LogBERT: Log Anomaly Detection via BERT
This addresses the problem of detecting malicious attacks or malfunctions in online systems for system administrators, representing a domain-specific incremental improvement.
The authors tackled log anomaly detection in computer systems by proposing LogBERT, a self-supervised framework based on BERT, which outperformed state-of-the-art methods on three datasets.
Detecting anomalous events in online computer systems is crucial to protect the systems from malicious attacks or malfunctions. System logs, which record detailed information of computational events, are widely used for system status analysis. In this paper, we propose LogBERT, a self-supervised framework for log anomaly detection based on Bidirectional Encoder Representations from Transformers (BERT). LogBERT learns the patterns of normal log sequences by two novel self-supervised training tasks and is able to detect anomalies where the underlying patterns deviate from normal log sequences. The experimental results on three log datasets show that LogBERT outperforms state-of-the-art approaches for anomaly detection.