TL;DR
AnomalyGen is a framework that enhances log-based anomaly detection by synthesizing realistic log sequences using static analysis and large language models, significantly improving detection performance.
Contribution
It introduces a novel data augmentation method combining static analysis and LLM reasoning to generate labeled log sequences for better anomaly detection.
Findings
Deep learning models improved F1-score by over 2% on HDFS and Zookeeper.
Unsupervised Transformer's F1-score increased from 0.818 to 0.970 on HDFS.
Both static analysis and LLM verification are essential for effective augmentation.
Abstract
Log-based anomaly detection is fundamentally constrained by training data sparsity. Our empirical study reveals that public benchmark datasets cover less than 10% of source code log templates. Consequently, models frequently misclassify unseen but valid execution paths as anomalies, leading to false alarms. To address this, we propose AnomalyGen, a novel framework that augments training data by synthesizing labeled log sequences from source code. AnomalyGen combines log-oriented static analysis with Large Language Model (LLM) reasoning in three stages: (1) building Log-Oriented Control Flow Graphs (LCFGs) to enumerate structurally valid execution paths; (2) applying LLM Chain-of-Thought (CoT) reasoning to verify logical consistency and generate realistic runtime parameters (e.g., block IDs, IP addresses); and (3) labeling generated sequences with domain heuristics. Evaluations on HDFS…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
