GLAD-PAW: Graph-Based Log Anomaly Detection by Position Aware Weighted Graph Attention Network

• Published in: Advances in Knowledge Discovery and Data Mining Vol. 12712; pp. 66 - 77
• Main Authors: Wan, Yi, Liu, Yilin, Wang, Dong, Wen, Yujin
• Format: Book Chapter
• Language: English
• Published: Switzerland Springer International Publishing AG 2021; Springer International Publishing
• Series: Lecture Notes in Computer Science
• Subjects: Anomaly detection; Graph neural network; Log data
• ISBN: 3030757617; 9783030757618
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-030-75762-5_6

Anomaly detection is a crucial and challenging subject that has been studied within diverse research areas. In this work, we focus on log data (especially computer system logs) which is a valuable source to investigate system status and detect system abnormality. In order to capture transition pattern and position information of records in logs simultaneously, we transfer log files to session graphs and formulate the log anomaly detection problem as a graph classification task. Specifically, we propose GLAD-PAW, a graph-based log anomaly detection model utilizing a new position aware weighted graph attention layer (PAWGAT) and a global attention readout function to learn embeddings of records and session graphs. Extensive experimental studies demonstrate that our proposed model outperforms existing log anomaly detection methods including both statistical and deep learning approaches.