IEEE Access (Jan 2023)

TransSentLog: Interpretable Anomaly Detection Using Transformer and Sentiment Analysis on Individual Log Event

  • Tuan-Anh Pham,
  • Jong-Hoon Lee

DOI
https://doi.org/10.1109/ACCESS.2023.3311146
Journal volume & issue
Vol. 11
pp. 96272 – 96282

Abstract

Read online

Event logs play a crucial role in monitoring the status of IT systems. These logs contain text that describes how a system operates using natural language, which can be associated with sentiment polarity. When a system is functioning correctly, event logs generally convey positive sentiment. However, if unexpected behaviors like errors or failures occur, negative sentiment can be detected. In order to identify anomalies in individual log messages without the need for log parsing, we propose TranSentLog. This method combines Transformer and sentiment analysis, leveraging the sentiment polarity of event logs. To gain a better understanding of the model predictions, we employ Integrated Gradients, an attribution method that extracts important features from the model inputs. Through extensive experimentation on public system log datasets, we demonstrate that our proposed method overcomes the limitations of existing approaches and achieves F1 scores of 99.73% on trained datasets and 94.99% on untrained datasets.

Keywords