ZTE Communications ›› 2021, Vol. 19 ›› Issue (3): 88-94.DOI: 10.12142/ZTECOM.202103011

• Research Paper • Previous Articles    

Feedback‑Aware Anomaly Detection Through Logs for Large‑Scale Software Systems

HAN Jing1(), JIA Tong2, WU Yifan2, HOU Chuanjia2, LI Ying2   

  1. 1.ZTE Corporation, Shenzhen 518057, China
    2.Peking University, Beijing 100091, China
  • Received:2021-02-04 Online:2021-09-25 Published:2021-10-11
  • About author:HAN Jing (han.jing28@zte.com.cn) received her master’s degree from Nanjing University of Aeronautics and Astronautics, China. She has been with ZTE Corporation since 2000, where she had been engaged in 3G/4G key technologies from 2000 to 2016. She has become a technical director responsible for intelligent operation of cloud platforms and wireless networks since 2016. Her research interests include machine learning, data mining, and signal processing.|JIA Tong is a doctoral researcher at Department of Computer Science and Technology, Peking University, China. His research interests include distributed computing and algorithmic IT operations.|WU Yifan is pursuing his doctorate at School of Software and Microelectronics in Peking University, China. His research mainly focuses on distributed computing and algorithmic IT operations.|HOU Chuanjia is pursuing his master’s degree at School of Software and Microelectronics in Peking University, China. His research focuses on algorithmic IT operations.|LI Ying is a researcher at National Engineering Research Center for Software Engineering, Peking University, China. She is also a professor of School of Software and Microelectronics, Peking University. Her research interests include distributed computing and trusted computing.
  • Supported by:
    ZTE Industry-University-Institute Cooperation Funds(20200492)

Abstract:

One particular challenge for large?scale software systems is anomaly detection. System logs are a straightforward and common source of information for anomaly detection. Existing log?based anomaly detectors are unusable in real?world industrial systems due to high false?positive rates. In this paper, we incorporate human feedback to adjust the detection model structure to reduce false positives. We apply our approach to two industrial large?scale systems. Results have shown that our approach performs much better than state?of?the-art works with 50% higher accuracy. Besides, human feedback can reduce more than 70% of false positives and greatly improve detection precision.

Key words: human feedback, log?based anomaly detection, system log