TY - GEN
T1 - LogAD
T2 - 2025 IEEE International Conference on Joint Cloud Computing, JCC 2025
AU - Wang, Guangzu
AU - Zhang, Lingzhi
AU - Wang, Jinghao
AU - Wo, Tianyu
AU - Wang, Xu
AU - Hu, Chunming
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - With the increasing complexity of software systems, log-based anomaly detection has become critical for ensuring system reliability. However, existing methods often suffer from limited feature integration and insufficient semantic representation, leading to unstable detection performance. To address these challenges, this paper proposes a multi-feature fusion framework for log anomaly detection, leveraging heterogeneous graph neural networks (HGNNs) to capture rich semantic relationships. First, we design a hybrid preprocessing pipeline that combines log parsing (via Drain), session-fixed window grouping, and hybrid label estimation using HDBSCAN clustering and HNSW-based similarity search. This step mitigates label scarcity while enhancing feature representation robustness. Second, we construct a heterogeneous graph with three node types—log sequences, templates, and parameters—to model interdependencies between log events through meta-paths, enabling comprehensive feature fusion. Third, a heterogeneous graph attention network (HGAT) with multi-head attention is developed to prioritize critical patterns across meta-paths, improving anomaly discrimination. Experimental results on benchmark datasets demonstrate that our model outperforms state-of-the-art baselines in accuracy and F1-score. Furthermore, we implement LogAD, an automated detection tool integrating ELK-stack-based log management, multi-feature anomaly detection, and security-focused operational support. The system’s visualization interface and efficient processing pipeline provide a practical solution for real-world deployment. This work advances log analysis by bridging feature isolation and semantic sparsity, offering both algorithmic innovation and engineering applicability.
AB - With the increasing complexity of software systems, log-based anomaly detection has become critical for ensuring system reliability. However, existing methods often suffer from limited feature integration and insufficient semantic representation, leading to unstable detection performance. To address these challenges, this paper proposes a multi-feature fusion framework for log anomaly detection, leveraging heterogeneous graph neural networks (HGNNs) to capture rich semantic relationships. First, we design a hybrid preprocessing pipeline that combines log parsing (via Drain), session-fixed window grouping, and hybrid label estimation using HDBSCAN clustering and HNSW-based similarity search. This step mitigates label scarcity while enhancing feature representation robustness. Second, we construct a heterogeneous graph with three node types—log sequences, templates, and parameters—to model interdependencies between log events through meta-paths, enabling comprehensive feature fusion. Third, a heterogeneous graph attention network (HGAT) with multi-head attention is developed to prioritize critical patterns across meta-paths, improving anomaly discrimination. Experimental results on benchmark datasets demonstrate that our model outperforms state-of-the-art baselines in accuracy and F1-score. Furthermore, we implement LogAD, an automated detection tool integrating ELK-stack-based log management, multi-feature anomaly detection, and security-focused operational support. The system’s visualization interface and efficient processing pipeline provide a practical solution for real-world deployment. This work advances log analysis by bridging feature isolation and semantic sparsity, offering both algorithmic innovation and engineering applicability.
KW - GNN
KW - Log anomaly detection
KW - Multi-feature fusion
UR - https://www.scopus.com/pages/publications/105016100566
U2 - 10.1109/JCC67032.2025.00016
DO - 10.1109/JCC67032.2025.00016
M3 - 会议稿件
AN - SCOPUS:105016100566
T3 - Proceedings - 2025 IEEE International Conference on Joint Cloud Computing, JCC 2025
SP - 83
EP - 90
BT - Proceedings - 2025 IEEE International Conference on Joint Cloud Computing, JCC 2025
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 21 July 2025 through 24 July 2025
ER -