short-paper

Application Performance Anomaly Detection with LSTM on Temporal Irregularities in Logs

Authors:

Oihana Coustié,

Olivier TesteAuthors Info & Claims

CIKM '20: Proceedings of the 29th ACM International Conference on Information & Knowledge Management

Pages 1961 - 1964

https://doi.org/10.1145/3340531.3412157

Published: 19 October 2020 Publication History

Abstract

Performance anomalies are a core problem in modern information systems, that affects the execution of the hosted applications. The detection of these anomalies often relies on the analysis of the application execution logs. The current most effective approach is to detect samples that differ from a learnt nominal model. However, current methods often focus on detecting sequential anomalies in logs, neglecting the time elapsed between logs, which is a core component of the performance anomaly detection. In this paper, we develop a new model for performance anomaly detection that captures temporal deviations from the nominal model, by means of a sliding window data representation. This nominal model is trained by a Long Short-Term Memory neural network, which is appropriate to represent complex sequential dependencies. We assess the effectiveness of our model on both simulated and real datasets. We show that it is more robust to temporal variations than current state-of-the-art approaches, while remaining as effective.

Supplementary Material

MP4 File (3340531.3412157.mp4)

We present NoTIL (Novelty Detection based on Temporal Irregularities in Logs), a new deep learning method to detect anomalies in logs. NoTIL has two specificities (i) it is a novelty detection approach (ii) it uses a data representation based on temporal event counts, which enables to catch temporal irregularities in logs. We demonstrate its superiority over the state-of-the-art methods for the detection of performance anomalies.

Download
11.94 MB

References

[1]

Xavier Baril, Oihana Coustié, Josiane Mothe, and Olivier Teste. 2020. METING: A Robust Log Parser Based on Frequent n-Gram Mining. IEEE The International Conference on Web Services (ICWS) (2020).

[2]

Sté phane Bonnevay, Jairo Cugliari, and Victoria Granger. 2019. Predictive Maintenance from Event Logs Using Wavelet-Based Features: An Industrial Application. In 14th Inter. Conf. on Soft Computing Models in Industrial and Environmental Applications (SOCO) (Advances in Intelligent Systems and Computing), Vol. 950. 132--141.

[3]

Andrea Borghesi, Antonio Libri, Luca Benini, and Andrea Bartolini. 2019. Online Anomaly Detection in HPC Systems. In IEEE Inter. Conf. on Artificial Intelligence Circuits and Systems, AICAS. 229--233.

[4]

Andy Brown, Aaron Tuor, Brian Hutchinson, and Nicole Nichols. 2018. Recurrent Neural Network Attention Mechanisms for Interpretable System Log Anomaly Detection. CoRR, Vol. abs/1803.04967 (2018). arxiv: 1803.04967

[5]

Mike Y. Chen, Alice X. Zheng, Jim Lloyd, Michael I. Jordan, and Eric A. Brewer. 2004. Failure Diagnosis Using Decision Trees. In 1st Inter. Conf. on Autonomic Computing (ICAC ). 36--43.

[6]

Min Du, Feifei Li, Guineng Zheng, and Vivek Srikumar. 2017. DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning. In Proc. of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS. 1285--1298.

Digital Library

[7]

Qiang Fu, Jian-Guang Lou, Yi Wang, and Jiang Li. 2009. Execution anomaly detection in distributed systems through unstructured log analysis. In 9th IEEE Inter. Conf. on data mining. 149--158.

Digital Library

[8]

Shilin He, Jieming Zhu, Pinjia He, and Michael R. Lyu. 2016. Experience Report: System Log Analysis for Anomaly Detection. In 27th IEEE International Symposium on Software Reliability Engineering, ISSRE. 207--218.

[9]

Yinglung Liang, Yanyong Zhang, Hui Xiong, and Ramendra K. Sahoo. 2007. Failure Prediction in IBM BlueGene/L Event Logs. In Proc. of the 7th IEEE Inter. Conf. on Data Mining (ICDM 2007). 583--588.

[10]

Jian-Guang Lou, Qiang Fu, Shengqi Yang, Ye Xu, and Jiang Li. 2010. Mining Invariants from Console Logs for System Problem Detection. In USENIX Annual Technical Conference, 2010, Paul Barham and Timothy Roscoe (Eds.).

Digital Library

[11]

Weibin Meng, Ying Liu, Yichen Zhu, Shenglin Zhang, Dan Pei, Yuqing Liu, Yihao Chen, Ruizhi Zhang, Shimin Tao, Pei Sun, and Rong Zhou. 2019. LogAnomaly: Unsupervised Detection of Sequential and Quantitative Anomalies in Unstructured Logs. In Proc. of the Twenty-Eighth International Joint Conference on Artificial Intelligence, IJCAI, Sarit Kraus (Ed.). 4739--4745.

[12]

Yongmin Tan, Hiep Nguyen, Zhiming Shen, Xiaohui Gu, Chitra Venkatramani, and Deepak Rajan. 2012. PREPARE: Predictive Performance Anomaly Prevention for Virtualized Cloud Systems. In IEEE 32nd Inter. Conf. on Distributed Computing Systems. 285--294.

[13]

Yifan Wu. 2018. DeepLog. https://github.com/wuyifan18/DeepLog.

[14]

Wei Xu, Ling Huang, Armando Fox, David Patterson, and Michael Jordan. 2009. Largescale system problem detection by mining console logs. (2009).

[15]

Ke Zhang, Jianwu Xu, Martin Renqiang Min, Guofei Jiang, Konstantinos Pelechrinis, and Hui Zhang. 2016. Automated IT system failure prediction: A deep learning approach. In IEEE Inter. Conf. on Big Data,. 1291--1300.

Cited By

Verma AKaur PSingh A(2024)Assessment in the Age of Education 4.0: Unveiling Primitive and Hidden Parameters for EvaluationInformation10.3390/info1508048615:8(486)Online publication date: 15-Aug-2024
https://doi.org/10.3390/info15080486
Qi JLuan ZHuang SFung CYang HQian D(2024)SpikeLog: Log-Based Anomaly Detection via Potential-Assisted Spiking Neuron NetworkIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2023.334769536:12(9322-9335)Online publication date: Dec-2024
https://doi.org/10.1109/TKDE.2023.3347695
Liu XWei ZYu WLiu SWang GLiu XLi YFrommholz IHopfgartner FLee MOakes MLalmas MZhang MSantos R(2023)Khronos: A Real-Time Indexing Framework for Time Series Databases on Large-Scale Performance Monitoring SystemsProceedings of the 32nd ACM International Conference on Information and Knowledge Management10.1145/3583780.3614944(1607-1616)Online publication date: 21-Oct-2023
https://dl.acm.org/doi/10.1145/3583780.3614944
Show More Cited By

Index Terms

Application Performance Anomaly Detection with LSTM on Temporal Irregularities in Logs

Recommendations

Two-stage anomaly detection algorithm via dynamic community evolution in temporal graph
Abstract
Detecting anomalies from a massive amount of user behavioral data is often liken to finding a needle in a haystack. While tremendous efforts have been devoted to anomaly detection from temporal graphs, existing studies rarely consider community ...
Anomaly detection in the web logs using user-behaviour networks

With the rapid growth of the web attacks, anomaly detection becomes a necessary part in the management of modern large-scale distributed web applications. As the record of the user behaviour, web logs certainly become the research object relate to ...
Deep learning for anomaly detection in multivariate time series: Approaches, applications, and challenges
Abstract
Anomaly detection has recently been applied to various areas, and several techniques based on deep learning have been proposed for the analysis of multivariate time series. In this study, we classify the anomalies into three types, ...
Highlights
- The methods for anomaly detection on multivariate time series are reviewed.
- The ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CIKM '20: Proceedings of the 29th ACM International Conference on Information & Knowledge Management

October 2020

3619 pages

ISBN:9781450368599

DOI:10.1145/3340531

General Chairs:
Mathieu d'Aquin
DSI, Insight, NUI Galway, Ireland
,
Stefan Dietze
GESIS, Cologne, Germany, Heinrich-Heine-University Düsseldorf, Germany, L3S Research Center, Germany
,
Program Chairs:
Claudia Hauff
TU Delft, The Netherlands
,
Edward Curry
DSI, Insight, NUI Galway, Ireland
,
Philippe Cudre Mauroux
eXascale, University of Fribourg, Switzerland

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 October 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

CIKM '20

Sponsor:

CIKM '20: The 29th ACM International Conference on Information and Knowledge Management

October 19 - 23, 2020

Virtual Event, Ireland

Acceptance Rates

Overall Acceptance Rate 1,861 of 8,427 submissions, 22%

Upcoming Conference

CIKM '25

Sponsor:
sigir
sigir

The 34th ACM International Conference on Information and Knowledge Management

November 10 - 14, 2025

Seoul , Republic of Korea

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
507
Total Downloads

Downloads (Last 12 months)37
Downloads (Last 6 weeks)2

Reflects downloads up to 20 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Verma AKaur PSingh A(2024)Assessment in the Age of Education 4.0: Unveiling Primitive and Hidden Parameters for EvaluationInformation10.3390/info1508048615:8(486)Online publication date: 15-Aug-2024
https://doi.org/10.3390/info15080486
Qi JLuan ZHuang SFung CYang HQian D(2024)SpikeLog: Log-Based Anomaly Detection via Potential-Assisted Spiking Neuron NetworkIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2023.334769536:12(9322-9335)Online publication date: Dec-2024
https://doi.org/10.1109/TKDE.2023.3347695
Liu XWei ZYu WLiu SWang GLiu XLi YFrommholz IHopfgartner FLee MOakes MLalmas MZhang MSantos R(2023)Khronos: A Real-Time Indexing Framework for Time Series Databases on Large-Scale Performance Monitoring SystemsProceedings of the 32nd ACM International Conference on Information and Knowledge Management10.1145/3583780.3614944(1607-1616)Online publication date: 21-Oct-2023
https://dl.acm.org/doi/10.1145/3583780.3614944
Landauer MOnder SSkopik FWurzenberger M(2023)Deep learning for anomaly detection in log data: A surveyMachine Learning with Applications10.1016/j.mlwa.2023.10047012(100470)Online publication date: Jun-2023
https://doi.org/10.1016/j.mlwa.2023.100470
Alizadeh MMa J(2023)High-dimensional time series analysis and anomaly detectionAdvanced Engineering Informatics10.1016/j.aei.2023.10204157:COnline publication date: 1-Aug-2023
https://dl.acm.org/doi/10.1016/j.aei.2023.102041
Verma AAnand DSingh AVij RAlharbi AAlshammari MOrtega Mansilla A(2022)IoT-Inspired Reliable Irregularity-Detection Framework for Education 4.0 and Industry 4.0Electronics10.3390/electronics1109143611:9(1436)Online publication date: 29-Apr-2022
https://doi.org/10.3390/electronics11091436
Limsupavanich NGuo BFu X(2022)Improvement of Coastal Sea-Level Altimetry Derived From GNSS SNR Measurements Using the SNR Forward Network and T-LSTM Anomaly DetectionIEEE Transactions on Geoscience and Remote Sensing10.1109/TGRS.2022.318623960(1-13)Online publication date: 2022
https://doi.org/10.1109/TGRS.2022.3186239
Paulikas GSandonavičius DStasiukaitis EVilutis GVaitkunas M(2022)Survey of Cloud Traffic Anomaly Detection AlgorithmsInformation and Software Technologies10.1007/978-3-031-16302-9_2(19-32)Online publication date: 6-Oct-2022
https://doi.org/10.1007/978-3-031-16302-9_2
Wang HLi ZLiu XDing DHu ZZhang PZhou CBu JDemartini GZuccon GCulpepper JHuang ZTong H(2021)Fulfillment-Time-Aware Personalized Ranking for On-Demand Food RecommendationProceedings of the 30th ACM International Conference on Information & Knowledge Management10.1145/3459637.3481923(4184-4192)Online publication date: 26-Oct-2021
https://dl.acm.org/doi/10.1145/3459637.3481923
Du QZhao LXu JHan YZhang S(2021)Log-Based Anomaly Detection with Multi-Head Scaled Dot-Product Attention MechanismDatabase and Expert Systems Applications10.1007/978-3-030-86472-9_31(335-347)Online publication date: 31-Aug-2021
https://doi.org/10.1007/978-3-030-86472-9_31

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents