Unsupervised log anomaly detection with few unique tokens

Publikationstyp
Preprint
Date Issued
2023-10-13
Sprache
English
Author(s)
Sulc, Antonin  
Eichler, Annika  
Control Systems E-14  
Wilksen, Tim
TORE-DOI
10.15480/882.13879
TORE-URI
https://hdl.handle.net/11420/45106
Citation
arXiv: 2310.08951 (2023)
Publisher DOI
10.48550/arXiv.2310.08951
ArXiv ID
2310.08951v1
This article introduces a method to detect anomalies in the log data generated by control system nodes at the European XFEL accelerator. The primary aim of this proposed method is to provide operators a comprehensive understanding of the availability, status, and problems specific to each node. This information is vital for ensuring the smooth operation. The sequential nature of logs and the absence of a rich text corpus that is specific to our nodes poses significant limitations for traditional and learning-based approaches for anomaly detection. To overcome this limitation, we propose a method that uses word embedding and models individual nodes as a sequence of these vectors that commonly co-occur, using a Hidden Markov Model (HMM). We score individual log entries by computing a probability ratio between the probability of the full log sequence including the new entry and the probability of just the previous log entries, without the new entry. This ratio indicates how probable the sequence becomes when the new entry is added. The proposed approach can detect anomalies by scoring and ranking log entries from European XFEL nodes where entries that receive high scores are potential anomalies that do not fit the routine of the node. This method provides a warning system to alert operators about these irregular log events that may indicate issues.
Subjects
cs.CR
DDC Class
600: Technology
Lizenz
https://creativecommons.org/licenses/by/4.0/
Loading...
Thumbnail Image
Name

2310.08951v2.pdf

Type

Main Article

Size

2.2 MB

Format

Adobe PDF