MetaLog: Generalizable Cross-System Anomaly Detection from Logs with Meta-Learning (ICSE 2024 - Research Track) - ICSE 2024

Fri 12 - Sun 21 April 2024 Lisbon, Portugal

Who

Chenyangguang Zhang, Tong Jia, Guopeng Shen, Pinyan Zhu, Ying Li

Track

ICSE 2024 Research Track

Time Zone

The program is currently displayed in (GMT+01:00) Lisbon.

Use conference time zone: (GMT+01:00) LisbonSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

When

Thu 18 Apr 2024 11:15 - 11:30 at Sophia de Mello Breyner Andresen - AI & Security 2 Chair(s): Gabriele Bavota

Abstract

Log-based anomaly detection is an essential aspect of maintaining software reliability. However, existing log-based anomaly detection approaches rely on a huge amount of historical labeled data which is inaccessible in many real-world systems. To mitigate this problem, we leverage the features of the abundant historical labeled logs of mature systems to help build anomaly detection models of a new system with very few labels, that is, to generalize the model ability trained from labeled logs of a mature system to achieve anomaly detection on new systems with insufficient data labels. Specifically, we propose MetaLog, a generalizable cross-system anomaly detection approach. MetaLog first incorporates a globally consistent semantic embedding module to obtain log event semantic embedding vectors in a shared global space. Then it leverages meta-learning paradigm to improve the model’s generalization ability. We evaluate MetaLog’s performance on four open log datasets (HDFS, BGL, OpenStack and Thunderbird) from four totally different systems. Results show that MetaLog reaches over 80% F1 score when using only 1% labeled logs of the target system, showing similar performance with state-of-art supervised anomaly detection models trained with 100% labeled data. Besides, it outperforms state-of-art transfer-learning based cross-system anomaly detection models by 20% in the same settings of 1% labeled training logs of the target system.

Chenyangguang Zhang

Tsinghua University

Tong Jia

Institute for Artificial Intelligence, Peking University, Beijing, China

China

Guopeng Shen

Linkedsee Technology (China) Limited

Pinyan Zhu

Linkedsee Technology (China) Limited

Ying Li

School of Software and Microelectronics, Peking University, Beijing, China

Time Zone

The program is currently displayed in (GMT+01:00) Lisbon.

Use conference time zone: (GMT+01:00) LisbonSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Session Program

Thu 18 Apr
Displayed time zone: Lisbon change

	11:00 - 12:30	AI & Security 2Research Track / New Ideas and Emerging Results at Sophia de Mello Breyner Andresen Chair(s): Gabriele Bavota Software Institute @ Università della Svizzera Italiana

	11:00 15m Talk		Towards Causal Deep Learning for Vulnerability Detection Research Track Md Mahbubur Rahman Iowa State University, Ira Ceka Columbia University, Chengzhi Mao Columbia University, Saikat Chakraborty Microsoft Research, Baishakhi Ray AWS AI Labs, Wei Le Iowa State University
	11:15 15m Talk		MetaLog: Generalizable Cross-System Anomaly Detection from Logs with Meta-Learning Research Track Chenyangguang Zhang Tsinghua University, Tong Jia Institute for Artificial Intelligence, Peking University, Beijing, China, Guopeng Shen Linkedsee Technology (China) Limited, Pinyan Zhu Linkedsee Technology (China) Limited, Ying Li School of Software and Microelectronics, Peking University, Beijing, China
	11:30 15m Talk		Coca: Improving and Explaining Graph Neural Network-Based Vulnerability Detection Systems Research Track Sicong Cao Yangzhou University, Xiaobing Sun Yangzhou University, Xiaoxue Wu Yangzhou University, David Lo Singapore Management University, Lili Bo Yangzhou University, Bin Li Yangzhou University, Wei Liu Nanjing University Media Attached File Attached
	11:45 15m Talk		Improving Smart Contract Security with Contrastive Learning-based Vulnerability Detection Research Track Yizhou Chen Peking University, Zeyu Sun Institute of Software, Chinese Academy of Sciences, Zhihao Gong Peking University, Dan Hao Peking University
	12:00 15m Talk		On the Effectiveness of Function-Level Vulnerability Detectors for Inter-Procedural Vulnerabilities Research Track Zhen Li Huazhong University of Science and Technology, Ning Wang Huazhong University of Science and Technology, Deqing Zou Huazhong University of Science and Technology, Yating Li Huazhong University of Science and Technology, Ruqian Zhang Huazhong University of Science and Technology, Shouhuai Xu University of Colorado Colorado Springs, Chao Zhang Tsinghua University, Hai Jin Huazhong University of Science and Technology Pre-print
	12:15 7m Talk		Large Language Model for Vulnerability Detection: Emerging Results and Future Directions New Ideas and Emerging Results Xin Zhou Singapore Management University, Singapore, Ting Zhang Singapore Management University, David Lo Singapore Management University
	12:22 7m Talk		Re(gEx\|DoS)Eval: Evaluating Generated Regular Expressions and their Proneness to DoS Attacks New Ideas and Emerging Results Mohammed Latif Siddiq University of Notre Dame, Jiahao Zhang , Lindsay Roney University of Notre Dame, Joanna C. S. Santos University of Notre Dame DOI Pre-print Media Attached