Scalable and Adaptive Log-based Anomaly Detection with Expert in the Loop

AI-generated keywords: Software Systems

AI-generated Key Points

The license of the paper does not allow us to build upon its content and the key points are generated using the paper metadata rather than the full article.

  • System logs are essential for maintaining reliability in software systems
  • SeaLog is a novel approach characterized by accuracy, lightweight nature, and adaptability in detecting anomalies within logs
  • SeaLog utilizes the Trie-based Detection Agent (TDA) for real-time anomaly detection, which can receive feedback from experts to enhance accuracy
  • Contemporary large language models like ChatGPT can offer feedback with a consistency level comparable to human experts, reducing manual verification efforts significantly
  • SeaLog outperforms baseline methods in terms of effectiveness, operating 2X to 10X faster and consuming only 5% to 41% of memory resources
Also access our AI generated: Comprehensive summary, Lay summary, Blog-like article; or ask questions about this paper to our AI assistant.

Authors: Jinyang Liu, Junjie Huang, Yintong Huo, Zhihan Jiang, Jiazhen Gu, Zhuangbin Chen, Cong Feng, Minzhi Yan, Michael R. Lyu

License: CC BY-NC-ND 4.0

Abstract: System logs play a critical role in maintaining the reliability of software systems. Fruitful studies have explored automatic log-based anomaly detection and achieved notable accuracy on benchmark datasets. However, when applied to large-scale cloud systems, these solutions face limitations due to high resource consumption and lack of adaptability to evolving logs. In this paper, we present an accurate, lightweight, and adaptive log-based anomaly detection framework, referred to as SeaLog. Our method introduces a Trie-based Detection Agent (TDA) that employs a lightweight, dynamically-growing trie structure for real-time anomaly detection. To enhance TDA's accuracy in response to evolving log data, we enable it to receive feedback from experts. Interestingly, our findings suggest that contemporary large language models, such as ChatGPT, can provide feedback with a level of consistency comparable to human experts, which can potentially reduce manual verification efforts. We extensively evaluate SeaLog on two public datasets and an industrial dataset. The results show that SeaLog outperforms all baseline methods in terms of effectiveness, runs 2X to 10X faster and only consumes 5% to 41% of the memory resource.

Submitted to arXiv on 08 Jun. 2023

Ask questions about this paper to our AI assistant

You can also chat with multiple papers at once here.

The license of the paper does not allow us to build upon its content and the AI assistant only knows about the paper metadata rather than the full article.

AI assistant instructions?

Results of the summarizing process for the arXiv paper: 2306.05032v1

This paper's license doesn't allow us to build upon its content and the summarizing process is here made with the paper's metadata rather than the article.

, , , , In the realm of software systems, system logs are essential for maintaining reliability. Various studies have delved into automatic log-based anomaly detection and have achieved commendable accuracy on standardized datasets. However, when these solutions are applied to large-scale cloud systems, they encounter challenges such as high resource consumption and a lack of adaptability to evolving logs. To address these limitations, a novel approach called SeaLog has been introduced in this paper. SeaLog is characterized by its accuracy, lightweight nature, and adaptability in detecting anomalies within logs. At the core of SeaLog lies the Trie-based Detection Agent (TDA), which utilizes a dynamically-growing trie structure for real-time anomaly detection. What sets TDA apart is its ability to receive feedback from experts, thereby enhancing its accuracy in response to changing log data. Notably, the study reveals that contemporary large language models like ChatGPT can offer feedback with a consistency level comparable to human experts, potentially reducing manual verification efforts significantly. The effectiveness of SeaLog was extensively evaluated using two public datasets and an industrial dataset. The results showcased SeaLog's superiority over all baseline methods in terms of effectiveness. Moreover, SeaLog operates 2X to 10X faster than existing solutions and consumes only 5% to 41% of the memory resources required by traditional methods. This highlights the potential of SeaLog as a scalable and adaptive framework for log-based anomaly detection in complex software systems.
Created on 29 Feb. 2024

Assess the quality of the AI-generated content by voting

Score: 0

Why do we need votes?

Votes are used to determine whether we need to re-run our summarizing tools. If the count reaches -10, our tools can be restarted.

The previous summary was created more than a year ago and can be re-run (if necessary) by clicking on the Run button below.

The license of this specific paper does not allow us to build upon its content and the summarizing tools will be run using the paper metadata rather than the full article. However, it still does a good job, and you can also try our tools on papers with more open licenses.

Look for similar papers (in beta version)

By clicking on the button above, our algorithm will scan all papers in our database to find the closest based on the contents of the full papers and not just on metadata. Please note that it only works for papers that we have generated summaries for and you can rerun it from time to time to get a more accurate result while our database grows.

Disclaimer: The AI-based summarization tool and virtual assistant provided on this website may not always provide accurate and complete summaries or responses. We encourage you to carefully review and evaluate the generated content to ensure its quality and relevance to your needs.