LogLS: Research on System Log Anomaly Detection Method Based on Dual LSTM
System logs record the status and important events of the system at different time periods. They are important resources for administrators to understand and manage the system. Detecting anomalies in logs is critical to identifying system faults in time. However, with the increasing size and complex...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2022-02-01
|
| Series: | Symmetry |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2073-8994/14/3/454 |
| _version_ | 1797441634154053632 |
|---|---|
| author | Yiyong Chen Nurbol Luktarhan Dan Lv |
| author_facet | Yiyong Chen Nurbol Luktarhan Dan Lv |
| author_sort | Yiyong Chen |
| collection | DOAJ |
| description | System logs record the status and important events of the system at different time periods. They are important resources for administrators to understand and manage the system. Detecting anomalies in logs is critical to identifying system faults in time. However, with the increasing size and complexity of today’s software systems, the number of logs has exploded. In many cases, the traditional manual log-checking method becomes impractical and time-consuming. On the other hand, existing automatic log anomaly detection methods are error-prone and often use indices or log templates. In this work, we propose LogLS, a system log anomaly detection method based on dual long short-term memory (LSTM) with symmetric structure, which regarded the system log as a natural-language sequence and modeled the log according to the preorder relationship and postorder relationship. LogLS is optimized based on the DeepLog method to solve the problem of poor prediction performance of LSTM on long sequences. By providing a feedback mechanism, it implements the prediction of logs that do not appear. To evaluate LogLS, we conducted experiments on two real datasets, and the experimental results demonstrate the effectiveness of our proposed method in log anomaly detection. |
| first_indexed | 2024-03-09T12:25:58Z |
| format | Article |
| id | doaj.art-9a24a9641244412abcbe2c67de81055c |
| institution | Directory Open Access Journal |
| issn | 2073-8994 |
| language | English |
| last_indexed | 2024-03-09T12:25:58Z |
| publishDate | 2022-02-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Symmetry |
| spelling | doaj.art-9a24a9641244412abcbe2c67de81055c2023-11-30T22:34:50ZengMDPI AGSymmetry2073-89942022-02-0114345410.3390/sym14030454LogLS: Research on System Log Anomaly Detection Method Based on Dual LSTMYiyong Chen0Nurbol Luktarhan1Dan Lv2College of Information Science and Engineering, Xinjiang University, Urumqi 830046, ChinaCollege of Information Science and Engineering, Xinjiang University, Urumqi 830046, ChinaCollege of Information Science and Engineering, Xinjiang University, Urumqi 830046, ChinaSystem logs record the status and important events of the system at different time periods. They are important resources for administrators to understand and manage the system. Detecting anomalies in logs is critical to identifying system faults in time. However, with the increasing size and complexity of today’s software systems, the number of logs has exploded. In many cases, the traditional manual log-checking method becomes impractical and time-consuming. On the other hand, existing automatic log anomaly detection methods are error-prone and often use indices or log templates. In this work, we propose LogLS, a system log anomaly detection method based on dual long short-term memory (LSTM) with symmetric structure, which regarded the system log as a natural-language sequence and modeled the log according to the preorder relationship and postorder relationship. LogLS is optimized based on the DeepLog method to solve the problem of poor prediction performance of LSTM on long sequences. By providing a feedback mechanism, it implements the prediction of logs that do not appear. To evaluate LogLS, we conducted experiments on two real datasets, and the experimental results demonstrate the effectiveness of our proposed method in log anomaly detection.https://www.mdpi.com/2073-8994/14/3/454system logsanomaly detectionLSTMtime series forecasting |
| spellingShingle | Yiyong Chen Nurbol Luktarhan Dan Lv LogLS: Research on System Log Anomaly Detection Method Based on Dual LSTM Symmetry system logs anomaly detection LSTM time series forecasting |
| title | LogLS: Research on System Log Anomaly Detection Method Based on Dual LSTM |
| title_full | LogLS: Research on System Log Anomaly Detection Method Based on Dual LSTM |
| title_fullStr | LogLS: Research on System Log Anomaly Detection Method Based on Dual LSTM |
| title_full_unstemmed | LogLS: Research on System Log Anomaly Detection Method Based on Dual LSTM |
| title_short | LogLS: Research on System Log Anomaly Detection Method Based on Dual LSTM |
| title_sort | logls research on system log anomaly detection method based on dual lstm |
| topic | system logs anomaly detection LSTM time series forecasting |
| url | https://www.mdpi.com/2073-8994/14/3/454 |
| work_keys_str_mv | AT yiyongchen loglsresearchonsystemloganomalydetectionmethodbasedonduallstm AT nurbolluktarhan loglsresearchonsystemloganomalydetectionmethodbasedonduallstm AT danlv loglsresearchonsystemloganomalydetectionmethodbasedonduallstm |