LogGPT: Log Anomaly Detection via GPT
This work addresses the problem of detecting system anomalies for ensuring computer system security and reliability, representing an incremental advancement by adapting GPT with reinforcement learning for a specific domain task.
The paper tackles the gap between language modeling and anomaly detection in log data by proposing LogGPT, a framework that uses GPT for log anomaly detection and enhances it with a reinforcement learning strategy, achieving significant performance improvements over state-of-the-art methods on three datasets.
Detecting system anomalies based on log data is important for ensuring the security and reliability of computer systems. Recently, deep learning models have been widely used for log anomaly detection. The core idea is to model the log sequences as natural language and adopt deep sequential models, such as LSTM or Transformer, to encode the normal patterns in log sequences via language modeling. However, there is a gap between language modeling and anomaly detection as the objective of training a sequential model via a language modeling loss is not directly related to anomaly detection. To fill up the gap, we propose LogGPT, a novel framework that employs GPT for log anomaly detection. LogGPT is first trained to predict the next log entry based on the preceding sequence. To further enhance the performance of LogGPT, we propose a novel reinforcement learning strategy to finetune the model specifically for the log anomaly detection task. The experimental results on three datasets show that LogGPT significantly outperforms existing state-of-the-art approaches.