LogETA: Time-aware cross-system log-based anomaly detection with inter-class boundary optimization

Abstract

Log-based anomaly detection is of vital importance for maintaining the stability and security of software systems. Cross-system log-based anomaly detection methods are proposed to solve the problem of limited anomalous logs in newly deployed software systems, transferring knowledge from rich logs to the newly deployed system logs. However, previous methods have difficulty modeling implicit time interval information in log sequences, hindering the identification of anomalous logs with changing time intervals. Moreover, there is a lack of inter-class measurement when transferring knowledge, which fails to effectively align the same class distributions of the source and target domains, resulting in poor anomaly detection results. In this paper, we propose a novel cross-system log-based anomaly detection method called LogETA. First, time-aware self-attention is used to extract similar contextual information containing log semantic and temporal features. Second, the inter-class boundary optimization method is designed to expand the difference in sample distributions between classes while narrowing the domain discrepancy, optimizing the inter-class boundary to reduce misclassification. The experimental results show that LogETA achieves state-of-the-art results. LogETA adapts to cross-system time-related anomalies automatically and adjusts the classification boundary to fit the newly deployed system log distribution, demonstrating excellent adaptability on both source and target systems.