TY - GEN
T1 - LogSayer
T2 - 28th IEEE/ACM International Symposium on Quality of Service, IWQoS 2020
AU - Zhou, Pengpeng
AU - Wang, Yang
AU - Li, Zhenyu
AU - Wang, Xin
AU - Tyson, Gareth
AU - Xie, Gaogang
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/6
Y1 - 2020/6
N2 - Anomaly diagnosis is a critical task for building a reliable cloud system and speeding up the system recovery form failures. With the increase of scales and applications of clouds, they are more vulnerable to various anomalies, and it is more challenging for anomaly troubleshooting. System logs that record significant events at critical time points become excellent sources of information to perform anomaly diagnosis. Never-theless, existing log-based anomaly diagnosis approaches fail to achieve high precision in highly concurrent environments due to interleaved unstructured logs. Besides, transient anomalies that have no obvious features are hard to detect by these approaches. To address this gap, this paper proposes LogSayer, a log pattern-driven anomaly detection model. LogSayer represents the system state by identifying suitable statistical features (e.g. frequency, surge), which are not sensitive to the exact log sequence. It then measures changes in the log pattern when a transient anomaly occurs. LogSayer uses Long Short-Term Memory (LSTM) neural networks to learn the historical correlation of log patterns and applies a BP neural network for adaptive anomaly decisions. Our experimental evaluations over the HDFS and OpenStack data sets show that LogSayer outperforms the state-of-the-art log-based approaches with precision over 98%.
AB - Anomaly diagnosis is a critical task for building a reliable cloud system and speeding up the system recovery form failures. With the increase of scales and applications of clouds, they are more vulnerable to various anomalies, and it is more challenging for anomaly troubleshooting. System logs that record significant events at critical time points become excellent sources of information to perform anomaly diagnosis. Never-theless, existing log-based anomaly diagnosis approaches fail to achieve high precision in highly concurrent environments due to interleaved unstructured logs. Besides, transient anomalies that have no obvious features are hard to detect by these approaches. To address this gap, this paper proposes LogSayer, a log pattern-driven anomaly detection model. LogSayer represents the system state by identifying suitable statistical features (e.g. frequency, surge), which are not sensitive to the exact log sequence. It then measures changes in the log pattern when a transient anomaly occurs. LogSayer uses Long Short-Term Memory (LSTM) neural networks to learn the historical correlation of log patterns and applies a BP neural network for adaptive anomaly decisions. Our experimental evaluations over the HDFS and OpenStack data sets show that LogSayer outperforms the state-of-the-art log-based approaches with precision over 98%.
KW - anomaly diagnosis
KW - deep learning
KW - log pattern
UR - https://www.scopus.com/pages/publications/85094865626
U2 - 10.1109/IWQoS49365.2020.9212954
DO - 10.1109/IWQoS49365.2020.9212954
M3 - Conference contribution
AN - SCOPUS:85094865626
T3 - 2020 IEEE/ACM 28th International Symposium on Quality of Service, IWQoS 2020
BT - 2020 IEEE/ACM 28th International Symposium on Quality of Service, IWQoS 2020
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 15 June 2020 through 17 June 2020
ER -