Efficient Log-based Anomaly Detection with Knowledge Distillation

Nguyen, Huy-Trung; Nguyen, Lam-Vien; LE, Van Hoang; Zhang, Hongyu; Le, Manh-Trung

doi:10.1109/ICWS62655.2024.00078

No full text

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

Efficient Log-based Anomaly Detection with Knowledge Distillation

Nguyen, Huy-Trung; Nguyen, Lam-Vien; LE, Van Hoang et al.

2024 • In Chang, Rong N. (Ed.) Proceedings - 2024 IEEE International Conference on Web Services, ICWS 2024

Peer reviewed

Permalink
https://hdl.handle.net/10993/67452

DOI
10.1109/ICWS62655.2024.00078

Files (0)Send to Details Statistics Bibliography Similar publications

Files

Full Text

No document available.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Deep learning; Knowledge distillation; Log-based anomaly detection; Anomaly detection; Computational resources; Detection accuracy; Large models; Learning models; Regular operations; Resourceconstrained devices; Information Systems; Computer Science Applications; Computer Networks and Communications; Information Systems and Management; Artificial Intelligence

Abstract :

[en] Logs are produced by many systems for troubleshooting purposes. Detecting abnormal events is crucial to maintaining regular operations and securing the security of systems. Despite the achievements of deep learning models on anomaly detection, it remains challenging to apply these deep learning models in some scenarios; one popular case is deploying on resource-constrained scenarios such as IoT devices due to the limitation of computational resources on these devices. We identify two main problems of adopting these deep learning models in practice, including (1) they cannot deploy on resource-constrained devices because of the size of large models and the time needed to analyze data with the models, and (2) they cannot achieve satisfactory detection accuracy with simple models. In this work, we proposed a novel lightweight anomaly detection method from system logs, DistilLog, to overcome these problems. DistilLog utilizes a pretrained word2vec model to represent log event templates as semantic vectors, incorporated with the PCA dimensionality reduction algorithm to minimize computational and storage burden. The Knowledge Distillation technique is applied to reduce the size of the detection model while maintaining high detection accuracy. The experimental results show that DistilLog can achieve high F-measures of 0.964 and 0.961 on HDFS and BGL datasets while maintaining the minimized model size and fastest detection speed. This effectiveness and efficiency demonstrate the potential for widespread use in most scenarios by showing the ability to deploy the proposed model on resource-constrained systems.

Disciplines :

Computer science

Author, co-author :

Nguyen, Huy-Trung; People's Security Academy, Viet Nam

Nguyen, Lam-Vien; People's Security Academy, Viet Nam

LE, Van Hoang ; University of Newcastle, Australia

Zhang, Hongyu; Chongqing University, China

Le, Manh-Trung; Viet Nam

External co-authors :

yes

Language :

English

Title :

Efficient Log-based Anomaly Detection with Knowledge Distillation

Publication date :

2024

Event name :

2024 IEEE International Conference on Web Services (ICWS)

Event place :

Hybrid, Shenzhen, Chn

Event date :

07-07-2024 => 13-07-2024

Main work title :

Proceedings - 2024 IEEE International Conference on Web Services, ICWS 2024

Editor :

Chang, Rong N.

Publisher :

Institute of Electrical and Electronics Engineers Inc.

ISBN/EAN :

9798350368550

Peer reviewed :

Peer reviewed

Additional URL :

http://xplorestaging.ieee.org/ielx8/10707332/10707376/10707586.pdf?arnumber=10707586

Funders :

Australian Research Council

Funding text :

Van-Hoang Le and Hongyu Zhang are supported by Australian Research Council (ARC) Discovery Projects (DP200102940, DP220103044). We also thank anonymous reviewers for their insightful and constructive comments, which significantly improve this paper.

Available on ORBilu :

since 26 January 2026

Statistics

Number of views

3 (0 by Unilu)

Number of downloads

0 (0 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

Bibliography

H. Mi, H. Wang, Y. Zhou, M. R.-T. Lyu, and H. Cai, "Toward finegrained, unsupervised, scalable performance diagnosis for production cloud computing systems, " IEEE Transactions on Parallel and Distributed Systems, vol. 24, no. 6, pp. 1245-1255, 2013.
D. Reinsel, J. Gantz, J. Rydning, et al., "The digitization of the world from edge to core, " IDC white paper, vol. 13, 2018.
M. Du, F. Li, G. Zheng, and V. Srikumar, "Deeplog: Anomaly detection and diagnosis from system logs through deep learning, " in CCS, pp. 1285-1298, 2017.
W. Meng, Y. Liu, Y. Zhu, S. Zhang, D. Pei, Y. Liu, Y. Chen, R. Zhang, S. Tao, P. Sun, et al., "Loganomaly: Unsupervised detection of sequential and quantitative anomalies in unstructured logs, " in IJCAI, pp. 4739-4745, 2019.
W. Niu, Z. Yu, Z. Li, B. Li, R. Zhang, and X. Zhang, "Logtracer: Efficient anomaly tracing combining system log detection and provenance graph, " in GLOBECOM 2022-2022 IEEE Global Communications Conference, pp. 3356-3361, IEEE, 2022.
X. Zhang, Y. Xu, Q. Lin, B. Qiao, H. Zhang, Y. Dang, C. Xie, X. Yang, Q. Cheng, Z. Li, et al., "Robust log-based anomaly detection on unstable log data, " in Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 807-817, 2019.
T.-B.-T. Nguyen, T.-L. Liao, and T.-A. Vu, "Anomaly detection using oneclass svm for logs of juniper router devices, " in International Conference on Industrial Networks and Intelligent Systems, pp. 302-312, Springer, 2019.
S. He, J. Zhu, P. He, and M. R. Lyu, "Experience report: System log analysis for anomaly detection, " in 2016 IEEE 27th international symposium on software reliability engineering (ISSRE), pp. 207-218, IEEE, 2016.
V.-H. Le and H. Zhang, "Log-based anomaly detection with deep learning: How far are we?, " in Proceedings of the 44th International Conference on Software Engineering, pp. 1356-1367, 2022.
T. Mikolov, E. Grave, P. Bojanowski, C. Puhrsch, and A. Joulin, "Advances in pre-training distributed word representations, " in Proceedings of the Eleventh International Conference on Language Resources and Evaluation (LREC 2018), 2018.
V.-H. Le and H. Zhang, "Log-based anomaly detection without log parsing, " in 2021 36th IEEE/ACM International Conference on Automated Software Engineering, pp. 492-504, IEEE, 2021.
J. Devlin, M.-W. Chang, K. Lee, and K. Toutanova, "Bert: Pre-training of deep bidirectional transformers for language understanding, " arXiv preprint arXiv: 1810. 04805, 2018.
Z. Wang, J. Tian, H. Fang, L. Chen, and J. Qin, "Lightlog: A lightweight temporal convolutional network for log anomaly detection on the edge, " Computer Networks, vol. 203, p. 108616, 2022.
S. Raza, L. Wallgren, and T. Voigt, "Svelte: Real-time intrusion detection in the internet of things, " Ad hoc networks, vol. 11, no. 8, pp. 2661-2674, 2013.
D. Breitenbacher, I. Homoliak, Y. L. Aung, N. O. Tippenhauer, and Y. Elovici, "Hades-iot: A practical host-based anomaly detection system for iot devices, " in Proceedings of the 2019 ACM Asia conference on computer and communications security, pp. 479-484, 2019.
"Edge computing solutions and technologies. " https: //www. intel. com/ content/www/us/en/edge-computing/overview. html.
"What is edge cloud?. " https: //www. vmware. com/topics/glossary/content/ edge-cloud. html.
S. Teerapittayanon, B. McDanel, and H.-T. Kung, "Distributed deep neural networks over the cloud, the edge and end devices, " in 2017 IEEE 37th international conference on distributed computing systems (ICDCS), pp. 328-339, IEEE, 2017.
H. G. Abreha, M. Hayajneh, and M. A. Serhani, "Federated learning in edge computing: A systematic survey, " Sensors, vol. 22, no. 2, p. 450, 2022.
X. Li, P. Chen, L. Jing, Z. He, and G. Yu, "Swisslog: Robust and unified deep learning based log anomaly detection for diverse faults, " in 2020 IEEE 31st International Symposium on Software Reliability Engineering (ISSRE), pp. 92-103, IEEE, 2020.
A. R. Khan, "Chapter nine-envisioning big data in iot with augmented and virtual reality: Challenges, opportunities, and potential solutions, " in Extended Reality for Healthcare Systems (S. Khan, M. Alam, S. A. Banday, and M. S. Usta, eds.), pp. 145-158, Academic Press, 2023.
T. Mikolov, E. Grave, P. Bojanowski, C. Puhrsch, and A. Joulin, "Advances in pre-training distributed word representations, " in Proceedings of the Eleventh International Conference on Language Resources and Evaluation, 2018.
S. He, P. He, Z. Chen, T. Yang, Y. Su, and M. R. Lyu, "A survey on automated log analysis for reliability engineering, " ACM computing surveys (CSUR), vol. 54, no. 6, pp. 1-37, 2021.
e. a. Xu, W., "Detecting large-scale system problems by mining console logs, " in ACM SIGOPS 22nd symposium on Operating systems principles, pp. 117-132, 2009.
J.-G. Lou, Q. Fu, S. Yang, Y. Xu, and J. Li, "Mining invariants from console logs for system problem detection, " in 2010 USENIX Annual Technical Conference, 2010.
Q. Lin, H. Zhang, J.-G. Lou, Y. Zhang, and X. Chen, "Log clustering based problem identification for online service systems, " in 2016 IEEE/ACM 38th International Conference on Software Engineering Companion, pp. 102-111, IEEE, 2016.
G. Hinton, O. Vinyals, and J. Dean, "Distilling the knowledge in a neural network, " stat, vol. 1050, p. 9, 2015.
C. Bucilua, R. Caruana, and A. Niculescu-Mizil, "Model compression, " in Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 535-541, 2006.
J. Gou, B. Yu, S. J. Maybank, and D. Tao, "Knowledge distillation: A survey, " International Journal of Computer Vision, vol. 129, pp. 1789-1819, 2021.
M. Zhu, K. Han, C. Zhang, J. Lin, and Y. Wang, "Low-resolution visual recognition via deep feature distillation, " in ICASSP 2019-2019 IEEE International Conference on Acoustics, Speech and Signal Processing, pp. 3762-3766, IEEE, 2019.
Z.-R. Wang and J. Du, "Joint architecture and knowledge distillation in cnn for chinese text recognition, " Pattern Recognition, vol. 111, p. 107722, 2021.
Y. Bai, J. Yi, J. Tao, Z. Tian, and Z. Wen, "Learn spelling from teachers: Transferring knowledge from language models to sequence-to-sequence speech recognition, " Proceedings of Interspeech, pp. 3795-3799, 2019.
L. Xing, "Cascading failures in internet of things: Review and perspectives on reliability and resilience, " IEEE Internet of Things Journal, vol. 8, no. 1, pp. 44-64, 2020.
S. Li, X. Shen, Y. Dou, S. Ni, J. Xu, K. Yang, Q. Wang, and X. Niu, "A novel memory-scheduling strategy for large convolutional neural network on memory-limited devices, " Computational intelligence and neuroscience, vol. 2019, 2019.
J. Lin, W.-M. Chen, Y. Lin, C. Gan, S. Han, et al., "Mcunet: Tiny deep learning on iot devices, " Advances in Neural Information Processing Systems, vol. 33, pp. 11711-11722, 2020.
X. Zhang, X. Zhou, M. Lin, and J. Sun, "Shufflenet: An extremely efficient convolutional neural network for mobile devices, " in Proceedings of the IEEE conference on computer vision and pattern recognition, pp. 6848-6856, 2018.
B. Wu, X. Dai, P. Zhang, Y. Wang, F. Sun, Y. Wu, Y. Tian, P. Vajda, Y. Jia, and K. Keutzer, "Fbnet: Hardware-aware efficient convnet design via differentiable neural architecture search, " in CVPR, pp. 10734-10742, 2019.
H. Cai, C. Gan, T. Wang, Z. Zhang, and S. Han, "Once-for-all: Train one network and specialize it for efficient deployment, " arXiv preprint arXiv: 1908. 09791, 2019.
P. He, J. Zhu, Z. Zheng, and M. R. Lyu, "Drain: An online log parsing approach with fixed depth tree, " in 2017 IEEE international conference on web services (ICWS), pp. 33-40, IEEE, 2017.
E. Grave, P. Bojanowski, P. Gupta, A. Joulin, and T. Mikolov, "Learning word vectors for 157 languages, " in Proceedings of the Eleventh International Conference on Language Resources and Evaluation, 2018.
G. H. Dunteman, Principal components analysis. No. 69, Sage, 1989.
V. Raunak, V. Gupta, and F. Metze, "Effective dimensionality reduction for word embeddings, " in Proceedings of the 4th Workshop on Representation Learning for NLP, pp. 235-243, 2019.
S. Yang, X. Yu, and Y. Zhou, "Lstm and gru neural network performance comparison study: Taking yelp review dataset as an example, " in 2020 International workshop on electronic communication and artificial intelligence (IWECAI), pp. 98-101, IEEE, 2020.
S. I. Mirzadeh, M. Farajtabar, A. Li, N. Levine, A. Matsukawa, and H. Ghasemzadeh, "Improved knowledge distillation via teacher assistant, " in Proceedings of the AAAI conference on artificial intelligence, vol. 34, pp. 5191-5198, 2020.
A. Oliner and J. Stearley, "What supercomputers say: A study of five system logs, " in 37th annual IEEE/IFIP international conference on dependable systems and networks, pp. 575-584, IEEE, 2007.
L. Yang, J. Chen, Z. Wang, W. Wang, J. Jiang, X. Dong, and W. Zhang, "Semi-supervised log-based anomaly detection via probabilistic label estimation, " in 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE), pp. 1448-1460, IEEE, 2021.
S. Lu, X. Wei, Y. Li, and L. Wang, "Detecting anomaly in big data system logs using convolutional neural network, " in DASC/PiCom/Data-Com/CyberSciTech, pp. 151-158, IEEE, 2018.
A. Polino, R. Pascanu, and D. Alistarh, "Model compression via distillation and quantization, " in International Conference on Learning Representations, 2018.
L. Yang, J. Chen, S. Gao, Z. Gong, H. Zhang, Y. Kang, and H. Li, "Try with simpler-an evaluation of improved principal component analysis in log-based anomaly detection, " ACM Trans. Softw. Eng. Methodol., feb 2024.
Y. Cheng, D. Wang, P. Zhou, and T. Zhang, "Model compression and acceleration for deep neural networks: The principles, progress, and challenges, " IEEE Signal Processing Magazine, vol. 35, no. 1, pp. 126-136, 2018.
T. Choudhary, V. Mishra, A. Goswami, and J. Sarangapani, "A comprehensive survey on model compression and acceleration, " Artificial Intelligence Review, vol. 53, pp. 5113-5155, 2020.
H. Cheng, M. Zhang, and J. Q. Shi, "A survey on deep neural network pruning-taxonomy, comparison, analysis, and recommendations, " arXiv preprint arXiv: 2308. 06767, 2023.
Y. He, X. Zhang, and J. Sun, "Channel pruning for accelerating very deep neural networks, " in Proceedings of the IEEE international conference on computer vision, pp. 1389-1397, 2017.
Y. Gong, L. Liu, M. Yang, and L. Bourdev, "Compressing deep convolutional networks using vector quantization, " arXiv preprint arXiv: 1412. 6115, 2014.
R. Zhao, Y. Hu, J. Dotzel, C. De Sa, and Z. Zhang, "Improving neural network quantization without retraining using outlier channel splitting, " in International conference on machine learning, pp. 7543-7552, PMLR, 2019.
J. Kim, M. Hyun, I. Chung, and N. Kwak, "Feature fusion for online mutual knowledge distillation, " in 2020 25th International Conference on Pattern Recognition (ICPR), pp. 4619-4625, IEEE, 2021.
G. Xiao, J. Lin, M. Seznec, H. Wu, J. Demouth, and S. Han, "Smoothquant: Accurate and efficient post-training quantization for large language models, " in International Conference on Machine Learning, pp. 38087-38099, PMLR, 2023.
J. Xu, J. Yu, S. Hu, X. Liu, and H. Meng, "Mixed precision low-bit quantization of neural network language models for speech recognition, " IEEE/ACM Transactions on Audio, Speech, and Language Processing, vol. 29, pp. 3679-3693, 2021.
S. Nedelkoski, J. Bogatinovski, A. Acker, J. Cardoso, and O. Kao, "Selfattentive classification-based anomaly detection in unstructured logs, " in 2020 IEEE International Conference on Data Mining (ICDM), pp. 1196-1201, IEEE, 2020.
X. Ma, J. Keung, P. He, Y. Xiao, X. Yu, and Y. Li, "A semi-supervised approach for industrial anomaly detection via self-adaptive clustering, " IEEE Transactions on Industrial Informatics, 2023.
A. Lyons, J. Gamba, A. Shawaga, J. Reardon, J. Tapiador, S. Egelman, N. Vallina-Rodriguez, et al., "Log: It's big, it's heavy, it's filled with personal data! measuring the logging of sensitive information in the android ecosystem, " in Usenix Security Symposium, 2023.
R. Zhou, M. Hamdaqa, H. Cai, and A. Hamou-Lhadj, "Mobilogleak: A preliminary study on data leakage caused by poor logging practices, " in 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER), pp. 577-581, IEEE, 2020.
J. Chen, W. Chong, S. Yu, Z. Xu, C. Tan, and N. Chen, "Tcnbased lightweight log anomaly detection in cloud-edge collaborative environment, " in 2022 Tenth International Conference on Advanced Cloud and Big Data (CBD), pp. 13-18, IEEE, 2022.