LogDP: Combining Dependency and Proximity for Log-based Anomaly Detection
This addresses the problem of troubleshooting faults in large-scale service-oriented systems for engineers, representing an incremental improvement over existing methods.
The paper tackles log-based anomaly detection by proposing LogDP, a semi-supervised approach that combines dependency relationships and proximity among log events to identify anomalies, achieving higher detection accuracy than six state-of-the-art methods in experiments on real-world datasets.
Log analysis is an important technique that engineers use for troubleshooting faults of large-scale service-oriented systems. In this study, we propose a novel semi-supervised log-based anomaly detection approach, LogDP, which utilizes the dependency relationships among log events and proximity among log sequences to detect the anomalies in massive unlabeled log data. LogDP divides log events into dependent and independent events, then learns normal patterns of dependent events using dependency and independent events using proximity. Events violating any normal pattern are identified as anomalies. By combining dependency and proximity, LogDP is able to achieve high detection accuracy. Extensive experiments have been conducted on real-world datasets, and the results show that LogDP outperforms six state-of-the-art methods.