Cargando…
Two Class Pruned Log Message Anomaly Detection
Log messages are widely used in cloud servers and other systems. Millions of logs are generated each day which makes them important for anomaly detection. However, they are complex unstructured text messages which makes this task difficult. In this paper, a hybrid log message anomaly detection techn...
| Autores principales: | , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Springer Singapore
2021
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8310418/ https://www.ncbi.nlm.nih.gov/pubmed/34337434 http://dx.doi.org/10.1007/s42979-021-00772-9 |
| _version_ | 1783728758152232960 |
|---|---|
| author | Farzad, Amir Gulliver, T. Aaron |
| author_facet | Farzad, Amir Gulliver, T. Aaron |
| author_sort | Farzad, Amir |
| collection | PubMed |
| description | Log messages are widely used in cloud servers and other systems. Millions of logs are generated each day which makes them important for anomaly detection. However, they are complex unstructured text messages which makes this task difficult. In this paper, a hybrid log message anomaly detection technique is proposed which employs pruning of positive and negative logs. Reliable positive log messages are first selected using a Gaussian mixture model algorithm. Then reliable negative logs are selected using the K-means, Gaussian mixture model and Dirichlet process Gaussian mixture model methods iteratively. It is shown that the precision for positive and negative logs with pruning is high. Anomaly detection is done using a deep learning long short-term memory network. The proposed model is evaluated using the well-known BGL, Openstack, and Thunderbird data sets. The results obtained indicate that the proposed model performs better than several well-known algorithms. |
| format | Online Article Text |
| id | pubmed-8310418 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2021 |
| publisher | Springer Singapore |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-83104182021-07-26 Two Class Pruned Log Message Anomaly Detection Farzad, Amir Gulliver, T. Aaron SN Comput Sci Original Research Log messages are widely used in cloud servers and other systems. Millions of logs are generated each day which makes them important for anomaly detection. However, they are complex unstructured text messages which makes this task difficult. In this paper, a hybrid log message anomaly detection technique is proposed which employs pruning of positive and negative logs. Reliable positive log messages are first selected using a Gaussian mixture model algorithm. Then reliable negative logs are selected using the K-means, Gaussian mixture model and Dirichlet process Gaussian mixture model methods iteratively. It is shown that the precision for positive and negative logs with pruning is high. Anomaly detection is done using a deep learning long short-term memory network. The proposed model is evaluated using the well-known BGL, Openstack, and Thunderbird data sets. The results obtained indicate that the proposed model performs better than several well-known algorithms. Springer Singapore 2021-07-24 2021 /pmc/articles/PMC8310418/ /pubmed/34337434 http://dx.doi.org/10.1007/s42979-021-00772-9 Text en © The Author(s), under exclusive licence to Springer Nature Singapore Pte Ltd 2021 This article is made available via the PMC Open Access Subset for unrestricted research re-use and secondary analysis in any form or by any means with acknowledgement of the original source. These permissions are granted for the duration of the World Health Organization (WHO) declaration of COVID-19 as a global pandemic. |
| spellingShingle | Original Research Farzad, Amir Gulliver, T. Aaron Two Class Pruned Log Message Anomaly Detection |
| title | Two Class Pruned Log Message Anomaly Detection |
| title_full | Two Class Pruned Log Message Anomaly Detection |
| title_fullStr | Two Class Pruned Log Message Anomaly Detection |
| title_full_unstemmed | Two Class Pruned Log Message Anomaly Detection |
| title_short | Two Class Pruned Log Message Anomaly Detection |
| title_sort | two class pruned log message anomaly detection |
| topic | Original Research |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8310418/ https://www.ncbi.nlm.nih.gov/pubmed/34337434 http://dx.doi.org/10.1007/s42979-021-00772-9 |
| work_keys_str_mv | AT farzadamir twoclassprunedlogmessageanomalydetection AT gullivertaaron twoclassprunedlogmessageanomalydetection |