A Taxonomy of Anomalies in Log Data

arXiv - CS - General Literature Pub Date : 2021-11-26 DOI:arxiv-2111.13462

Thorsten Wittkopp, Philipp Wiesner, Dominik Scheinert, Odej Kao

{"title":"A Taxonomy of Anomalies in Log Data","authors":"Thorsten Wittkopp, Philipp Wiesner, Dominik Scheinert, Odej Kao","doi":"arxiv-2111.13462","DOIUrl":null,"url":null,"abstract":"Log data anomaly detection is a core component in the area of artificial\nintelligence for IT operations. However, the large amount of existing methods\nmakes it hard to choose the right approach for a specific system. A better\nunderstanding of different kinds of anomalies, and which algorithms are\nsuitable for detecting them, would support researchers and IT operators.\nAlthough a common taxonomy for anomalies already exists, it has not yet been\napplied specifically to log data, pointing out the characteristics and\npeculiarities in this domain. In this paper, we present a taxonomy for different kinds of log data\nanomalies and introduce a method for analyzing such anomalies in labeled\ndatasets. We applied our taxonomy to the three common benchmark datasets\nThunderbird, Spirit, and BGL, and trained five state-of-the-art unsupervised\nanomaly detection algorithms to evaluate their performance in detecting\ndifferent kinds of anomalies. Our results show, that the most common anomaly\ntype is also the easiest to predict. Moreover, deep learning-based approaches\noutperform data mining-based approaches in all anomaly types, but especially\nwhen it comes to detecting contextual anomalies.","PeriodicalId":501533,"journal":{"name":"arXiv - CS - General Literature","volume":"13 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2021-11-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - General Literature","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2111.13462","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Log data anomaly detection is a core component in the area of artificial intelligence for IT operations. However, the large amount of existing methods makes it hard to choose the right approach for a specific system. A better understanding of different kinds of anomalies, and which algorithms are suitable for detecting them, would support researchers and IT operators. Although a common taxonomy for anomalies already exists, it has not yet been applied specifically to log data, pointing out the characteristics and peculiarities in this domain. In this paper, we present a taxonomy for different kinds of log data anomalies and introduce a method for analyzing such anomalies in labeled datasets. We applied our taxonomy to the three common benchmark datasets Thunderbird, Spirit, and BGL, and trained five state-of-the-art unsupervised anomaly detection algorithms to evaluate their performance in detecting different kinds of anomalies. Our results show, that the most common anomaly type is also the easiest to predict. Moreover, deep learning-based approaches outperform data mining-based approaches in all anomaly types, but especially when it comes to detecting contextual anomalies.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

测井数据异常分类

日志数据异常检测是人工智能IT运营领域的核心组成部分。然而，现有的大量方法使得很难为特定的系统选择正确的方法。更好地了解不同类型的异常，以及适合检测它们的算法，将为研究人员和IT操作员提供支持。虽然已有一种常见的异常分类方法，但尚未将其具体应用于测井数据，指出了该领域的特点和特殊性。在本文中，我们提出了不同类型的测井数据异常的分类，并介绍了一种在标记数据集中分析这种异常的方法。我们将我们的分类法应用于三个常见的基准数据集——thunderbird、Spirit和BGL，并训练了五种最先进的无监督异常检测算法，以评估它们在检测不同类型异常方面的性能。我们的结果表明，最常见的异常类型也是最容易预测的。此外，基于深度学习的方法在所有异常类型中都优于基于数据挖掘的方法，尤其是在检测上下文异常时。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

arXiv - CS - General Literature

自引率

0.00%

发文量