CATL: contrast adaptive transfer learning for cross-system log anomaly detection

Junwei Zhou; Yafei Li; Xiangtian Yu; Yuxuan Zhao

doi:10.1117/12.3031960

6 June 2024 CATL: contrast adaptive transfer learning for cross-system log anomaly detection

Junwei Zhou, Yafei Li, Xiangtian Yu, Yuxuan Zhao

Proceedings Volume 13175, International Conference on Computer Network Security and Software Engineering (CNSSE 2024); 1317502 (2024) https://doi.org/10.1117/12.3031960
Event: 4th International Conference on Computer Network Security and Software Engineering (CNSSE 2024), 2024, Sanya, China

Abstract

Syslogs play a crucial role in maintenance and troubleshooting, as they document the operational status and key events within computer systems. However, traditional methods of anomaly detection in Syslog face challenges due to the sheer volume and diversity of logs, making cross-system anomaly detection difficult. To address those challenges, this paper introduces CATL, a pioneering Contrast Adaptive Transfer Learning with Bidirectional Long Short-Term Memory (BiLSTM), which can effectively extract contextual features of the log sequence from both directions. CATL overcomes the difficulties arising from massive, less-correlated logs between different systems by leveraging a combination of labeled data from source and target systems and optimizing the Contrastive Domain Discrepancy (CDD) metric. This allows CATL to accurately model discrepancies within and across log classes, minimizing intra-class domain discrepancy while maximizing inter-class domain discrepancy in log sequence features from different domains to match existing anomaly detection decision boundaries better. Our empirical studies, conducted on prominent benchmarks including HDFS, Hadoop, Thunderbird, BGL, and Spirit, demonstrate that CATL addresses the syntactic diversity of log systems and outperforms existing methods in cross-system anomaly detection.

(2024) Published by SPIE. Downloading of the abstract is permitted for personal use only.

Citation Download Citation

Junwei Zhou, Yafei Li, Xiangtian Yu, and Yuxuan Zhao "CATL: contrast adaptive transfer learning for cross-system log anomaly detection", Proc. SPIE 13175, International Conference on Computer Network Security and Software Engineering (CNSSE 2024), 1317502 (6 June 2024); https://doi.org/10.1117/12.3031960

ACCESS THE FULL ARTICLE

INSTITUTIONAL
Select your institution to access the SPIE Digital Library.

SELECT YOUR INSTITUTION

PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.

PERSONAL SIGN IN

No SPIE Account? Create one

PURCHASE THIS CONTENT

SUBSCRIBE TO DIGITAL LIBRARY

50 downloads per 1-year subscription

Members: $195

Non-members: $335 ADD TO CART

25 downloads per 1 - year subscription

Members: $145

Non-members: $250 ADD TO CART

PURCHASE SINGLE ARTICLE

Includes PDF, HTML & Video, when available

Members: $17.00

Non-members: $21.00 ADD TO CART

PROCEEDINGS
6 PAGES

DOWNLOAD PAPER SAVE TO MY LIBRARY

GET CITATION

RIGHTS & PERMISSIONS

Get copyright permission Get copyright permission on Copyright Marketplace

KEYWORDS

Computing systems

Systems modeling

Data modeling

Education and training

Feature extraction

Semantics

Target detection

Show All Keywords

Keywords/Phrases

Search In:

Publication Years