Skip to main content
SpringerLink
Log in

LogDP: Combining Dependency and Proximity for Log-Based Anomaly Detection

  • Conference paper
  • First Online:
Service-Oriented Computing (ICSOC 2021)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 13121))

Included in the following conference series:

Abstract

Log analysis is an important technique that engineers use for troubleshooting faults of large-scale service-oriented systems. In this study, we propose a novel semi-supervised log-based anomaly detection approach, LogDP, which utilizes the dependency relationships among log events and proximity among log sequences to detect the anomalies in massive unlabeled log data. LogDP divides log events into dependent and independent events, then learns the normal patterns of dependent events based on the dependencies among events and the normal patterns of independent events based on the deviation of values from a historic mean. Events violating any normal pattern are identified as anomalies. By combining dependency and proximity, LogDP is able to achieve high detection accuracy. Extensive experiments have been conducted on real-world datasets, and the results show that LogDP outperforms six state-of-the-art methods.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Lou, J.G., Fu, Q., Yang, S., Xu, Y., Li, J.: Mining invariants from console logs for system problem detection. In: USENIX Annual Technical Conference (2010)

    Google Scholar 

  2. He, S., Zhu, J., He, P., Lyu, M.: Experience report: system log analysis for anomaly detection. In: ISSRE, pp. 207–218. IEEE (2016)

    Google Scholar 

  3. Zhang, B., Zhang, H., Moscato, P., Zhang, A.: Anomaly detection via mining numerical workflow relations from logs. In: SRDS. IEEE (2020)

    Google Scholar 

  4. Du, M., Li, F., Zheng, G., Srikumar, V.: Deeplog: anomaly detection and diagnosis from system logs through deep learning. In: CCS (2017)

    Google Scholar 

  5. Meng, W., et al.: Loganomaly: unsupervised detection of sequential and quantitative anomalies in unstructured logs. In: IJCAI 2019, pp. 4739–4745 (2019)

    Google Scholar 

  6. Le, V.H., Zhang, H.: Log-based anomaly detection without log parsing. In: Proceedings of the 2021 IEEE/ACM Automated Software Engineering Conference, ASE (2021)

    Google Scholar 

  7. Xu, W., Huang, L., Fox, A., Patterson, D., Jordan, M.I.: Detecting large-scale system problems by mining console logs. In: SOSP, pp. 117–132 (2009)

    Google Scholar 

  8. Schölkopf, B., Platt, J.C., Shawe-Taylor, J., Smola, A.J., Williamson, R.C.: Estimating the support of a high-dimensional distribution. Neural Comput. 13(7), 1443–1471 (2001)

    Article  Google Scholar 

  9. Lin, Q., Zhang, H., Lou, J., Zhang, Yu., Chen, X.: Log clustering based problem identification for online service systems. In: ICSE-C. IEEE (2016)

    Google Scholar 

  10. He, P., Zhu, J., Zheng, Z., Lyu, M.: Drain: an online log parsing approach with fixed depth tree. In: ICWS. IEEE (2017)

    Google Scholar 

  11. Du, M., Li, F.: Spell: streaming parsing of system event logs. In: IEEE ICDM, pp. 859–864. IEEE (2016)

    Google Scholar 

  12. Dai, H., Li, H., Chen, C., Shang, W., Chen, T.: Logram: efficient log parsing using n-gram dictionaries. IEEE Trans. Softw. Eng. (2020)

    Google Scholar 

  13. Lu, S., Liu, L., Li, J., Le, T.D., Liu, J.: Lopad: a local prediction approach to anomaly detection. In: Advances in Knowledge Discovery and Data Mining (2020)

    Google Scholar 

  14. Pearl, J.: Causality: Models, Reasoning and Inference. Springer, Heidelberg (2000)

    MATH  Google Scholar 

  15. He, S., Zhu, J., He, P., Lyu, M.R.: Loghub: a large collection of system log datasets towards automated log analytics. arXiv e-prints (2020)

    Google Scholar 

Download references

Acknowledgments

This research was supported by an Australian Government Research Training Program (RTP) Scholarship, and by the Australian Research Council’s Discovery Projects funding scheme (project DP200102940). The work was also supported with super-computing resources provided by the Phoenix High Powered Computing (HPC) service at the University of Adelaide.

Author information

Authors and Affiliations

  1. CREST - The Centre for Research on Engineering Software Technologies, The University of Adelaide, Adelaide, Australia

    Yongzheng Xie & Muhammad Ali Babar

  2. The University of Newcastle, Callaghan, NSW, Australia

    Hongyu Zhang & Bo Zhang

  3. University of South Australia, Adelaide, Australia

    Sha Lu

Authors
  1. Yongzheng Xie
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hongyu Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bo Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Muhammad Ali Babar
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Sha Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hongyu Zhang .

Editor information

Editors and Affiliations

  1. Zayed University, Dubai, United Arab Emirates

    Hakim Hacid

  2. Technical University of Berlin, Berlin, Germany

    Odej Kao

  3. Informatica Automatica Gestio, Sapienza University of Rome, Rome, Italy

    Massimo Mecella

  4. Departement d'Informatique, University of Quebec, Montreal, QC, Canada

    Naouel Moha

  5. UNSW Sydney, Sydney, NSW, Australia

    Hye-young Paik

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Xie, Y., Zhang, H., Zhang, B., Babar, M.A., Lu, S. (2021). LogDP: Combining Dependency and Proximity for Log-Based Anomaly Detection. In: Hacid, H., Kao, O., Mecella, M., Moha, N., Paik, Hy. (eds) Service-Oriented Computing. ICSOC 2021. Lecture Notes in Computer Science(), vol 13121. Springer, Cham. https://doi.org/10.1007/978-3-030-91431-8_47

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-91431-8_47

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-91430-1

  • Online ISBN: 978-3-030-91431-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation