关键词: 日志异常检测, 双向门控递归单元, 多层卷积, 双向编码语义解析, 注意力机制

Abstract: Logs record important information about system operation, and log anomaly detection can quickly and accurately identify the cause of system failures. However, log sequences have problems such as data instability and interdependence between data. Therefore, a new semi-supervised log sequence anomaly detection method  is proposed. This method uses the Bidirectional Encoder Representations from Transformers (BERT) model and multi-layer convolutional network to extract log information, obtain the contextual relevance between log sequences and the local relevance of log sequences. Finally, the attention-based Bi-GRU network is used for log sequence anomaly detection. The performance of this model was verified on three datasets. Compared with six benchmark models, this model has the best F1 value and the highest AUC value (0.981 3), and the experimental results show that it can effectively handle the problems of data instability and interdependence between data in log sequences.

Key words: log anomaly detection, bidirectional gate recurrent unit, multilayer convolution, bidirectional encoder representation from transformers, attention mechanism