Log analysis is an important technique that engineers use for troubleshooting faults of large-scale service-oriented systems. In this study, we propose a novel semi-supervised log-based anomaly detection approach, LogDP, which utilizes the dependency relationships among log events and proximity among log sequences to detect the anomalies in massive unlabeled log data. LogDP divides log events into dependent and independent events, then learns normal patterns of dependent events using dependency and independent events using proximity. Events violating any normal pattern are identified as anomalies. By combining dependency and proximity, LogDP is able to achieve high detection accuracy. Extensive experiments have been conducted on real-world datasets, and the results show that LogDP outperforms six state-of-the-art methods.
翻译:日志分析是工程师用来解决大规模服务导向系统故障的重要技术。在本研究中,我们建议采用一种新的半监督日志异常检测方法,即LogDP,它利用日志事件之间和日志序列之间的接近性依赖关系来检测大量未贴标签的日志数据的异常性。LogDP将日志事件分为依赖性和独立事件,然后利用近距离使用依赖性和独立事件来了解依赖性事件的正常模式。违反任何正常模式的事件被确定为异常事件。通过将依赖性和接近性结合起来,LogDP能够实现高检测准确性。对真实世界数据集进行了广泛的实验,结果显示LogDP超过了六种最先进的方法。