KG-LAD: 利用知識圖譜增強之高效日誌異常檢測方法

楊代如; Tai-Ju Yang

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/94522

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	陳建錦	zh_TW
dc.contributor.advisor	Chien Chin Chen	en
dc.contributor.author	楊代如	zh_TW
dc.contributor.author	Tai-Ju Yang	en
dc.date.accessioned	2024-08-16T16:31:23Z	-
dc.date.available	2024-08-17	-
dc.date.copyright	2024-08-16	-
dc.date.issued	2024	-
dc.date.submitted	2024-08-06	-
dc.identifier.citation	[1] M. Du, F. Li, G. Zheng, and V. Srikumar, "Deeplog: Anomaly detection and diagnosis from system logs through deep learning," in Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS '17), New York, NY, USA, 2017, pp. 1285-1298, doi: 10.1145/3133956.3134015. [2] X. Zhang, Y. Xu, Q. Lin, B. Qiao, H. Zhang, Y. Dang, C. Xie, X. Yang, Q. Cheng, Z. Li, J. Chen, X. He, R. Yao, J. G. Lou, M. Chintalapati, F. Shen, and D. Zhang, "Robust log-based anomaly detection on unstable log data," in Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2019), New York, NY, USA, 2019, pp. 807-817, doi: 10.1145/3338906.3338931. [3] V. H. Le and H. Zhang, "Log-based anomaly detection without log parsing," in 2021 36th IEEE/ACM International Conference on Automated Software Engineering (ASE), Melbourne, Australia, 2021, pp. 492-504, doi: 10.1109/ASE51524.2021.9678773. [4] Z. Wang, J. Tian, H. Fang, L. Chen, and J. Qin, "LightLog: A lightweight temporal convolutional network for log anomaly detection on the edge," Computer Networks, vol. 203, Feb. 2022, Art no. 108616, doi: 10.1016/j.comnet.2021.108616. [5] Y. Xie and K. Yang, "Log anomaly detection by adversarial autoencoders with graph feature fusion," IEEE Transactions on Reliability, vol. 73, no. 1, pp. 637-649, Mar. 2024, doi: 10.1109/TR.2023.3305376. [6] L. Payne, "Log file anomaly detection using knowledge graphs and graph neural networks," 2023. [7] Z. Sun, Z. H. Deng, J. Y. Nie, and J. Tang, "Rotate: Knowledge graph embedding by relational rotation in complex space," 2019, arXiv:1902.10197. [8] W. Xu, L. Huang, A. Fox, D. Patterson, and M. I. Jordan, "Detecting large-scale system problems by mining console logs," in Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles (SOSP '09), New York, NY, USA, 2009, pp. 117-132, doi: 10.1145/1629575.1629587. [9] A. Oliner and J. Stearley, "What supercomputers say: A study of five system logs," in Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07), Edinburgh, UK, 2007, pp. 575-584, doi: 10.1109/DSN.2007.103. [10] J. G. Lou, Q. Fu, S. Yang, Y. Xu, and J. Li, "Mining invariants from console logs for system problem detection," in Proceedings of the 2010 USENIX Annual Technical Conference (USENIX ATC 10), 2010, pp. 24-24. [11] Q. Lin, H. Zhang, J. G. Lou, Y. Zhang, and X. Chen, "Log clustering based problem identification for online service systems," in Proceedings of the 38th International Conference on Software Engineering Companion (ICSE '16), New York, NY, USA, 2016, pp. 102-111, doi: 10.1145/2889160.2889232. [12] C. D. Manning, P. Raghavan, and H. Schütze, Introduction to Information Retrieval. Cambridge: Cambridge University Press, 2008. [13] B. Zhang, H. Zhang, V. H. Le, P. Moscato, and A. Zhang, "Semi-supervised and unsupervised anomaly detection by mining numerical workflow relations from system logs," Automated Software Engineering, vol. 30, no. 1, 2023, Art no. 4, doi: 10.1007/s10515-022-00370-w. [14] S. Hochreiter and J. Schmidhuber, "Long short-term memory," in Neural Computation, vol. 9, no. 8, pp. 1735-1780, Nov. 1997, doi: 10.1162/neco.1997.9.8.1735. [15] C. Zhang, X. Wang, H. Zhang, H. Zhang, and P. Han, "Log sequence anomaly detection based on local information extraction and globally sparse transformer model," in IEEE Transactions on Network and Service Management, vol. 18, no. 4, pp. 4119-4133, Dec. 2021, doi: 10.1109/TNSM.2021.3125967. [16] T. Mikolov, K. Chen, G. Corrado, and J. Dean, "Efficient estimation of word representations in vector space," 2013, arXiv:1301.3781. [17] H. Guo, S. Yuan, and X. Wu, "Logbert: Log anomaly detection via bert," in 2021 International Joint Conference on Neural Networks (IJCNN), Shenzhen, China, 2021, pp. 1-8, doi: 10.1109/IJCNN52387.2021.9534113. [18] J. Devlin, M. W. Chang, K. Lee, and K. Toutanova, "Bert: Pre-training of deep bidirectional transformers for language understanding," 2018, arXiv:1810.04805. [19] Y. Lee, J. Kim, and P. Kang, "Lanobert: System log anomaly detection based on bert masked language model," Applied Soft Computing, vol. 146, Oct. 2023, Art. no. 110689, doi: 10.1016/j.asoc.2023.110689. [20] Y. Wang, Y. Liu, D. Wang, and Y. Wen, "Glad-paw: Graph-based log anomaly detection by position aware weighted graph attention network," in Pacific-Asia Conference on Knowledge Discovery and Data Mining, 2021, pp. 66-77, doi: 10.1007/978-3-030-75762-5_6. [21] C. Zhang, X. Peng, C. Sha, K. Zhang, Z. Fu, X. Wu, Q. Lin, and D. Zhang, "Deeptralog: Trace-log combined microservice anomaly detection through graph-based deep learning," in Proceedings of the 44th International Conference on Software Engineering (ICSE), Pittsburgh, PA, USA, May 2022, pp. 623-634, doi: 10.1145/3510003.3510180. [22] M. Gori, G. Monfardini, and F. Scarselli, "A new model for learning in graph domains," in Proceedings of the 2005 IEEE International Joint Conference on Neural Networks, vol. 2, Montreal, QC, Canada, 2005, pp. 729-734, doi: 10.1109/IJCNN.2005.1555942. [23] Y. Xie, H. Zhang, and M. A. Babar, "Loggd: Detecting anomalies from system logs with graph neural networks," in 2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS), Guangzhou, China, Dec. 2022, pp. 299-310, doi: 10.1109/QRS57517.2022.00039. [24] P. He, J. Zhu, Z. Zheng, and M. R. Lyu, "Drain: An online log parsing approach with fixed depth tree," in 2017 IEEE International Conference on Web Services (ICWS), Honolulu, HI, USA, 2017, pp. 33-40, doi: 10.1109/ICWS.2017.13. [25] R. Sarkar, K. Goswami, M. Arcan, and J. P. McCrae, "Suggest me a movie for tonight: Leveraging knowledge graphs for conversational recommendation," in Proceedings of the 28th International Conference on Computational Linguistics, Dec. 2020, pp. 4179-4189. [26] A. H. Brams, A. L. Jakobsen, T. E. Jendal, M. Lissandrini, P. Dolog, and K. Hose, "MindReader: recommendation over knowledge graph entities with explicit user ratings," in Proceedings of the 29th ACM International Conference on Information & Knowledge Management (CIKM '20), New York, NY, USA, Oct. 2020, pp. 2975-2982, doi: 10.1145/3340531.3412759. [27] X. Li, P. Chen, L. Jing, Z. He, and G. Yu, "Swisslog: Robust and unified deep learning based log anomaly detection for diverse faults," in 2020 IEEE 31st International Symposium on Software Reliability Engineering (ISSRE), Coimbra, Portugal, 2020, pp. 92-103, doi: 10.1109/ISSRE5003.2020.00018. [28] J. Liu, Y. Tang, J. Liu, K. Zhao, and W. Chen, "Lglog: Semi-supervised graph representation learning for anomaly detection based on system logs," in 2023 IEEE 23rd International Conference on Software Quality, Reliability, and Security (QRS), Chiang Mai, Thailand, 2023, pp. 36-47, doi: 10.1109/QRS60937.2023.00014.	-
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/94522	-
dc.description.abstract	軟體系統正迅速滲透於我們日常生活中使用的許多服務，其中系統日誌對於服務提供商用於監控系統運行與偵測潛在故障具有極高的價值。雖然過去已經有許多研究採用機器學習與深度學習技術來分析大量系統日誌以偵測系統異常，但鮮少有研究使用知識圖譜用於檢測日誌異常的任務中。在本研究中，我們提出了一種基於知識圖譜與循環神經網路的高效日誌異常檢測方法──KG-LAD。我們將從日誌訊息中提取的日誌模板視為知識圖譜中的實體節點，並將透過兩大通用關係將節點間相互連接，其連接方式並不須仰賴專家編譯規則或提取特定參數，具有泛用性高的特性。節點（日誌模板）與邊（關係）所衍生出的嵌入用於計算日誌序列的距離分數，並將其輸入至基於 LSTM 模型的分類器中，以識別系統運行是否異常。為了評估我們研究方法之成效，我們在三個大型資料集上進行廣泛的實驗，不僅證明知識圖譜用於異常檢測之價值及泛化能力，還展示了其方法的穩健性及準確性。不論是在精確度、召回率、及 F1 分數，各個評估指標上都優於其他最先進的日誌異常檢測方法。	zh_TW
dc.description.abstract	Software systems are rapidly permeating many services we use in our lives. The generated system logs are valuable for service providers to monitor service operation and to prevent potential malfunctions. While much research has adopted machine learning and deep learning approaches to analyze large volumes of logs, few studies have investigated knowledge graphs to detect anomalies. In this paper, we present KG-LAD, a novel method that leverages knowledge graphs and recurrent neural networks to detect system anomalies through log analysis. The designed knowledge graph treats log templates as nodes. Instead of relying on expert-compiled rules or domain-specific log parameters, two generic relations are designed to associate these nodes: structural connectivity and positions in log sequences. These relations form the edges between the nodes in the knowledge graph. The derived embeddings of nodes (log templates) and edges (relations) are used to measure the distance scores of a log sequence and are input to an LSTM-based classifier to determine whether the log template sequence indicates abnormal system operation. Extensive experiments conducted on three large datasets demonstrate not only the effect and the generalization of the knowledge graph, but also the robustness of KG-LAD and its superior performance over state-of-the-art log anomaly detection methods for precision, recall, and F1 score.	en
dc.description.provenance	Submitted by admin ntu (admin@lib.ntu.edu.tw) on 2024-08-16T16:31:22Z No. of bitstreams: 0	en
dc.description.provenance	Made available in DSpace on 2024-08-16T16:31:23Z (GMT). No. of bitstreams: 0	en
dc.description.tableofcontents	論文口試委員審定書 ....................................................................................................... i 謝辭 ....................................................................................................... ii 論文摘要 ....................................................................................................... iii THESIS ABSTRACT ....................................................................................................... iv Table of Contents ....................................................................................................... vi List of Tables ....................................................................................................... viii List of Figures ....................................................................................................... ix Chapter 1 Introduction ....................................................................................................... 1 Chapter 2 Related Work ....................................................................................................... 4 2.1 Machine or Deep Learning Methods ....................................................................................................... 4 2.2 Graph Based Methods ....................................................................................................... 6 Chapter 3 Methodology ....................................................................................................... 9 3.1 Log Processing ....................................................................................................... 10 3.2 Knowledge Graph Construction and Embedding Generation ............................. 11 3.3 Log Anomaly Detection ....................................................................................................... 16 Chapter 4 Experiments ....................................................................................................... 19 4.1 Experimental Datasets and Settings ....................................................................................................... 19 4.2 Comparisons with other Log Anomaly Detection Methods ........................................................................................ 21 4.3 Evaluation of System Components ....................................................................................................... 23 Chapter 5 Conclusions ....................................................................................................... 28 References ....................................................................................................... 30	-
dc.language.iso	en	-
dc.subject	異常檢測	zh_TW
dc.subject	系統日誌分析	zh_TW
dc.subject	知識圖譜	zh_TW
dc.subject	Knowledge Graph	en
dc.subject	Log Analysis	en
dc.subject	Anomaly Detection	en
dc.title	KG-LAD: 利用知識圖譜增強之高效日誌異常檢測方法	zh_TW
dc.title	KG-LAD: A Knowledge Graph-Augmented Approach for Effective Log Anomaly Detection	en
dc.type	Thesis	-
dc.date.schoolyear	112-2	-
dc.description.degree	碩士	-
dc.contributor.oralexamcommittee	陳孟彰;張詠淳	zh_TW
dc.contributor.oralexamcommittee	Meng Chang Chen;Yung Chun Chang	en
dc.subject.keyword	系統日誌分析,異常檢測,知識圖譜,	zh_TW
dc.subject.keyword	Log Analysis,Anomaly Detection,Knowledge Graph,	en
dc.relation.page	34	-
dc.identifier.doi	10.6342/NTU202402222	-
dc.rights.note	同意授權(限校園內公開)	-
dc.date.accepted	2024-08-08	-
dc.contributor.author-college	管理學院	-
dc.contributor.author-dept	資訊管理學系	-
顯示於系所單位：	資訊管理學系

文件中的檔案：

檔案	大小	格式
ntu-112-2.pdf 授權僅限NTU校內IP使用（校園外請利用VPN校外連線服務）	2.51 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。