TY - GEN
T1 - Higher-order Markov Graph based Bug Detection in Cloud-based Deployments
AU - Cao, Qing
AU - Niu, Haoran
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Detecting execution anomalies is an integral part of building and protecting modern large-scale distributed systems. These systems generate a large volume of system logs to record system state and significant events, which provide a valuable resource to help debug system failures and perform root cause analysis. However, detecting anomalies in log sequences remains a challenge due to reasons including the imbalance of the data, the complexity of relationships between events, and the high dimensionality of log events. Traditional graph-based models may lose important higher-order sequence patterns and result in undetectable higher-order anomalies because they use first-order or fixed-order networks to represent the underlying log data. In this paper, we propose a novel unsupervised graph-based anomaly detection method, called GraphLog, which utilizes a variable high-order network representation. This variable representation enables GraphLog to efficiently learn log patterns from normal logs and detect first-order and higher-order log patterns that deviate from normal data. We demonstrate that the proposed graph-based log anomaly detection algorithm is effective, and it outperforms other baseline methods when trained using two real-world datasets.
AB - Detecting execution anomalies is an integral part of building and protecting modern large-scale distributed systems. These systems generate a large volume of system logs to record system state and significant events, which provide a valuable resource to help debug system failures and perform root cause analysis. However, detecting anomalies in log sequences remains a challenge due to reasons including the imbalance of the data, the complexity of relationships between events, and the high dimensionality of log events. Traditional graph-based models may lose important higher-order sequence patterns and result in undetectable higher-order anomalies because they use first-order or fixed-order networks to represent the underlying log data. In this paper, we propose a novel unsupervised graph-based anomaly detection method, called GraphLog, which utilizes a variable high-order network representation. This variable representation enables GraphLog to efficiently learn log patterns from normal logs and detect first-order and higher-order log patterns that deviate from normal data. We demonstrate that the proposed graph-based log anomaly detection algorithm is effective, and it outperforms other baseline methods when trained using two real-world datasets.
UR - http://www.scopus.com/inward/record.url?scp=85147139179&partnerID=8YFLogxK
U2 - 10.1109/IPCCC55026.2022.9894353
DO - 10.1109/IPCCC55026.2022.9894353
M3 - Conference contribution
AN - SCOPUS:85147139179
T3 - Conference Proceedings of the IEEE International Performance, Computing, and Communications Conference
SP - 153
EP - 160
BT - 2022 IEEE International Performance, Computing, and Communications Conference, IPCCC 2022
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2022 IEEE International Performance, Computing, and Communications Conference, IPCCC 2022
Y2 - 11 November 2022 through 13 November 2022
ER -