DeepEAD: Explainable Anomaly Detection from System Logs

    •  Wang, X., Kim, K.J., Wang, Y., Koike-Akino, T., Parsons, K., "DeepEAD: Explainable Anomaly Detection from System Logs", IEEE International Conference on Communications (ICC), May 2023.
      BibTeX TR2023-050 PDF
      • @inproceedings{Wang2023may,
      • author = {Wang, Xinda and Kim, Kyeong Jin and Wang, Ye and Koike-Akino, Toshiaki and Parsons, Kieran},
      • title = {DeepEAD: Explainable Anomaly Detection from System Logs},
      • booktitle = {IEEE International Conference on Communications (ICC)},
      • year = 2023,
      • month = may,
      • url = {}
      • }
  • MERL Contacts:
  • Research Areas:

    Artificial Intelligence, Machine Learning


System logs record rich information for system events. Practical anomaly detection from system logs should be able to address three challenges: 1) understanding complicated attributes in event logs; 2) extracting complex context relations among events; and 3) providing concrete explanations to human analysts. In this paper, we develop an attention-equipped encoder- decoder system to capture context from system logs for explain- able anomaly detection. For each target event, we collect its nearby events in chronological order as its context events. Instead of using a recurrent neural network-based encoder like previous works, we adopt a Transformer-based encoder to extract complex relations among context events and their attributes. Then, a context vector is generated and passed to the decoder, where an attention matrix is learned and used to weigh the context events for detecting the anomalies. Evaluation on the large-scale real-world Los Alamos National Laboratory dataset shows that, compared with existing works, our methods can provide fine- grained one-to-one attention to help explain the importance of each attribute in the context events to the prediction, without sacrificing detection performance.