Beyond Window-Based Detection: A Graph-Centric Framework for Discrete Log Anomaly Detection
This addresses the problem of precise anomaly detection in system logs for reliability and security, representing a novel method rather than an incremental improvement.
The paper tackles the problem of context bias and fuzzy localization in discrete log anomaly detection by proposing TempoLog, a graph-centric framework that constructs continuous-time dynamic graphs from event logs. The method achieves state-of-the-art performance, significantly outperforming existing approaches in accuracy and efficiency on public datasets.
Detecting anomalies in discrete event logs is critical for ensuring system reliability, security, and efficiency. Traditional window-based methods for log anomaly detection often suffer from context bias and fuzzy localization, which hinder their ability to precisely and efficiently identify anomalies. To address these challenges, we propose a graph-centric framework, TempoLog, which leverages multi-scale temporal graph networks for discrete log anomaly detection. Unlike conventional methods, TempoLog constructs continuous-time dynamic graphs directly from event logs, eliminating the need for fixed-size window grouping. By representing log templates as nodes and their temporal relationships as edges, the framework dynamically captures both local and global dependencies across multiple temporal scales. Additionally, a semantic-aware model enhances detection by incorporating rich contextual information. Extensive experiments on public datasets demonstrate that our method achieves state-of-the-art performance in event-level anomaly detection, significantly outperforming existing approaches in both accuracy and efficiency.