Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
139 tokens/sec
GPT-4o
47 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Graph Neural Networks based Log Anomaly Detection and Explanation (2307.00527v3)

Published 2 Jul 2023 in cs.SE, cs.AI, and cs.LG

Abstract: Event logs are widely used to record the status of high-tech systems, making log anomaly detection important for monitoring those systems. Most existing log anomaly detection methods take a log event count matrix or log event sequences as input, exploiting quantitative and/or sequential relationships between log events to detect anomalies. Unfortunately, only considering quantitative or sequential relationships may result in low detection accuracy. To alleviate this problem, we propose a graph-based method for unsupervised log anomaly detection, dubbed Logs2Graphs, which first converts event logs into attributed, directed, and weighted graphs, and then leverages graph neural networks to perform graph-level anomaly detection. Specifically, we introduce One-Class Digraph Inception Convolutional Networks, abbreviated as OCDiGCN, a novel graph neural network model for detecting graph-level anomalies in a collection of attributed, directed, and weighted graphs. By coupling the graph representation and anomaly detection steps, OCDiGCN can learn a representation that is especially suited for anomaly detection, resulting in a high detection accuracy. Importantly, for each identified anomaly, we additionally provide a small subset of nodes that play a crucial role in OCDiGCN's prediction as explanations, which can offer valuable cues for subsequent root cause diagnosis. Experiments on five benchmark datasets show that Logs2Graphs performs at least on par with state-of-the-art log anomaly detection methods on simple datasets while largely outperforming state-of-the-art log anomaly detection methods on complicated datasets.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (51)
  1. An introduction to outlier analysis. Springer, 2017.
  2. On pixel-wise explanations for non-linear classifier decisions by layer-wise relevance propagation. PloS one, 10(7):e0130140, 2015.
  3. Fast incremental and personalized pagerank. Proceedings of the VLDB Endowment, 4(3):173–184, 2010.
  4. Recent advances in adversarial training for adversarial robustness. Proceedings of the Thirtieth International Joint Conference on Artificial Intelligence, IJCAI-21, pages 4312–4321, 8 2021. doi: 10.24963/ijcai.2021/591. URL https://doi.org/10.24963/ijcai.2021/591. Survey Track.
  5. F. Baldassarre and H. Azizpour. Explainability techniques for graph convolutional networks. ICML 2019 Workshop” Learning and Reasoning with Graph-Structured Representations”, 2019.
  6. Experience report: Deep learning-based system log analysis for anomaly detection. arXiv preprint arXiv:2107.05908, 2021.
  7. Deeplog: Anomaly detection and diagnosis from system logs through deep learning. pages 1285–1298, 2017.
  8. A. Farzad and T. A. Gulliver. Unsupervised log message anomaly detection. ICT Express, 6(3):229–237, 2020.
  9. M. Fey and J. E. Lenssen. Fast graph representation learning with pytorch geometric. ICLR 2019 (RLGM Workshop), 2019.
  10. Neural message passing for quantum chemistry. In International conference on machine learning, pages 1263–1272. PMLR, 2017.
  11. M. Goldstein and A. Dengel. Histogram-based outlier score (hbos): A fast unsupervised anomaly detection algorithm. KI-2012: poster and demo track, 1:59–63, 2012.
  12. Drain: An online log parsing approach with fixed depth tree. In 2017 IEEE international conference on web services (ICWS), pages 33–40. IEEE, 2017.
  13. An approach for anomaly diagnosis based on hybrid graph model with logs for distributed services. In 2017 IEEE international conference on web services (ICWS), pages 25–32. IEEE, 2017.
  14. Graph anomaly detection with graph neural networks: Current status and challenges. IEEE Access, 2022.
  15. D. P. Kingma and J. Ba. Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980, 2014.
  16. Glad: Content-aware dynamic graphs for log anomaly detection. arXiv preprint arXiv:2309.05953, 2023a.
  17. Z. Li and M. van Leeuwen. Feature selection for fault detection and prediction based on event log analysis. ACM SIGKDD Explorations Newsletter, 24(2):96–104, 2022.
  18. Z. Li and M. van Leeuwen. Explainable contextual anomaly detection using quantile regression forests. Data Mining and Knowledge Discovery, 2023.
  19. A survey on explainable anomaly detection. ACM Trans. Knowl. Discov. Data, jul 2023b. ISSN 1556-4681. doi: 10.1145/3609333. URL https://doi.org/10.1145/3609333.
  20. Log clustering based problem identification for online service systems. pages 102–111. IEEE, 2016.
  21. Isolation forest. pages 413–422. IEEE, 2008.
  22. Deep graph-level anomaly detection by glocal knowledge distillation. In Proceedings of the Fifteenth ACM International Conference on Web Search and Data Mining, pages 704–714, 2022.
  23. Loganomaly: Unsupervised detection of sequential and quantitative anomalies in unstructured logs. volume 19, pages 4739–4745, 2019.
  24. graph2vec: Learning distributed representations of graphs. International workshop on mining and learning with graphs (mlg), 2017.
  25. Propagation kernels: efficient graph kernels from propagated information. Machine Learning, 102(2):209–245, 2016.
  26. Detecting anomalous graphs in labeled multi-graph databases. ACM Trans. Knowl. Discov. Data, 17(2), feb 2023. ISSN 1556-4681. doi: 10.1145/3533770. URL https://doi.org/10.1145/3533770.
  27. Deep learning for anomaly detection: A review. ACM computing surveys (CSUR), 54(2):1–38, 2021.
  28. Pytorch: An imperative style, high-performance deep learning library. Advances in neural information processing systems, 32, 2019.
  29. Glove: Global vectors for word representation. In Proceedings of the 2014 conference on empirical methods in natural language processing (EMNLP), pages 1532–1543, 2014.
  30. Raising the bar in graph-level anomaly detection. International Joint Conference on Artificial Intelligence, 2022.
  31. J. Ramos et al. Using tf-idf to determine word relevance in document queries. In Proceedings of the first instructional conference on machine learning, volume 242, pages 29–48. Citeseer, 2003.
  32. Deep one-class classification. In International conference on machine learning, pages 4393–4402. PMLR, 2018.
  33. Estimating the support of a high-dimensional distribution. Neural computation, 13(7):1443–1471, 2001.
  34. Layerwise relevance visualization in convolutional text graph classifiers. Proceedings of the Thirteenth Workshop on Graph-Based Methods for Natural Language Processing (TextGraphs-13), pages 58–62, 2019.
  35. Weisfeiler-lehman graph kernels. Journal of Machine Learning Research, 12(9), 2011.
  36. Support vector data description. Machine learning, 54(1):45–66, 2004.
  37. Digraph inception convolutional networks. Advances in neural information processing systems, 33:17907–17918, 2020.
  38. Glad-paw: Graph-based log anomaly detection by position aware weighted graph attention network. pages 66–77. Springer, 2021.
  39. Loggd: Detecting anomalies from system logs with graph neural networks. 2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS), pages 299–310, 2022.
  40. How powerful are graph neural networks? International Conference on Learning Representations, 2018.
  41. Detecting large-scale system problems by mining console logs. pages 117–132, 2009.
  42. Plelog: Semi-supervised log-based anomaly detection via probabilistic label estimation. In 2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion), pages 230–231. IEEE, 2021a.
  43. Semi-supervised log-based anomaly detection via probabilistic label estimation. In 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE), pages 1448–1460. IEEE, 2021b.
  44. Hierarchical graph representation learning with differentiable pooling. Advances in neural information processing systems, 31, 2018.
  45. Explainability in graph neural networks: A taxonomic survey. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2022.
  46. Deeptralog: Trace-log combined microservice anomaly detection through graph-based deep learning. In Proceedings of the 44th International Conference on Software Engineering, pages 623–634, 2022a.
  47. Dual-discriminative graph neural network for imbalanced graph-level anomaly detection. In Advances in Neural Information Processing Systems, 2022b.
  48. L. Zhao and L. Akoglu. On using classification datasets to evaluate graph outlier detection: Peculiar observations and new insights. Big Data, 2021.
  49. Graph anomaly detection with unsupervised gnns. IEEE International Conference on Data Mining (ICDM) Short, 2022.
  50. Pyod: A python toolbox for scalable outlier detection. Journal of Machine Learning Research, 20:1–7, 2019.
  51. Tools and benchmarks for automated log parsing. In 2019 IEEE/ACM 41st International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP), pages 121–130. IEEE, 2019.
Citations (4)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now