Improvement of multi-parameter anomaly detection method: Addition of a relational token between parameters
In the continuous development of systems, the increasing volume and complexity of data that engineers must analyze have become significant challenges. To address this issue, extensive research has been conducted on automated anomaly detection in logs. However, due to the limited variety of available...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
KeAi Communications Co. Ltd.
2025-01-01
|
| Series: | Cognitive Robotics |
| Subjects: | |
| Online Access: | http://www.sciencedirect.com/science/article/pii/S2667241325000114 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849711738550747136 |
|---|---|
| author | Hironori Uchida Keitaro Tominaga Hideki Itai Yujie Li Yoshihisa Nakatoh |
| author_facet | Hironori Uchida Keitaro Tominaga Hideki Itai Yujie Li Yoshihisa Nakatoh |
| author_sort | Hironori Uchida |
| collection | DOAJ |
| description | In the continuous development of systems, the increasing volume and complexity of data that engineers must analyze have become significant challenges. To address this issue, extensive research has been conducted on automated anomaly detection in logs. However, due to the limited variety of available datasets, most studies have focused on sequence-based anomalies in logs, with relatively little attention paid to parameter-based anomaly detection. To bridge this gap, we prepared a labeled dataset specifically designed for parameter-based anomaly detection and propose a novel method utilizing BERTMaskedLM. Since continuously changing logs in system development are difficult to label, we also propose a method that enables learning without labeled data. Previous studies have employed BERTMaskedLM to capture relationships between parameters in multi-parameter logs for anomaly detection. However, a known issue arises when the ranges of numerical parameters overlap, resulting in reduced detection accuracy. To mitigate this, we introduced tokens that encode the relationships between parameters, improving the independence of parameter combinations and enhancing anomaly detection accuracy (increasing the F1-score by more than 0.002). In this study, we employed a simple yet effective approach by using the total value of each token as the added token. Since only the parameter portions vary within the same log template structure, these proposed tokens effectively capture the relationships between parameters. Additionally, we visualized the influence of the added tokens and conducted experiments using a new dataset to assess the reliability of our proposed method. |
| format | Article |
| id | doaj-art-ee9e377f5b8a4399909fb09aaad9d767 |
| institution | DOAJ |
| issn | 2667-2413 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | KeAi Communications Co. Ltd. |
| record_format | Article |
| series | Cognitive Robotics |
| spelling | doaj-art-ee9e377f5b8a4399909fb09aaad9d7672025-08-20T03:14:32ZengKeAi Communications Co. Ltd.Cognitive Robotics2667-24132025-01-01517619110.1016/j.cogr.2025.03.004Improvement of multi-parameter anomaly detection method: Addition of a relational token between parametersHironori Uchida0Keitaro Tominaga1Hideki Itai2Yujie Li3Yoshihisa Nakatoh4Kyushu Institute of Technology, Kitakyushu, Japan; Corresponding author.Panasonic System Design Co., Ltd, Yokohama, JapanPanasonic System Design Co., Ltd, Yokohama, JapanKyushu Institute of Technology, Kitakyushu, JapanKyushu Institute of Technology, Kitakyushu, JapanIn the continuous development of systems, the increasing volume and complexity of data that engineers must analyze have become significant challenges. To address this issue, extensive research has been conducted on automated anomaly detection in logs. However, due to the limited variety of available datasets, most studies have focused on sequence-based anomalies in logs, with relatively little attention paid to parameter-based anomaly detection. To bridge this gap, we prepared a labeled dataset specifically designed for parameter-based anomaly detection and propose a novel method utilizing BERTMaskedLM. Since continuously changing logs in system development are difficult to label, we also propose a method that enables learning without labeled data. Previous studies have employed BERTMaskedLM to capture relationships between parameters in multi-parameter logs for anomaly detection. However, a known issue arises when the ranges of numerical parameters overlap, resulting in reduced detection accuracy. To mitigate this, we introduced tokens that encode the relationships between parameters, improving the independence of parameter combinations and enhancing anomaly detection accuracy (increasing the F1-score by more than 0.002). In this study, we employed a simple yet effective approach by using the total value of each token as the added token. Since only the parameter portions vary within the same log template structure, these proposed tokens effectively capture the relationships between parameters. Additionally, we visualized the influence of the added tokens and conducted experiments using a new dataset to assess the reliability of our proposed method.http://www.sciencedirect.com/science/article/pii/S2667241325000114Log anomaly detectionParameter anomaly detectionTransformerMulti parameterSoftware log |
| spellingShingle | Hironori Uchida Keitaro Tominaga Hideki Itai Yujie Li Yoshihisa Nakatoh Improvement of multi-parameter anomaly detection method: Addition of a relational token between parameters Cognitive Robotics Log anomaly detection Parameter anomaly detection Transformer Multi parameter Software log |
| title | Improvement of multi-parameter anomaly detection method: Addition of a relational token between parameters |
| title_full | Improvement of multi-parameter anomaly detection method: Addition of a relational token between parameters |
| title_fullStr | Improvement of multi-parameter anomaly detection method: Addition of a relational token between parameters |
| title_full_unstemmed | Improvement of multi-parameter anomaly detection method: Addition of a relational token between parameters |
| title_short | Improvement of multi-parameter anomaly detection method: Addition of a relational token between parameters |
| title_sort | improvement of multi parameter anomaly detection method addition of a relational token between parameters |
| topic | Log anomaly detection Parameter anomaly detection Transformer Multi parameter Software log |
| url | http://www.sciencedirect.com/science/article/pii/S2667241325000114 |
| work_keys_str_mv | AT hironoriuchida improvementofmultiparameteranomalydetectionmethodadditionofarelationaltokenbetweenparameters AT keitarotominaga improvementofmultiparameteranomalydetectionmethodadditionofarelationaltokenbetweenparameters AT hidekiitai improvementofmultiparameteranomalydetectionmethodadditionofarelationaltokenbetweenparameters AT yujieli improvementofmultiparameteranomalydetectionmethodadditionofarelationaltokenbetweenparameters AT yoshihisanakatoh improvementofmultiparameteranomalydetectionmethodadditionofarelationaltokenbetweenparameters |