Go to DBLP homepageTAElog: A Novel Transformer AutoEncoder-Based Log Anomaly Detection Method
Abstract: Log anomaly detection serves as an effective approach for identifying threats. Autoencoder-based detection methods address positive and negative sample imbalance issues and have been extensively adopted in practical applications. However, most existing methods necessitate a sliding window to adapt to the autoencoder’s base network, leading to information confusion and diminished resilience. Furthermore, detection results may be worthless when a single log comprises numerous unbalanced log records. In response, we propose TAElog, a novel framework employing a transformer-based autoencoder designed to extract precise information from logs without the need for sliding windows. TAElog also incorporates a new loss calculation that computes both high-dimensional metrics and divergence information, enhancing detection performance in intricate situations with diverse and unbalanced log records. Moreover, our framework covers preprocessing to increase the compatibility between text and numeric logs. To verify the effectiveness of TAElog, we evaluate its performance against other methods on both textual and numerical logs. Additionally, we assess various preprocessing and loss computation approaches to determine the optimal configuration within our method. Experimental results demonstrate that TAElog not only achieves superior accuracy rates but also boasts increased processing speed.
Loading