Anomaly Detection using system logs

2022 ◽  
Vol 16 (1) ◽  
pp. 0-0
Keyword(s):  
Neural Network ◽  
Anomaly Detection ◽  
Abnormal Behavior ◽  
Feed Forward Neural Network ◽  
One Dimensional ◽  
Log Files ◽  
System Logs ◽  
Hadoop Distributed File System ◽  
Windowing Technique ◽  
Improved Accuracy

Anomaly detection is a very important step in building a secure and trustworthy system. Manually it is daunting to analyze and detect failures and anomalies. In this paper, we proposed an approach that leverages the pattern matching capabilities of Convolution Neural Network (CNN) for anomaly detection in system logs. Features from log files are extracted using a windowing technique. Based on this feature, a one-dimensional image (1×n dimension) is generated where the pixel values of an image correlate with the features of the logs. On these images, the 1D Convolution operation is applied followed by max pooling. Followed by Convolution layers, a multi-layer feed-forward neural network is used as a classifier that learns to classify the logs as normal or abnormal from the representation created by the convolution layers. The model learns the variation in log pattern for normal and abnormal behavior. The proposed approach achieved improved accuracy compared to existing approaches for anomaly detection in Hadoop Distributed File System (HDFS) logs.

scholarly journals Learning-Based Anomaly Detection and Monitoring for Swarm Drone Flights

2019 ◽  
Vol 9 (24) ◽  
pp. 5477 ◽  
Author(s):  
Hyojung Ahn ◽  
Han-Lim Choi ◽  
Minguk Kang ◽  
SungTae Moon
Keyword(s):  
Anomaly Detection ◽  
Test Data ◽  
Flight Test ◽  
Abnormal Behavior ◽  
Detection Scheme ◽  
One Dimensional ◽  
The Real ◽  
Online Implementation ◽  
Multiple Vehicles ◽  
Fully Connected

This paper addresses anomaly detection and monitoring for swarm drone flights. While the current practice of swarm flight typically relies on the operator’s naked eyes to monitor health of the multiple vehicles, this work proposes a machine learning-based framework to enable detection of abnormal behavior of a large number of flying drones on the fly. The method works in two steps: a sequence of two unsupervised learning procedures reduces the dimensionality of the real flight test data and labels them as normal and abnormal cases; then, a deep neural network classifier with one-dimensional convolution layers followed by fully connected multi-layer perceptron extracts the associated features and distinguishes the anomaly from normal conditions. The proposed anomaly detection scheme is validated on the real flight test data, highlighting its capability of online implementation.

A neural network approach to anomaly detection in spectra

1997 ◽  
Author(s):  
Daniel Benzing ◽  
Kevin Whitaker ◽  
Dedra Moore ◽  
Daniel Benzing ◽  
Kevin Whitaker ◽  
...  
Keyword(s):  
Neural Network ◽  
Anomaly Detection ◽  
Network Approach ◽  
Neural Network Approach

Anomaly Detection via Mining Numerical Workflow Relations from Logs

2020 ◽  
Author(s):  
Bo Zhang ◽  
Hongyu Zhang ◽  
Pablo Moscato
Keyword(s):  
Distributed Systems ◽  
Anomaly Detection ◽  
Text Messages ◽  
Distributed File System ◽  
Log Data ◽  
Sliding Windows ◽  
Novel Approach ◽  
Hadoop Distributed File System ◽  
Blue Gene ◽  
Online Anomaly Detection

<div>Complex software intensive systems, especially distributed systems, generate logs for troubleshooting. The logs are text messages recording system events, which can help engineers determine the system's runtime status. This paper proposes a novel approach named ADR (stands for Anomaly Detection by workflow Relations) that employs matrix nullspace to mine numerical relations from log data. The mined relations can be used for both offline and online anomaly detection and facilitate fault diagnosis. We have evaluated ADR on log data collected from two distributed systems, HDFS (Hadoop Distributed File System) and BGL (IBM Blue Gene/L supercomputers system). ADR successfully mined 87 and 669 numerical relations from the logs and used them to detect anomalies with high precision and recall. For online anomaly detection, ADR employs PSO (Particle Swarm Optimization) to find the optimal sliding windows' size and achieves fast anomaly detection.</div><div>The experimental results confirm that ADR is effective for both offline and online anomaly detection. </div>

Sign in / Sign up

Export Citation Format

Share Document