Paper published in a book (Scientific congresses, symposiums and conference proceedings)
A Theoretical Framework for Understanding the Relationship Between Log Parsing and Anomaly Detection
Shin, Donghwan; Khan, Zanis Ali; Bianculli, Domenico et al.
2021In Proceedings of the 21st International Conference on Runtime Verification
Peer reviewed
 

Files


Full Text
main.pdf
Author postprint (269.97 kB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
Log Parsing; Log Analysis; Anomaly Detection
Abstract :
[en] Log-based anomaly detection identifies systems' anomalous behaviors by analyzing system runtime information recorded in logs. While many approaches have been proposed, all of them have in common an essential pre-processing step called log parsing. This step is needed because automated log analysis requires structured input logs, whereas original logs contain semi-structured text printed by logging statements. Log parsing bridges this gap by converting the original logs into structured input logs fit for anomaly detection. Despite the intrinsic dependency between log parsing and anomaly detection, no existing work has investigated the impact of the "quality" of log parsing results on anomaly detection. In particular, the concept of "ideal" log parsing results with respect to anomaly detection has not been formalized yet. This makes it difficult to determine, upon obtaining inaccurate results from anomaly detection, if (and why) the root cause for such results lies in the log parsing step. In this short paper, we lay the theoretical foundations for defining the concept of "ideal" log parsing results for anomaly detection. Based on these foundations, we discuss practical implications regarding the identification and localization of root causes, when dealing with inaccurate anomaly detection, and the identification of irrelevant log messages.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Software Verification and Validation Lab (SVV Lab)
Disciplines :
Computer science
Author, co-author :
Shin, Donghwan ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV
Khan, Zanis Ali ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV
Bianculli, Domenico  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV
Briand, Lionel ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV
External co-authors :
yes
Language :
English
Title :
A Theoretical Framework for Understanding the Relationship Between Log Parsing and Anomaly Detection
Publication date :
October 2021
Event name :
INTERNATIONAL CONFERENCE ON RUNTIME VERIFICATION (WAS WORKSHOP PRE 2010)
Event date :
from 11-10-2021 to 14-10-2021
Audience :
International
Main work title :
Proceedings of the 21st International Conference on Runtime Verification
Publisher :
Springer
ISBN/EAN :
978-3-030-88493-2
Pages :
277-287
Peer reviewed :
Peer reviewed
Focus Area :
Security, Reliability and Trust
Available on ORBilu :
since 18 August 2021

Statistics


Number of views
307 (46 by Unilu)
Number of downloads
303 (15 by Unilu)

Scopus citations®
 
1
Scopus citations®
without self-citations
1
OpenCitations
 
2
WoS citations
 
1

Bibliography


Similar publications



Contact ORBilu