LogELECTRA: Self-supervised Anomaly Detection for Unstructured Logs
This addresses the challenge of timely anomaly detection in complex software systems, which is critical for maintenance, though it is an incremental improvement over existing methods.
The paper tackled the problem of detecting anomalies in unstructured system logs by proposing LogELECTRA, a model that analyzes single log lines using self-supervised learning based on ELECTRA, and it outperformed state-of-the-art methods on benchmark datasets BGL, Sprit, and Thunderbird.
System logs are some of the most important information for the maintenance of software systems, which have become larger and more complex in recent years. The goal of log-based anomaly detection is to automatically detect system anomalies by analyzing the large number of logs generated in a short period of time, which is a critical challenge in the real world. Previous studies have used a log parser to extract templates from unstructured log data and detect anomalies on the basis of patterns of the template occurrences. These methods have limitations for logs with unknown templates. Furthermore, since most log anomalies are known to be point anomalies rather than contextual anomalies, detection methods based on occurrence patterns can cause unnecessary delays in detection. In this paper, we propose LogELECTRA, a new log anomaly detection model that analyzes a single line of log messages more deeply on the basis of self-supervised anomaly detection. LogELECTRA specializes in detecting log anomalies as point anomalies by applying ELECTRA, a natural language processing model, to analyze the semantics of a single line of log messages. LogELECTRA outperformed existing state-of-the-art methods in experiments on the public benchmark log datasets BGL, Sprit, and Thunderbird.