Anomaly detection for Linux system log

Thumbnail Image

Files

master_Ma_Rongjun_2020.pdf (2.01 MB)

URL

Journal Title

Journal ISSN

Volume Title

Perustieteiden korkeakoulu | Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.

Authors

Date

2020-12-14

Department

Major/Subject

Human Computer Interaction and Design

Mcode

SCI3020

Degree programme

Master's Programme in ICT Innovation

Language

en

Pages

46+9

Series

Abstract

The goal of this study is to develop effective methods for detecting anomalies in Linux Syslog collected during CI/CD deployment. The automatic detection will help improve developers' efficiency of debugging by saving much time that is spent on manually searching for errors in the sea of logs. For this purpose, two different types of anomaly detection methods are evaluated, namely workflow-based method and PCA-based method. During the experiment, different Natural language processing (NLP) methods such as word2vec and TF-IDF are tested for preprocessing and encoding the log message body. Long short-term memory (LSTM) and Principal component analysis (PCA) models are implemented separately as the representatives for the two types of methods mentioned above. The experiment results of both methods turn out to surpass the performance of the baseline method stupid backoff, which is the current solution used by the thesis sponsor company. LSTM and PCA both reach a relatively balanced performance of recall and precision. As a harmonic indicator, the F1 score for PCA reaches 0.9043 and, for LSTM it is 0.9124, while the baseline is 0.6411. In the conclusion section, different suitable use cases of different methods are discussed. These two methods proposed in this thesis contributes towards detecting syslog anomalies in an unsupervised manner when no label is provided.

Description

Supervisor

Nieminen, Mika

Thesis advisor

Koivistoinen, Ossi

Keywords

anomaly detection, machine learning, CI/CD, LSTM, PCA

Other note

Citation

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-2020122056370

Collections

[dipl] Perustieteiden korkeakoulu / SCI