What Information Contributes to Log-based Anomaly Detection? Insights from a Configurable Transformer-Based Approach Article Swipe
Xingfang Wu
,
Heng Li
,
Foutse Khomh
·
YOU?
·
· 2024
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2409.20503
YOU?
·
· 2024
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2409.20503
Log data are generated from logging statements in the source code, providing insights into the execution processes of software applications and systems. State-of-the-art log-based anomaly detection approaches typically leverage deep learning models to capture the semantic or sequential information in the log data and detect anomalous runtime behaviors. However, the impacts of these different types of information are not clear. In addition, most existing approaches ignore the timestamps in log data, which can potentially provide fine-grained sequential and temporal information. In this work, we propose a configurable Transformer-based anomaly detection model that can capture the semantic, sequential, and temporal information in the log data and allows us to configure the different types of information as the model's features. Additionally, we train and evaluate the proposed model using log sequences of different lengths, thus overcoming the constraint of existing methods that rely on fixed-length or time-windowed log sequences as inputs. With the proposed model, we conduct a series of experiments with different combinations of input features to evaluate the roles of different types of information in anomaly detection. The model can attain competitive and consistently stable performance compared to the baselines when presented with log sequences of varying lengths. The results indicate that the event occurrence information plays a key role in identifying anomalies, while the impact of the sequential and temporal information is not significant for anomaly detection on the studied public datasets. On the other hand, the findings also reveal the simplicity of the studied public datasets and highlight the importance of constructing new datasets that contain different types of anomalies to better evaluate the performance of anomaly detection models.
Related Topics
Concepts
Metadata
- Type
- preprint
- Language
- en
- Landing Page
- http://arxiv.org/abs/2409.20503
- https://arxiv.org/pdf/2409.20503
- OA Status
- green
- Related Works
- 10
- OpenAlex ID
- https://openalex.org/W4403816269
All OpenAlex metadata
Raw OpenAlex JSON
- OpenAlex ID
-
https://openalex.org/W4403816269Canonical identifier for this work in OpenAlex
- DOI
-
https://doi.org/10.48550/arxiv.2409.20503Digital Object Identifier
- Title
-
What Information Contributes to Log-based Anomaly Detection? Insights from a Configurable Transformer-Based ApproachWork title
- Type
-
preprintOpenAlex work type
- Language
-
enPrimary language
- Publication year
-
2024Year of publication
- Publication date
-
2024-09-30Full publication date if available
- Authors
-
Xingfang Wu, Heng Li, Foutse KhomhList of authors in order
- Landing page
-
https://arxiv.org/abs/2409.20503Publisher landing page
- PDF URL
-
https://arxiv.org/pdf/2409.20503Direct link to full text PDF
- Open access
-
YesWhether a free full text is available
- OA status
-
greenOpen access status per OpenAlex
- OA URL
-
https://arxiv.org/pdf/2409.20503Direct OA link when available
- Concepts
-
Anomaly detection, Transformer, Anomaly (physics), Computer science, Data mining, Engineering, Electrical engineering, Physics, Voltage, Condensed matter physicsTop concepts (fields/topics) attached by OpenAlex
- Cited by
-
0Total citation count in OpenAlex
- Related works (count)
-
10Other works algorithmically related by OpenAlex
Full payload
| id | https://openalex.org/W4403816269 |
|---|---|
| doi | https://doi.org/10.48550/arxiv.2409.20503 |
| ids.doi | https://doi.org/10.48550/arxiv.2409.20503 |
| ids.openalex | https://openalex.org/W4403816269 |
| fwci | |
| type | preprint |
| title | What Information Contributes to Log-based Anomaly Detection? Insights from a Configurable Transformer-Based Approach |
| biblio.issue | |
| biblio.volume | |
| biblio.last_page | |
| biblio.first_page | |
| topics[0].id | https://openalex.org/T11512 |
| topics[0].field.id | https://openalex.org/fields/17 |
| topics[0].field.display_name | Computer Science |
| topics[0].score | 0.9954000115394592 |
| topics[0].domain.id | https://openalex.org/domains/3 |
| topics[0].domain.display_name | Physical Sciences |
| topics[0].subfield.id | https://openalex.org/subfields/1702 |
| topics[0].subfield.display_name | Artificial Intelligence |
| topics[0].display_name | Anomaly Detection Techniques and Applications |
| is_xpac | False |
| apc_list | |
| apc_paid | |
| concepts[0].id | https://openalex.org/C739882 |
| concepts[0].level | 2 |
| concepts[0].score | 0.6938784122467041 |
| concepts[0].wikidata | https://www.wikidata.org/wiki/Q3560506 |
| concepts[0].display_name | Anomaly detection |
| concepts[1].id | https://openalex.org/C66322947 |
| concepts[1].level | 3 |
| concepts[1].score | 0.52774578332901 |
| concepts[1].wikidata | https://www.wikidata.org/wiki/Q11658 |
| concepts[1].display_name | Transformer |
| concepts[2].id | https://openalex.org/C12997251 |
| concepts[2].level | 2 |
| concepts[2].score | 0.495630145072937 |
| concepts[2].wikidata | https://www.wikidata.org/wiki/Q567560 |
| concepts[2].display_name | Anomaly (physics) |
| concepts[3].id | https://openalex.org/C41008148 |
| concepts[3].level | 0 |
| concepts[3].score | 0.4614469110965729 |
| concepts[3].wikidata | https://www.wikidata.org/wiki/Q21198 |
| concepts[3].display_name | Computer science |
| concepts[4].id | https://openalex.org/C124101348 |
| concepts[4].level | 1 |
| concepts[4].score | 0.3812717795372009 |
| concepts[4].wikidata | https://www.wikidata.org/wiki/Q172491 |
| concepts[4].display_name | Data mining |
| concepts[5].id | https://openalex.org/C127413603 |
| concepts[5].level | 0 |
| concepts[5].score | 0.18244856595993042 |
| concepts[5].wikidata | https://www.wikidata.org/wiki/Q11023 |
| concepts[5].display_name | Engineering |
| concepts[6].id | https://openalex.org/C119599485 |
| concepts[6].level | 1 |
| concepts[6].score | 0.12505993247032166 |
| concepts[6].wikidata | https://www.wikidata.org/wiki/Q43035 |
| concepts[6].display_name | Electrical engineering |
| concepts[7].id | https://openalex.org/C121332964 |
| concepts[7].level | 0 |
| concepts[7].score | 0.10168859362602234 |
| concepts[7].wikidata | https://www.wikidata.org/wiki/Q413 |
| concepts[7].display_name | Physics |
| concepts[8].id | https://openalex.org/C165801399 |
| concepts[8].level | 2 |
| concepts[8].score | 0.0580802857875824 |
| concepts[8].wikidata | https://www.wikidata.org/wiki/Q25428 |
| concepts[8].display_name | Voltage |
| concepts[9].id | https://openalex.org/C26873012 |
| concepts[9].level | 1 |
| concepts[9].score | 0.0 |
| concepts[9].wikidata | https://www.wikidata.org/wiki/Q214781 |
| concepts[9].display_name | Condensed matter physics |
| keywords[0].id | https://openalex.org/keywords/anomaly-detection |
| keywords[0].score | 0.6938784122467041 |
| keywords[0].display_name | Anomaly detection |
| keywords[1].id | https://openalex.org/keywords/transformer |
| keywords[1].score | 0.52774578332901 |
| keywords[1].display_name | Transformer |
| keywords[2].id | https://openalex.org/keywords/anomaly |
| keywords[2].score | 0.495630145072937 |
| keywords[2].display_name | Anomaly (physics) |
| keywords[3].id | https://openalex.org/keywords/computer-science |
| keywords[3].score | 0.4614469110965729 |
| keywords[3].display_name | Computer science |
| keywords[4].id | https://openalex.org/keywords/data-mining |
| keywords[4].score | 0.3812717795372009 |
| keywords[4].display_name | Data mining |
| keywords[5].id | https://openalex.org/keywords/engineering |
| keywords[5].score | 0.18244856595993042 |
| keywords[5].display_name | Engineering |
| keywords[6].id | https://openalex.org/keywords/electrical-engineering |
| keywords[6].score | 0.12505993247032166 |
| keywords[6].display_name | Electrical engineering |
| keywords[7].id | https://openalex.org/keywords/physics |
| keywords[7].score | 0.10168859362602234 |
| keywords[7].display_name | Physics |
| keywords[8].id | https://openalex.org/keywords/voltage |
| keywords[8].score | 0.0580802857875824 |
| keywords[8].display_name | Voltage |
| language | en |
| locations[0].id | pmh:oai:arXiv.org:2409.20503 |
| locations[0].is_oa | True |
| locations[0].source.id | https://openalex.org/S4306400194 |
| locations[0].source.issn | |
| locations[0].source.type | repository |
| locations[0].source.is_oa | True |
| locations[0].source.issn_l | |
| locations[0].source.is_core | False |
| locations[0].source.is_in_doaj | False |
| locations[0].source.display_name | arXiv (Cornell University) |
| locations[0].source.host_organization | https://openalex.org/I205783295 |
| locations[0].source.host_organization_name | Cornell University |
| locations[0].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[0].license | |
| locations[0].pdf_url | https://arxiv.org/pdf/2409.20503 |
| locations[0].version | submittedVersion |
| locations[0].raw_type | text |
| locations[0].license_id | |
| locations[0].is_accepted | False |
| locations[0].is_published | False |
| locations[0].raw_source_name | |
| locations[0].landing_page_url | http://arxiv.org/abs/2409.20503 |
| locations[1].id | doi:10.48550/arxiv.2409.20503 |
| locations[1].is_oa | True |
| locations[1].source.id | https://openalex.org/S4306400194 |
| locations[1].source.issn | |
| locations[1].source.type | repository |
| locations[1].source.is_oa | True |
| locations[1].source.issn_l | |
| locations[1].source.is_core | False |
| locations[1].source.is_in_doaj | False |
| locations[1].source.display_name | arXiv (Cornell University) |
| locations[1].source.host_organization | https://openalex.org/I205783295 |
| locations[1].source.host_organization_name | Cornell University |
| locations[1].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[1].license | cc-by |
| locations[1].pdf_url | |
| locations[1].version | |
| locations[1].raw_type | article |
| locations[1].license_id | https://openalex.org/licenses/cc-by |
| locations[1].is_accepted | False |
| locations[1].is_published | |
| locations[1].raw_source_name | |
| locations[1].landing_page_url | https://doi.org/10.48550/arxiv.2409.20503 |
| indexed_in | arxiv, datacite |
| authorships[0].author.id | https://openalex.org/A5101480041 |
| authorships[0].author.orcid | https://orcid.org/0000-0001-7040-3751 |
| authorships[0].author.display_name | Xingfang Wu |
| authorships[0].author_position | first |
| authorships[0].raw_author_name | Wu, Xingfang |
| authorships[0].is_corresponding | False |
| authorships[1].author.id | https://openalex.org/A5100338781 |
| authorships[1].author.orcid | https://orcid.org/0000-0001-5441-6763 |
| authorships[1].author.display_name | Heng Li |
| authorships[1].author_position | middle |
| authorships[1].raw_author_name | Li, Heng |
| authorships[1].is_corresponding | False |
| authorships[2].author.id | https://openalex.org/A5071052367 |
| authorships[2].author.orcid | https://orcid.org/0000-0002-5704-4173 |
| authorships[2].author.display_name | Foutse Khomh |
| authorships[2].author_position | last |
| authorships[2].raw_author_name | Khomh, Foutse |
| authorships[2].is_corresponding | False |
| has_content.pdf | False |
| has_content.grobid_xml | False |
| is_paratext | False |
| open_access.is_oa | True |
| open_access.oa_url | https://arxiv.org/pdf/2409.20503 |
| open_access.oa_status | green |
| open_access.any_repository_has_fulltext | False |
| created_date | 2025-10-10T00:00:00 |
| display_name | What Information Contributes to Log-based Anomaly Detection? Insights from a Configurable Transformer-Based Approach |
| has_fulltext | False |
| is_retracted | False |
| updated_date | 2025-11-06T06:51:31.235846 |
| primary_topic.id | https://openalex.org/T11512 |
| primary_topic.field.id | https://openalex.org/fields/17 |
| primary_topic.field.display_name | Computer Science |
| primary_topic.score | 0.9954000115394592 |
| primary_topic.domain.id | https://openalex.org/domains/3 |
| primary_topic.domain.display_name | Physical Sciences |
| primary_topic.subfield.id | https://openalex.org/subfields/1702 |
| primary_topic.subfield.display_name | Artificial Intelligence |
| primary_topic.display_name | Anomaly Detection Techniques and Applications |
| related_works | https://openalex.org/W2806741695, https://openalex.org/W4290647774, https://openalex.org/W3189286258, https://openalex.org/W3207797160, https://openalex.org/W3210364259, https://openalex.org/W4300558037, https://openalex.org/W2667207928, https://openalex.org/W2912112202, https://openalex.org/W4377864969, https://openalex.org/W2972971679 |
| cited_by_count | 0 |
| locations_count | 2 |
| best_oa_location.id | pmh:oai:arXiv.org:2409.20503 |
| best_oa_location.is_oa | True |
| best_oa_location.source.id | https://openalex.org/S4306400194 |
| best_oa_location.source.issn | |
| best_oa_location.source.type | repository |
| best_oa_location.source.is_oa | True |
| best_oa_location.source.issn_l | |
| best_oa_location.source.is_core | False |
| best_oa_location.source.is_in_doaj | False |
| best_oa_location.source.display_name | arXiv (Cornell University) |
| best_oa_location.source.host_organization | https://openalex.org/I205783295 |
| best_oa_location.source.host_organization_name | Cornell University |
| best_oa_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| best_oa_location.license | |
| best_oa_location.pdf_url | https://arxiv.org/pdf/2409.20503 |
| best_oa_location.version | submittedVersion |
| best_oa_location.raw_type | text |
| best_oa_location.license_id | |
| best_oa_location.is_accepted | False |
| best_oa_location.is_published | False |
| best_oa_location.raw_source_name | |
| best_oa_location.landing_page_url | http://arxiv.org/abs/2409.20503 |
| primary_location.id | pmh:oai:arXiv.org:2409.20503 |
| primary_location.is_oa | True |
| primary_location.source.id | https://openalex.org/S4306400194 |
| primary_location.source.issn | |
| primary_location.source.type | repository |
| primary_location.source.is_oa | True |
| primary_location.source.issn_l | |
| primary_location.source.is_core | False |
| primary_location.source.is_in_doaj | False |
| primary_location.source.display_name | arXiv (Cornell University) |
| primary_location.source.host_organization | https://openalex.org/I205783295 |
| primary_location.source.host_organization_name | Cornell University |
| primary_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| primary_location.license | |
| primary_location.pdf_url | https://arxiv.org/pdf/2409.20503 |
| primary_location.version | submittedVersion |
| primary_location.raw_type | text |
| primary_location.license_id | |
| primary_location.is_accepted | False |
| primary_location.is_published | False |
| primary_location.raw_source_name | |
| primary_location.landing_page_url | http://arxiv.org/abs/2409.20503 |
| publication_date | 2024-09-30 |
| publication_year | 2024 |
| referenced_works_count | 0 |
| abstract_inverted_index.a | 85, 155, 207 |
| abstract_inverted_index.In | 60, 80 |
| abstract_inverted_index.On | 233 |
| abstract_inverted_index.as | 114, 147 |
| abstract_inverted_index.in | 7, 39, 68, 100, 174, 210 |
| abstract_inverted_index.is | 222 |
| abstract_inverted_index.of | 17, 51, 55, 112, 129, 136, 157, 162, 169, 172, 195, 216, 243, 252, 260, 267 |
| abstract_inverted_index.on | 141, 228 |
| abstract_inverted_index.or | 36, 143 |
| abstract_inverted_index.to | 32, 107, 165, 187, 262 |
| abstract_inverted_index.us | 106 |
| abstract_inverted_index.we | 83, 119, 153 |
| abstract_inverted_index.Log | 0 |
| abstract_inverted_index.The | 177, 198 |
| abstract_inverted_index.and | 20, 43, 77, 97, 104, 121, 182, 219, 248 |
| abstract_inverted_index.are | 2, 57 |
| abstract_inverted_index.can | 72, 92, 179 |
| abstract_inverted_index.for | 225 |
| abstract_inverted_index.key | 208 |
| abstract_inverted_index.log | 41, 69, 102, 127, 145, 193 |
| abstract_inverted_index.new | 254 |
| abstract_inverted_index.not | 58, 223 |
| abstract_inverted_index.the | 8, 14, 34, 40, 49, 66, 94, 101, 109, 115, 123, 134, 150, 167, 188, 202, 214, 217, 229, 234, 237, 241, 244, 250, 265 |
| abstract_inverted_index.With | 149 |
| abstract_inverted_index.also | 239 |
| abstract_inverted_index.data | 1, 42, 103 |
| abstract_inverted_index.deep | 29 |
| abstract_inverted_index.from | 4 |
| abstract_inverted_index.into | 13 |
| abstract_inverted_index.most | 62 |
| abstract_inverted_index.rely | 140 |
| abstract_inverted_index.role | 209 |
| abstract_inverted_index.that | 91, 139, 201, 256 |
| abstract_inverted_index.this | 81 |
| abstract_inverted_index.thus | 132 |
| abstract_inverted_index.when | 190 |
| abstract_inverted_index.with | 159, 192 |
| abstract_inverted_index.code, | 10 |
| abstract_inverted_index.data, | 70 |
| abstract_inverted_index.event | 203 |
| abstract_inverted_index.hand, | 236 |
| abstract_inverted_index.input | 163 |
| abstract_inverted_index.model | 90, 125, 178 |
| abstract_inverted_index.other | 235 |
| abstract_inverted_index.plays | 206 |
| abstract_inverted_index.roles | 168 |
| abstract_inverted_index.these | 52 |
| abstract_inverted_index.train | 120 |
| abstract_inverted_index.types | 54, 111, 171, 259 |
| abstract_inverted_index.using | 126 |
| abstract_inverted_index.which | 71 |
| abstract_inverted_index.while | 213 |
| abstract_inverted_index.work, | 82 |
| abstract_inverted_index.allows | 105 |
| abstract_inverted_index.attain | 180 |
| abstract_inverted_index.better | 263 |
| abstract_inverted_index.clear. | 59 |
| abstract_inverted_index.detect | 44 |
| abstract_inverted_index.ignore | 65 |
| abstract_inverted_index.impact | 215 |
| abstract_inverted_index.model, | 152 |
| abstract_inverted_index.models | 31 |
| abstract_inverted_index.public | 231, 246 |
| abstract_inverted_index.reveal | 240 |
| abstract_inverted_index.series | 156 |
| abstract_inverted_index.source | 9 |
| abstract_inverted_index.stable | 184 |
| abstract_inverted_index.anomaly | 24, 88, 175, 226, 268 |
| abstract_inverted_index.capture | 33, 93 |
| abstract_inverted_index.conduct | 154 |
| abstract_inverted_index.contain | 257 |
| abstract_inverted_index.impacts | 50 |
| abstract_inverted_index.inputs. | 148 |
| abstract_inverted_index.logging | 5 |
| abstract_inverted_index.methods | 138 |
| abstract_inverted_index.model's | 116 |
| abstract_inverted_index.models. | 270 |
| abstract_inverted_index.propose | 84 |
| abstract_inverted_index.provide | 74 |
| abstract_inverted_index.results | 199 |
| abstract_inverted_index.runtime | 46 |
| abstract_inverted_index.studied | 230, 245 |
| abstract_inverted_index.varying | 196 |
| abstract_inverted_index.However, | 48 |
| abstract_inverted_index.compared | 186 |
| abstract_inverted_index.datasets | 247, 255 |
| abstract_inverted_index.evaluate | 122, 166, 264 |
| abstract_inverted_index.existing | 63, 137 |
| abstract_inverted_index.features | 164 |
| abstract_inverted_index.findings | 238 |
| abstract_inverted_index.indicate | 200 |
| abstract_inverted_index.insights | 12 |
| abstract_inverted_index.learning | 30 |
| abstract_inverted_index.lengths, | 131 |
| abstract_inverted_index.lengths. | 197 |
| abstract_inverted_index.leverage | 28 |
| abstract_inverted_index.proposed | 124, 151 |
| abstract_inverted_index.semantic | 35 |
| abstract_inverted_index.software | 18 |
| abstract_inverted_index.systems. | 21 |
| abstract_inverted_index.temporal | 78, 98, 220 |
| abstract_inverted_index.addition, | 61 |
| abstract_inverted_index.anomalies | 261 |
| abstract_inverted_index.anomalous | 45 |
| abstract_inverted_index.baselines | 189 |
| abstract_inverted_index.configure | 108 |
| abstract_inverted_index.datasets. | 232 |
| abstract_inverted_index.detection | 25, 89, 227, 269 |
| abstract_inverted_index.different | 53, 110, 130, 160, 170, 258 |
| abstract_inverted_index.execution | 15 |
| abstract_inverted_index.features. | 117 |
| abstract_inverted_index.generated | 3 |
| abstract_inverted_index.highlight | 249 |
| abstract_inverted_index.log-based | 23 |
| abstract_inverted_index.presented | 191 |
| abstract_inverted_index.processes | 16 |
| abstract_inverted_index.providing | 11 |
| abstract_inverted_index.semantic, | 95 |
| abstract_inverted_index.sequences | 128, 146, 194 |
| abstract_inverted_index.typically | 27 |
| abstract_inverted_index.anomalies, | 212 |
| abstract_inverted_index.approaches | 26, 64 |
| abstract_inverted_index.behaviors. | 47 |
| abstract_inverted_index.constraint | 135 |
| abstract_inverted_index.detection. | 176 |
| abstract_inverted_index.importance | 251 |
| abstract_inverted_index.occurrence | 204 |
| abstract_inverted_index.overcoming | 133 |
| abstract_inverted_index.sequential | 37, 76, 218 |
| abstract_inverted_index.simplicity | 242 |
| abstract_inverted_index.statements | 6 |
| abstract_inverted_index.timestamps | 67 |
| abstract_inverted_index.competitive | 181 |
| abstract_inverted_index.experiments | 158 |
| abstract_inverted_index.identifying | 211 |
| abstract_inverted_index.information | 38, 56, 99, 113, 173, 205, 221 |
| abstract_inverted_index.performance | 185, 266 |
| abstract_inverted_index.potentially | 73 |
| abstract_inverted_index.sequential, | 96 |
| abstract_inverted_index.significant | 224 |
| abstract_inverted_index.applications | 19 |
| abstract_inverted_index.combinations | 161 |
| abstract_inverted_index.configurable | 86 |
| abstract_inverted_index.consistently | 183 |
| abstract_inverted_index.constructing | 253 |
| abstract_inverted_index.fine-grained | 75 |
| abstract_inverted_index.fixed-length | 142 |
| abstract_inverted_index.information. | 79 |
| abstract_inverted_index.Additionally, | 118 |
| abstract_inverted_index.time-windowed | 144 |
| abstract_inverted_index.State-of-the-art | 22 |
| abstract_inverted_index.Transformer-based | 87 |
| cited_by_percentile_year | |
| countries_distinct_count | 0 |
| institutions_distinct_count | 3 |
| citation_normalized_percentile |