Log-Based Anomaly Detection Using CNN Model with Parameter Entity Labeling for Improving Log Preprocessing Approach

To build a reliable system, anomaly detection is the principal task for ensuring the system's security. However, the complexity of systems and software has increased over time. As a result, the likelihood of system failures and vulnerabilities has also grown. For this reason, employing manual anomaly detection approaches is impractical. This work proposes the use of a Convolutional Neural Network for log-based anomaly detection and enhances a log parsing method through parameter entity labeling. We have chosen the ThunderBird and BlueGene/L datasets for our experiments, employing a down-sampling technique to address data imbalance issues and reduce model training time. The results show that when comparing the detection outcomes of models trained with the down-sampled training dataset and models trained with the full training dataset (without using down-sampling), the models trained with the full training dataset exhibit higher recall, while their precision and specificity remain comparable. Additionally, the results indicate that our approach demonstrates slightly better detection performance than the previous log parsing method. Precision, recall, and specificity reach 0.9999, 0.9933, and 0.9914, respectively, when experimenting with the ThunderBird dataset.