Skip to main content

Lund University Publications

LUND UNIVERSITY LIBRARIES

Automated Log Message Embeddings

Murphy, Adrian ; Larsson, Daniel ; Söderlund, Fanny ; Angelsmark, Ola and Eker, Johan LU orcid (2024) 11th International Conference on Internet of Things: Systems, Management and Security, IOTSMS 2024 p.192-197
Abstract

System logs are crucial for understanding the state and health of systems, yet manual inspection becomes impractical due to the high volume of messages. Consequently, machine learning-based log anomaly detection has emerged to automatically identify irregularities. This study investigates the effectiveness of log message embeddings, a novel parsing method, for anomaly detection in complex systems. Specifically, we evaluate their resilience to concept drift compared to traditional parsing approaches. The study conducts empirical analyses on benchmark datasets, revealing that log message embeddings achieve comparable anomaly detection results while demonstrating greater robustness against concept drift than traditional methods like Drain.... (More)

System logs are crucial for understanding the state and health of systems, yet manual inspection becomes impractical due to the high volume of messages. Consequently, machine learning-based log anomaly detection has emerged to automatically identify irregularities. This study investigates the effectiveness of log message embeddings, a novel parsing method, for anomaly detection in complex systems. Specifically, we evaluate their resilience to concept drift compared to traditional parsing approaches. The study conducts empirical analyses on benchmark datasets, revealing that log message embeddings achieve comparable anomaly detection results while demonstrating greater robustness against concept drift than traditional methods like Drain. Additionally, the study highlights the usefulness of large language models in automating the log embedding pipeline to handle out-of-vocabulary words and extract synonymous and antonymous relationships. Insights gained from the study suggest potential refinements for future research in this area, contributing to advancements in system monitoring and log anomaly detection.

(Less)
Please use this url to cite or link to this publication:
author
; ; ; and
organization
publishing date
type
Chapter in Book/Report/Conference proceeding
publication status
published
subject
keywords
Concept Drift, Drain, Large Language Models, Log Anomaly Detection, Log Message Embeddings, System Monitoring
host publication
2024 11th International Conference on Internet of Things : Systems, Management and Security, IOTSMS 2024 - Systems, Management and Security, IOTSMS 2024
editor
Quwaider, Muhannad ; Alkhabbas, Fahed and Jararweh, Yaser
pages
6 pages
publisher
IEEE - Institute of Electrical and Electronics Engineers Inc.
conference name
11th International Conference on Internet of Things: Systems, Management and Security, IOTSMS 2024
conference location
Malmo, Sweden
conference dates
2024-09-02 - 2024-09-05
external identifiers
  • scopus:85208039040
ISBN
9798350366501
DOI
10.1109/IOTSMS62296.2024.10710220
language
English
LU publication?
yes
id
d7847405-521e-471b-b298-4ce8a71d3a04
date added to LUP
2024-12-16 13:46:06
date last changed
2025-04-04 15:10:45
@inproceedings{d7847405-521e-471b-b298-4ce8a71d3a04,
  abstract     = {{<p>System logs are crucial for understanding the state and health of systems, yet manual inspection becomes impractical due to the high volume of messages. Consequently, machine learning-based log anomaly detection has emerged to automatically identify irregularities. This study investigates the effectiveness of log message embeddings, a novel parsing method, for anomaly detection in complex systems. Specifically, we evaluate their resilience to concept drift compared to traditional parsing approaches. The study conducts empirical analyses on benchmark datasets, revealing that log message embeddings achieve comparable anomaly detection results while demonstrating greater robustness against concept drift than traditional methods like Drain. Additionally, the study highlights the usefulness of large language models in automating the log embedding pipeline to handle out-of-vocabulary words and extract synonymous and antonymous relationships. Insights gained from the study suggest potential refinements for future research in this area, contributing to advancements in system monitoring and log anomaly detection.</p>}},
  author       = {{Murphy, Adrian and Larsson, Daniel and Söderlund, Fanny and Angelsmark, Ola and Eker, Johan}},
  booktitle    = {{2024 11th International Conference on Internet of Things : Systems, Management and Security, IOTSMS 2024}},
  editor       = {{Quwaider, Muhannad and Alkhabbas, Fahed and Jararweh, Yaser}},
  isbn         = {{9798350366501}},
  keywords     = {{Concept Drift; Drain; Large Language Models; Log Anomaly Detection; Log Message Embeddings; System Monitoring}},
  language     = {{eng}},
  pages        = {{192--197}},
  publisher    = {{IEEE - Institute of Electrical and Electronics Engineers Inc.}},
  title        = {{Automated Log Message Embeddings}},
  url          = {{http://dx.doi.org/10.1109/IOTSMS62296.2024.10710220}},
  doi          = {{10.1109/IOTSMS62296.2024.10710220}},
  year         = {{2024}},
}