]

Chandola V, Banerjee A, and Kumar V Anomaly detection: a survey ACM computing surveys (CSUR) 2009 41 3 15

[4]

Chawla S and Sun P Slom: a new measure for local spatial outliers Knowledge and Information Systems 2006 9 4 412-429

[5]

Chen, M., Zheng, A.X., Lloyd, J., Jordan, M.I., & Brewer, E. (2004). Failure diagnosis using decision trees. In International Conference on Autonomic Computing, 2004. Proceedings (pp. 36–43): IEEE.

[6]

Min, D., Li, F., Zheng, G., & Srikumar, V. (2017). Deeplog: Anomaly detection and diagnosis from system logs through deep learning. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 1285–1298): ACM.

[7]

Goodfellow, I.J., Pouget-Abadie, J., Mirza, M., Bing, X., Warde-Farley, D., Ozair, S., Courville, A.C., & Bengio, Y. (2014). Generative adversarial nets. In Advances in Neural Information Processing Systems 27: Annual Conference on Neural Information Processing Systems 2014, December 8-13 2014, Montreal, Quebec, Canada (pp. 2672–2680).

[8]

Guo, S., Liu, Z., Chen, W., & Li, T. (2018). Event extraction from streaming system logs. In Information Science and Applications 2018 - ICISA 2018, Hong Kong, China, June 25-27th, 2018 (pp. 465–474).

[9]

Huang SY, Lin C-C, Chiu A-A, and Yes DC Fraud detection using fraud triangle risk factors Inf. Sys. Frontiers 2017 19 6 1343-1356

[10]

Li T, Zeng C, Zhou W, Xue W, Huang Y, Liu Z, Zhou Q, Xia B, Wang Q, Wang W, et al. Fiu-miner (a fast, integrated, and user-friendly system for data mining) and its applications Knowledge and Information Systems 2017 52 2 411-443

[11]

Liang, Y., Zhang, Y., Xiong, H., & Sahoo, R. (2007). Failure prediction in ibm bluegene/l event logs. In Seventh IEEE International Conference on Data Mining (ICDM 2007) (pp. 583–588): IEEE.

[12]

Lin, Q., Zhang, H., Lou, J.-G., Zhang, Y., & Chen, X. (2016). Log clustering based problem identification for online service systems. In Proceedings of the 38th International Conference on Software Engineering Companion (pp. 102–111): ACM.

[13]

Liu, F.T., Ting, K.M., & Zhou, Z.-H. (2008). Isolation forest. In 2008 Eighth IEEE International Conference on Data Mining (pp. 413–422): IEEE.

[14]

Lou, J.-G., Qiang, F., Yang, S., Ye, X., & Li, J. (2010). Mining invariants from console logs for system problem detection. In USENIX Annual Technical Conference (pp. 1–14).

[15]

Mondal T, Pramanik P, Bhattacharya I, Boral N, and Ghosh S Analysis and early detection of rumors in a post disaster scenario Inf. Syst. Frontiers 2018 20 5 961-979

[16]

Niven, T., & Kao, H.-Y. (2019). Probing neural network comprehension of natural language arguments. In Proceedings of the 57th Conference of the Association for Computational Linguistics, ACL 2019, Florence, Italy, July 28- August 2, 2019, Volume 1: Long Papers (pp. 4658–4664).

[17]

Sun, P., & Chawla, S. (2004). On local spatial outliers, Fourth IEEE International Conference on Data Mining (ICDM’04) (pp. 209–216): IEEE.

[18]

Tang, L., Li, T., & Perng, C.-S. (2011). Logsig: generating system events from raw textual logs. In Proceedings of the 20th ACM International Conference on Information and Knowledge Management (pp. 785–794): ACM.

[19]

Troudi A, Zayani CA, Jamoussi S, and Amor IAB A new mashup based method for event detection from social media Inf. Syst Frontiers 2018 20 5 981-992

[20]

Tuor, A.R., Baerwolf, R., Knowles, N., Hutchinson, B., Nichols, N., & Jasper, R. (2018). Recurrent neural network language models for open vocabulary event-level cyber anomaly detection. In Workshops at the Thirty-Second AAAI Conference on Artificial Intelligence.

[21]

Wang, J., Lantao, Y., Zhang, W., Gong, Y., Yinghui, X., Wang, B., Zhang, P., & Zhang, D. (2017). Irgan: A minimax game for unifying generative and discriminative information retrieval models. In Proceedings of the 40th International ACM SIGIR conference on Research and Development in Information Retrieval (pp. 515–524): ACM.

[22]

Wang, W., Zeng, C., & Li, T. (2018). Discovering multiple time lags of temporal dependencies from fluctuating events. In Web and Big Data - Second International Joint Conference, APWeb-WAIM 2018, Macau, China, July 23-25, 2018, Proceedings, Part II (pp. 121–137).

[23]

Xia, B., Yin, J., Jian, X., & Li, Y. (2019). Loggan: A sequence-based generative adversarial network for anomaly detection based on system logs. In Liu, F., Xu, J., Xu, S., & Yung, M. (Eds.), Science of Cyber Security - Second International Conference, Scisec 2019, Nanjing, China, August 9-11, 2019, Revised Selected Papers, Volume 11933 of Lecture Notes in Computer Science (pp. 61–76): Springer.

[24]

Jian X, Jiang Y, Zeng C, and Li T Node anomaly detection for homogeneous distributed environments Expert Syst. Appl. 2015 42 20 7012-7025

[25]

Jian X, Tang L, and Li T System situation ticket identification using svms ensemble Expert Syst. Appl. 2016 60 130-140

[26]

Jian X, Tang L, Zeng C, and Li T Pattern discovery via constraint programming Knowl.-Based Syst. 2016 94 23-32

[27]

Wei, X., Huang, L., Fox, A., Patterson, D., & Jordan, M.I. (2009). Detecting large-scale system problems by mining console logs. In Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles (pp. 117–132): ACM.

[28]

Yan, G. (2015). Be sensitive to your errors: Chaining neyman-pearson criteria for automated malware classification. In Bao, F., Miller, S., Zhou, J., & Ahn, G.-J. (Eds.), Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIA CCS ’15, Singapore, April 14-17, 2015 (pp. 121–132): ACM.

[29]

Yang, Z., Dai, Z., Yang, Y., Carbonell, J.G., Salakhutdinov, R., & Le, Q.V. (2019). Xlnet: Generalized autoregressive pretraining for language understanding. CoRR abs/1906.08237.

[30]

Zeng, C., Tang, L., Li, T., Shwartz, L., & Grabarnik, G. (2014). Mining temporal lag from fluctuating events for correlation and root cause analysis. In 10th International Conference on Network and Service Management, CNSM 2014 and Workshop, Rio de Janeiro, Brazil, November 17-21, 2014 (pp. 19–27).

[31]

Ji Z and Wang H Detecting outlying subspaces for high-dimensional data: the new task, algorithms, and performance Knowledge and information systems 2006 10 3 333-355

[32]

Zhu, J., He, S., Liu, J., He, P., Qi, X., Zheng, Z., & Lyu, M.R. (2018). Tools and benchmarks for automated log parsing. CoRR abs/1811.03509.

Cited By

Fang Y(2024)APIB-GANPhysical Communication10.1016/j.phycom.2024.10231564:COnline publication date: 17-Jul-2024
https://dl.acm.org/doi/10.1016/j.phycom.2024.102315
Megahed MMohammed A(2024)A comprehensive review of generative adversarial networksWIREs Computational Statistics10.1002/wics.162916:1Online publication date: 21-Jan-2024
https://dl.acm.org/doi/10.1002/wics.1629
Wei XWang JSun CTowey DZhang SZuo WYu YRuan RSong G(2024)Log‐based anomaly detection for distributed systemsJournal of Software: Evolution and Process10.1002/smr.265036:8Online publication date: 5-Aug-2024
https://dl.acm.org/doi/10.1002/smr.2650
Show More Cited By

Recommendations

Event log anomaly detection method based on auto-encoder and control flow
Abstract
Anomaly detection is widely used in the field of business process management, and researchers have proposed various anomaly detection algorithms to detect anomalies in event logs. However, existing research focuses on detecting anomalies in event ...
An empirical study of the impact of log parsers on the performance of log-based anomaly detection
Abstract
Log-based anomaly detection plays an essential role in the fast-emerging Artificial Intelligence for IT Operations (AIOps) of software systems. Many log-based anomaly detection methods have been proposed. Due to the variety and unstructured ...
Anomaly Detection using Generative Adversarial Networks Reviewing methodological progress and challenges

The applications of Generative Adversarial Networks (GANs) are just as diverse as their architectures, problem settings as well as challenges. A key area of research on GANs is anomaly detection where they are most often utilized when only the data of ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Information Systems Frontiers

Information Systems Frontiers Volume 23, Issue 2

Apr 2021

242 pages

ISSN:1387-3326

Issue’s Table of Contents

© Springer Science+Business Media, LLC, part of Springer Nature 2020.

Publisher

Kluwer Academic Publishers

United States

Publication History

Published: 01 April 2021

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 04 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Fang Y(2024)APIB-GANPhysical Communication10.1016/j.phycom.2024.10231564:COnline publication date: 17-Jul-2024
https://dl.acm.org/doi/10.1016/j.phycom.2024.102315
Megahed MMohammed A(2024)A comprehensive review of generative adversarial networksWIREs Computational Statistics10.1002/wics.162916:1Online publication date: 21-Jan-2024
https://dl.acm.org/doi/10.1002/wics.1629
Wei XWang JSun CTowey DZhang SZuo WYu YRuan RSong G(2024)Log‐based anomaly detection for distributed systemsJournal of Software: Evolution and Process10.1002/smr.265036:8Online publication date: 5-Aug-2024
https://dl.acm.org/doi/10.1002/smr.2650
Fu YYan MXu JLi JLiu ZZhang XYang DRoychoudhury ACadar CKim M(2022)Investigating and improving log parsing in practiceProceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3540250.3558947(1566-1577)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3540250.3558947
Qi JLuan ZHuang SWang YFung CYang HQian D(2022)Adanomaly: Adaptive Anomaly Detection for System Logs with Adversarial LearningNOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium10.1109/NOMS54207.2022.9789917(1-5)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1109/NOMS54207.2022.9789917
Zhang KDi XLiu XLi BFang LQin YCao J(2022)LogLR: A Log Anomaly Detection Method Based on Logical ReasoningWireless Algorithms, Systems, and Applications10.1007/978-3-031-19214-2_41(489-500)Online publication date: 24-Nov-2022
https://dl.acm.org/doi/10.1007/978-3-031-19214-2_41
Cavallaro CRonchieri E(2021)Identifying Anomaly Detection Patterns from Log Files: A Dynamic ApproachComputational Science and Its Applications – ICCSA 202110.1007/978-3-030-86960-1_36(517-532)Online publication date: 13-Sep-2021
https://dl.acm.org/doi/10.1007/978-3-030-86960-1_36
Liu CPan LGu ZWang JRen YWang Z(2020)Valid Probabilistic Anomaly Detection Models for System LogsWireless Communications & Mobile Computing10.1155/2020/88271852020Online publication date: 1-Jan-2020
https://dl.acm.org/doi/10.1155/2020/8827185

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents