Log Sequence Anomaly Detection Method Based on Contrastive Adversarial Training and Dual Feature Extraction

• Published in: Entropy (Basel, Switzerland) Vol. 24; no. 1; p. 69
• Main Authors: Wang, Qiaozheng, Zhang, Xiuguo, Wang, Xuejie, Cao, Zhiying
• Format: Journal Article
• Language: English
• Published: Switzerland MDPI AG 30.12.2021; MDPI
• Subjects: Abnormalities; Accuracy; adversarial training; Anomalies; Artificial intelligence; BERT; Coders; contrastive learning; Deep learning; Feature extraction; Machine learning; Messages; Performance evaluation; Semantics; Software; statistical features; Support vector machines; Training; VAE; contrastive learning; BERT; adversarial training; VAE; statistical features
• ISSN: 1099-4300; 1099-4300
• DOI: 10.3390/e24010069

The log messages generated in the system reflect the state of the system at all times. The realization of autonomous detection of abnormalities in log messages can help operators find abnormalities in time and provide a basis for analyzing the causes of abnormalities. First, this paper proposes a log sequence anomaly detection method based on contrastive adversarial training and dual feature extraction. This method uses BERT (Bidirectional Encoder Representations from Transformers) and VAE (Variational Auto-Encoder) to extract the semantic features and statistical features of the log sequence, respectively, and the dual features are combined to perform anomaly detection on the log sequence, with a novel contrastive adversarial training method also used to train the model. In addition, this paper introduces the method of obtaining statistical features of log sequence and the method of combining semantic features with statistical features. Furthermore, the specific process of contrastive adversarial training is described. Finally, an experimental comparison is carried out, and the experimental results show that the method in this paper is better than the contrasted log sequence anomaly detection method.