From Few-Label to Zero-Label: An Approach for Cross-System Log-Based Anomaly Detection with Meta-Learning

TL;DR

This paper introduces FreeLog, a meta-learning approach for cross-system log anomaly detection that operates effectively without any labeled target logs, addressing the cold-start problem in real-world scenarios.

Contribution

We propose FreeLog, a novel meta-learning method that enables zero-label cross-system log anomaly detection, eliminating the need for labeled target system logs.

Findings

FreeLog achieves performance comparable to state-of-the-art methods with few labels.

FreeLog effectively addresses the cold-start problem in log anomaly detection.

Experimental results on three datasets validate the approach's effectiveness.

Abstract

Log anomaly detection plays a critical role in ensuring the stability and reliability of software systems. However, existing approaches rely on large amounts of labeled log data, which poses significant challenges in real-world applications. To address this issue, cross-system transfer has been identified as a key research direction. State-of-the-art cross-system approaches achieve promising performance with only a few labels from the target system. However, their reliance on labeled target logs makes them susceptible to the cold-start problem when labeled logs are insufficient. To overcome this limitation, we explore a novel yet underexplored setting: zero-label cross-system log anomaly detection, where the target system logs are entirely unlabeled. To this end, we propose FreeLog, a system-agnostic representation meta-learning method that eliminates the need for labeled target system logs, enabling cross-system log anomaly detection under zero-label conditions. Experimental results on three public log datasets demonstrate that FreeLog achieves performance comparable to state-of-the-art methods that rely on a small amount of labeled data from the target system.