Detecting Log Anomalies with Multi-Head Attention (LAMA)
Yicheng Guo, Yujin Wen, Congwei Jiang, Yixin Lian, Yi Wan
TL;DR
LAMA is a novel multi-head attention model designed for log anomaly detection, effectively capturing sequential patterns in log data to identify anomalies more accurately than existing methods.
Contribution
Introduces LAMA, a multi-head attention-based sequential model for log anomaly detection, demonstrating superior performance over prior statistical and deep learning approaches.
Findings
LAMA outperforms existing log anomaly detection methods.
The model effectively captures sequential patterns in log data.
Empirical results validate the approach's effectiveness.
Abstract
Anomaly detection is a crucial and challenging subject that has been studied within diverse research areas. In this work, we explore the task of log anomaly detection (especially computer system logs and user behavior logs) by analyzing logs' sequential information. We propose LAMA, a multi-head attention based sequential model to process log streams as template activity (event) sequences. A next event prediction task is applied to train the model for anomaly detection. Extensive empirical studies demonstrate that our new model outperforms existing log anomaly detection methods including statistical and deep learning methodologies, which validate the effectiveness of our proposed method in learning sequence patterns of log data.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSoftware System Performance and Reliability · Anomaly Detection Techniques and Applications · Network Security and Intrusion Detection
MethodsAttention Is All You Need · Linear Layer · Softmax · Tanh Activation · Low-Rank Factorization-based Multi-Head Attention · Multi-Head Attention