LogLAB: Attention-Based Labeling of Log Data Anomalies via Weak Supervision

TL;DR

LogLAB is an innovative weak supervision method that automatically labels log data for anomaly detection using failure time windows, significantly reducing manual effort and outperforming existing approaches.

Contribution

It introduces a novel attention-based model with a custom objective for weak supervision, enabling effective log anomaly labeling without expert manual annotation.

Findings

Outperforms nine benchmark methods across datasets

Maintains F1-score > 0.98 at large failure windows

Effective for automated log anomaly labeling

Abstract

With increasing scale and complexity of cloud operations, automated detection of anomalies in monitoring data such as logs will be an essential part of managing future IT infrastructures. However, many methods based on artificial intelligence, such as supervised deep learning models, require large amounts of labeled training data to perform well. In practice, this data is rarely available because labeling log data is expensive, time-consuming, and requires a deep understanding of the underlying system. We present LogLAB, a novel modeling approach for automated labeling of log messages without requiring manual work by experts. Our method relies on estimated failure time windows provided by monitoring systems to produce precise labeled datasets in retrospect. It is based on the attention mechanism and uses a custom objective function for weak supervision deep learning techniques that accounts for imbalanced data. Our evaluation shows that LogLAB consistently outperforms nine benchmark approaches across three different datasets and maintains an F1-score of more than 0.98 even at large failure time windows.