基于部分标签的设备无关日志异常分类

2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS) Pub Date : 2018-06-01 DOI:10.1109/IWQoS.2018.8624141

Weibin Meng, Y. Liu, Shenglin Zhang, Dan Pei, Hui Dong, Lei Song, Xulong Luo

{"title":"基于部分标签的设备无关日志异常分类","authors":"Weibin Meng, Y. Liu, Shenglin Zhang, Dan Pei, Hui Dong, Lei Song, Xulong Luo","doi":"10.1109/IWQoS.2018.8624141","DOIUrl":null,"url":null,"abstract":"Anomaly classification, i.e., detecting whether a network device is anomalous and determining its anomaly category if yes, plays a crucial role in troubleshooting. Compared to KPI curves, device logs contain too much more valuable information for anomaly classification. However, the regular expression based anomaly classification techniques cannot tackle the challenges lying in log anomaly classification. We propose LogClass, a data-driven framework to detect and classify anomalies based on device logs. LogClass combines a word representation method and the PU learning model to construct device-agnostic vocabulary with partial labels. We evaluate LogClass on tens of millions of switch logs collected from several real-world datacenters owned by a top global search engine. Our results show that LogClass achieves 99.515% F1 score in anomalous log detection, 95.32% Macro-F1 and 99.74% Micro-F1 in anomalous log classification in a computationally efficient manner.","PeriodicalId":222290,"journal":{"name":"2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"38","resultStr":"{\"title\":\"Device-Agnostic Log Anomaly Classification with Partial Labels\",\"authors\":\"Weibin Meng, Y. Liu, Shenglin Zhang, Dan Pei, Hui Dong, Lei Song, Xulong Luo\",\"doi\":\"10.1109/IWQoS.2018.8624141\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Anomaly classification, i.e., detecting whether a network device is anomalous and determining its anomaly category if yes, plays a crucial role in troubleshooting. Compared to KPI curves, device logs contain too much more valuable information for anomaly classification. However, the regular expression based anomaly classification techniques cannot tackle the challenges lying in log anomaly classification. We propose LogClass, a data-driven framework to detect and classify anomalies based on device logs. LogClass combines a word representation method and the PU learning model to construct device-agnostic vocabulary with partial labels. We evaluate LogClass on tens of millions of switch logs collected from several real-world datacenters owned by a top global search engine. Our results show that LogClass achieves 99.515% F1 score in anomalous log detection, 95.32% Macro-F1 and 99.74% Micro-F1 in anomalous log classification in a computationally efficient manner.\",\"PeriodicalId\":222290,\"journal\":{\"name\":\"2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS)\",\"volume\":\"11 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"38\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IWQoS.2018.8624141\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IWQoS.2018.8624141","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 38

摘要

异常分类，即检测网络设备是否存在异常，如果存在异常则确定其所属的异常类别，在故障处理中起着至关重要的作用。与KPI曲线相比，设备日志包含了更多有价值的信息，可以用于异常分类。然而，基于正则表达式的异常分类技术无法解决日志异常分类的难题。我们提出了LogClass，一个数据驱动的框架来检测和分类基于设备日志的异常。LogClass结合单词表示方法和PU学习模型来构建带有部分标签的与设备无关的词汇表。我们根据从全球顶级搜索引擎拥有的几个真实数据中心收集的数千万交换机日志来评估LogClass。结果表明，LogClass在异常日志检测中F1得分为99.515%，在异常日志分类中Macro-F1得分为95.32%，Micro-F1得分为99.74%，计算效率很高。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Device-Agnostic Log Anomaly Classification with Partial Labels

Anomaly classification, i.e., detecting whether a network device is anomalous and determining its anomaly category if yes, plays a crucial role in troubleshooting. Compared to KPI curves, device logs contain too much more valuable information for anomaly classification. However, the regular expression based anomaly classification techniques cannot tackle the challenges lying in log anomaly classification. We propose LogClass, a data-driven framework to detect and classify anomalies based on device logs. LogClass combines a word representation method and the PU learning model to construct device-agnostic vocabulary with partial labels. We evaluate LogClass on tens of millions of switch logs collected from several real-world datacenters owned by a top global search engine. Our results show that LogClass achieves 99.515% F1 score in anomalous log detection, 95.32% Macro-F1 and 99.74% Micro-F1 in anomalous log classification in a computationally efficient manner.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS)

自引率

0.00%

发文量

期刊最新文献

Welcome from General Chair Back How Would you Like Your Packets Delivered? An SDN-Enabled Open Platform for QoS Routing Byte Segment Neural Network for Network Traffic Classification Enabling Privacy-Preserving Header Matching for Outsourced Middleboxes