Practitioners' Expectations on Log Anomaly Detection
Xiaoxue Ma, Yishu Li, Jacky Keung, Xiao Yu, Huiqi Zou, Zhen Yang,, Federica Sarro, Earl T. Barr
TL;DR
This paper surveys practitioners worldwide to understand their expectations for log anomaly detection and compares these needs with current research to identify gaps and future directions.
Contribution
It provides an empirical analysis of practitioners' expectations and a literature review to align research efforts with industry needs.
Findings
Practitioners prioritize real-time detection and interpretability.
Current research often lacks focus on practical deployment challenges.
There is a gap between research focus and practitioners' needs.
Abstract
Log anomaly detection has become a common practice for software engineers to analyze software system behavior. Despite significant research efforts in log anomaly detection over the past decade, it remains unclear what are practitioners' expectations on log anomaly detection and whether current research meets their needs. To fill this gap, we conduct an empirical study, surveying 312 practitioners from 36 countries about their expectations on log anomaly detection. In particular, we investigate various factors influencing practitioners' willingness to adopt log anomaly detection tools. We then perform a literature review on log anomaly detection, focusing on publications in premier venues from 2014 to 2024, to compare practitioners' needs with the current state of research. Based on this comparison, we highlight the directions for researchers to focus on to develop log anomaly detection…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAnomaly Detection Techniques and Applications · Network Security and Intrusion Detection