{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T07:20:49Z","timestamp":1760080849380,"version":"3.41.2"},"reference-count":50,"publisher":"Wiley","issue":"1","license":[{"start":{"date-parts":[[2023,9,20]],"date-time":"2023-09-20T00:00:00Z","timestamp":1695168000000},"content-version":"vor","delay-in-days":262,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61902080","61972104","62002072","61702120"],"award-info":[{"award-number":["61902080","61972104","62002072","61702120"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100012166","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["2019YFB1804403","2018YFB1802200"],"award-info":[{"award-number":["2019YFB1804403","2018YFB1802200"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004000","name":"Guangzhou Municipal Science and Technology Program key projects","doi-asserted-by":"publisher","award":["201803010081","202002020035","202102021078"],"award-info":[{"award-number":["201803010081","202002020035","202102021078"]}],"id":[{"id":"10.13039\/501100004000","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["onlinelibrary.wiley.com"],"crossmark-restriction":true},"short-container-title":["International Journal of Intelligent Systems"],"published-print":{"date-parts":[[2023,1]]},"abstract":"<jats:p>System log anomaly detection is important for ensuring stable system operation and achieving rapid fault diagnosis. System log sequences include data on the execution paths and time stamps of system tasks in addition to a large amount of semantic information, which enhances the reliability and effectiveness of anomaly detection. At the same time, considering the correlation between system log sequences can effectively improve fault diagnosis efficiency. However, the existing system log anomaly detection methods mostly consider only the sequence patterns or semantic information on the logs, so their anomaly detection results show a high rate of missed and false alarms. To solve these problems, this paper proposed an unsupervised log anomaly detection model (LogBASA) based on the system behavior analysis and global semantic awareness, aiming to decrease the leakage rate and increase the log sequence anomaly detection accuracy. First, a system log knowledge graph was constructed based on massive, unstructured, and multilevel system log data to represent log sequence patterns, which facilitates subsequent anomaly detection and localization. Then, a self\u2010attention encoder\u2010decoder transformer model was developed for log spatiotemporal association analysis. This model combines semantic mapping and spatiotemporal features of log sequences to analyze system behavior and log semantics in multiple dimensions. Furthermore, a system log anomaly detection method that combines adaptive spatial boundary delineation and sequence reconstruction objective functions was proposed. This method uses special words to characterize the log sequence states, delineates anomaly boundaries automatically, and reconstructs log sequences through unsupervised training for anomaly detection. Finally, the proposed method was verified by numerous experiments on three real datasets. The results indicate that the proposed method can achieve an accuracy rate of 99.3%, 95.1%, and 97.2% on HDFS, BGL, and Thunderbird datasets, which proves the effectiveness and superiority of the LogBASA model.<\/jats:p>","DOI":"10.1155\/2023\/3777826","type":"journal-article","created":{"date-parts":[[2023,9,20]],"date-time":"2023-09-20T19:50:09Z","timestamp":1695239409000},"update-policy":"https:\/\/doi.org\/10.1002\/crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["LogBASA: Log Anomaly Detection Based on System Behavior Analysis and Global Semantic Awareness"],"prefix":"10.1155","volume":"2023","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-0282-3817","authenticated-orcid":false,"given":"Liping","family":"Liao","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2551-9557","authenticated-orcid":false,"given":"Ke","family":"Zhu","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5123-1306","authenticated-orcid":false,"given":"Jianzhen","family":"Luo","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1695-483X","authenticated-orcid":false,"given":"Jun","family":"Cai","sequence":"additional","affiliation":[]}],"member":"311","published-online":{"date-parts":[[2023,9,20]]},"reference":[{"key":"e_1_2_10_1_2","doi-asserted-by":"publisher","DOI":"10.1109\/jiot.2022.3178873"},{"key":"e_1_2_10_2_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2017.03.012"},{"key":"e_1_2_10_3_2","doi-asserted-by":"publisher","DOI":"10.1109\/mts.2011.940293"},{"key":"e_1_2_10_4_2","doi-asserted-by":"crossref","unstructured":"LuS. WangX. andMaoL. Network security situation awareness based on network simulation Proceedings of the 2014 IEEE Workshop on Electronics Computer and Applications May 2014 Ottawa Canada 512\u2013517.","DOI":"10.1109\/IWECA.2014.6845671"},{"key":"e_1_2_10_5_2","first-page":"1","article-title":"The impact of cyber attacks on the private sector","volume":"12","author":"Watkins B.","year":"2014","journal-title":"Briefing Paper, Association for International Affair"},{"key":"e_1_2_10_6_2","doi-asserted-by":"publisher","DOI":"10.1109\/tdsc.2022.3162857"},{"key":"e_1_2_10_7_2","doi-asserted-by":"publisher","DOI":"10.1109\/tpds.2013.21"},{"key":"e_1_2_10_8_2","doi-asserted-by":"publisher","DOI":"10.1145\/3460345"},{"key":"e_1_2_10_9_2","doi-asserted-by":"crossref","unstructured":"ZhangX. XuY. LinQ. QiaoB. ZhangH. DangY. XieC. YangX. ChengQ. LiZ. andChenJ. Robust log-based anomaly detection on unstable log data Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering August 2019 Tallinn Estonia 807\u2013817.","DOI":"10.1145\/3338906.3338931"},{"key":"e_1_2_10_10_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-017-9518-0"},{"key":"e_1_2_10_11_2","doi-asserted-by":"crossref","unstructured":"LiuF. T. TingK. M. andZhouZ. H. Isolation forest Proceedings of the 2008 eighth ieee international conference on data mining December 2008 Pisa Italy 413\u2013422.","DOI":"10.1109\/ICDM.2008.17"},{"key":"e_1_2_10_12_2","doi-asserted-by":"crossref","unstructured":"LinQ. ZhangH. LouJ. G. ZhangY. andChenX. Log clustering based problem identification for online service systems Proceedings of the 38th International Conference on Software Engineering Companion May 2016 Austin TX USA 102\u2013111.","DOI":"10.1145\/2889160.2889232"},{"key":"e_1_2_10_13_2","doi-asserted-by":"publisher","DOI":"10.1162\/089976601750264965"},{"key":"e_1_2_10_14_2","doi-asserted-by":"crossref","unstructured":"LouJ. G. FuQ. YangS. LiJ. andWuB. Mining program workflow from interleaved traces Proceedings of the 16th ACM SIGKDD international conference on Knowledge discovery and data mining July 2010 Washington DC USA 613\u2013622.","DOI":"10.1145\/1835804.1835883"},{"key":"e_1_2_10_15_2","doi-asserted-by":"crossref","unstructured":"LuS. WeiX. LiY. andWangL. Detecting anomaly in big data system logs using convolutional neural network Proceedings of the 2018 IEEE 16th Intl Conf on Dependable Autonomic and Secure Computing 16th Intl Conf on Pervasive Intelligence and Computing 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC\/PiCom\/DataCom\/CyberSciTech) August 2018 Athens Greece 151\u2013158.","DOI":"10.1109\/DASC\/PiCom\/DataCom\/CyberSciTec.2018.00037"},{"key":"e_1_2_10_16_2","doi-asserted-by":"crossref","unstructured":"DuM. LiF. ZhengG. andSrikumarV. Deeplog: anomaly detection and diagnosis from system logs through deep learning Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security October 2017 Dallas Texas USA 1285\u20131298.","DOI":"10.1145\/3133956.3134015"},{"key":"e_1_2_10_17_2","doi-asserted-by":"crossref","unstructured":"GuoH. YuanS. andWuX. Logbert: log anomaly detection via bert Proceedings of the 2021 International Joint Conference on Neural Networks (IJCNN) July 2021 Shenzhen China 1\u20138.","DOI":"10.1109\/IJCNN52387.2021.9534113"},{"key":"e_1_2_10_18_2","doi-asserted-by":"crossref","unstructured":"MengW. LiuY. HuangY. ZhangS. ZaiterF. ChenB. andPeiD. A semantic-aware representation framework for online log analysis Proceedings of the 2020 29th International Conference on Computer Communications and Networks (ICCCN) August 2020 Honolulu HI USA 1\u20137.","DOI":"10.1109\/ICCCN49398.2020.9209707"},{"key":"e_1_2_10_19_2","first-page":"4739","article-title":"LogAnomaly: unsupervised detection of sequential and quantitative anomalies in unstructured logs","volume":"19","author":"Meng W.","year":"2019","journal-title":"IJCAI"},{"key":"e_1_2_10_20_2","unstructured":"DevlinJ. ChangM. W. LeeK. andToutanovaK. Bert: pre-training of deep bidirectional transformers for language understanding 2018 https:\/\/arxiv.org\/abs\/1810.04805."},{"key":"e_1_2_10_21_2","doi-asserted-by":"crossref","unstructured":"LiangY. ZhangY. XiongH. andSahooR. Failure prediction in ibm bluegene\/l event logs Proceedings of the IEEE International Conference on Data Mining (ICDM 2007) October 2007 Omaha NE USA 583\u2013588.","DOI":"10.1109\/ICDM.2007.46"},{"key":"e_1_2_10_22_2","doi-asserted-by":"crossref","unstructured":"DebnathB. SolaimaniM. GulzarM. A. G. AroraN. LumezanuC. XuJ. ZongB. ZhangH. JiangG. andKhanL. LogLens: a real-time log analysis system Proceedings of the 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS) July 2018 Vienna Austria 1052\u20131062.","DOI":"10.1109\/ICDCS.2018.00105"},{"key":"e_1_2_10_23_2","doi-asserted-by":"crossref","unstructured":"BeschastnikhI. BrunY. ErnstM. D. andKrishnamurthyA. Inferring models of concurrent systems from logs of their behavior with CSight Proceedings of the 36th International Conference on Software Engineering May 2014 Hyderabad India 468\u2013479.","DOI":"10.1145\/2568225.2568246"},{"key":"e_1_2_10_24_2","doi-asserted-by":"crossref","unstructured":"ChenM. ZhengA. X. LloydJ. JordanM. I. andBrewerE. Failure diagnosis using decision trees Proceedings of the International Conference on Autonomic Computing 2004. Proceedings May 2004 New York NY USA 36\u201343.","DOI":"10.1109\/ICAC.2004.1301345"},{"key":"e_1_2_10_25_2","doi-asserted-by":"publisher","DOI":"10.1049\/iet-net.2017.0188"},{"key":"e_1_2_10_26_2","doi-asserted-by":"crossref","unstructured":"BodikP. GoldszmidtM. FoxA. WoodardD. B. andAndersenH. Fingerprinting the datacenter: automated classification of performance crises Proceedings of the 5th European conference on Computer systems April 2010 Paris France 111\u2013124.","DOI":"10.1145\/1755913.1755926"},{"key":"e_1_2_10_27_2","doi-asserted-by":"crossref","unstructured":"HeS. ZhuJ. HeP. andLyuM. R. Experience report: system log analysis for anomaly detection Proceedings of the 2016 IEEE 27th International Symposium on Software Reliability Engineering (ISSRE) October 2016 Ottawa Canada 207\u2013218.","DOI":"10.1109\/ISSRE.2016.21"},{"key":"e_1_2_10_28_2","doi-asserted-by":"crossref","unstructured":"XuW. HuangL. FoxA. PattersonD. andJordanM. Online system problem detection by mining patterns of console logs Proceedings of the 2009 Ninth IEEE International Conference on Data Mining December 2009 Miami Beach FL USA 588\u2013597.","DOI":"10.1109\/ICDM.2009.19"},{"key":"e_1_2_10_29_2","doi-asserted-by":"crossref","unstructured":"XuW. HuangL. FoxA. PattersonD. andJordanM. I. Detecting large-scale system problems by mining console logs Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles October 2009 Big Sky MT USA 117\u2013132.","DOI":"10.1145\/1629575.1629587"},{"key":"e_1_2_10_30_2","doi-asserted-by":"crossref","unstructured":"FeremansL. VercruyssenV. CuleB. MeertW. andGoethalsB. Pattern-based anomaly detection in mixed-type time series Proceedings of the Machine Learning and Knowledge Discovery in Databases: European Conference ECML PKDD 2019 September 2020 W\u00fcrzburg Germany Springer 240\u2013256.","DOI":"10.1007\/978-3-030-46150-8_15"},{"key":"e_1_2_10_31_2","doi-asserted-by":"crossref","unstructured":"VaarandiR. A data clustering algorithm for mining patterns from event logs Proceedings of the 3rd IEEE Workshop on IP Operations & Management (IPOM 2003) (IEEE Cat. No.03EX764) October 2003 Kansas City MO USA 119\u2013126.","DOI":"10.1109\/IPOM.2003.1251233"},{"key":"e_1_2_10_32_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2021.108616"},{"key":"e_1_2_10_33_2","doi-asserted-by":"crossref","unstructured":"BrownA. TuorA. HutchinsonB. andNicholsN. Recurrent neural network attention mechanisms for interpretable system log anomaly detection Proceedings of the First Workshop on Machine Learning for Computing Systems June 2018 Tempe AZ USA 1\u20138.","DOI":"10.1145\/3217871.3217872"},{"key":"e_1_2_10_34_2","doi-asserted-by":"crossref","unstructured":"ZhangK. XuJ. MinM. R. JiangG. PelechrinisK. andZhangH. Automated IT system failure prediction: a deep learning approach Proceedings of the 2016 IEEE International Conference on Big Data (Big Data) December 2016 Washington DC USA 1291\u20131300.","DOI":"10.1109\/BigData.2016.7840733"},{"key":"e_1_2_10_35_2","doi-asserted-by":"crossref","unstructured":"WangZ. ChenZ. NiJ. LiuH. ChenH. andTangJ. Multi-scale one-class recurrent neural networks for discrete event sequence anomaly detection Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining August 2021 Singapore 3726\u20133734.","DOI":"10.1145\/3447548.3467125"},{"key":"e_1_2_10_36_2","doi-asserted-by":"crossref","unstructured":"WibisonoS. R.andKistijantoroA. I. Log anomaly detection using adaptive universal transformer Proceedings of the 2019 International Conference of Advanced Informatics: Concepts Theory and Applications (ICAICTA) September 2019 Yogyakarta Indonesia 1\u20136.","DOI":"10.1109\/ICAICTA.2019.8904299"},{"key":"e_1_2_10_37_2","doi-asserted-by":"publisher","DOI":"10.1109\/tnsm.2020.3034647"},{"key":"e_1_2_10_38_2","doi-asserted-by":"crossref","unstructured":"WanY. LiuY. WangD. andWenY. Glad-paw: graph-based log anomaly detection by position aware weighted graph attention network Proceedings of the Pacific-asia conference on knowledge discovery and data mining May 2021 Berlin Germany Springer 66\u201377.","DOI":"10.1007\/978-3-030-75762-5_6"},{"key":"e_1_2_10_39_2","doi-asserted-by":"crossref","unstructured":"HeP. ZhuJ. ZhengZ. andLyuM. R. Drain: an online log parsing approach with fixed depth tree Proceedings of the 2017 IEEE International Conference on Web Services (ICWS) June 2017 Honolulu HI USA 33\u201340.","DOI":"10.1109\/ICWS.2017.13"},{"key":"e_1_2_10_40_2","unstructured":"LiY. DuN. andBengioS. Time-dependent representation for neural event sequence prediction 2017 https:\/\/arxiv.org\/abs\/1708.00065."},{"key":"e_1_2_10_41_2","doi-asserted-by":"publisher","DOI":"10.3390\/app12105089"},{"key":"e_1_2_10_42_2","doi-asserted-by":"crossref","unstructured":"LeV. H.andZhangH. Log-based anomaly detection with deep learning: how far are we? Proceedings of the 44th International Conference on Software Engineering May 2022 Pittsburgh PA USA 1356\u20131367.","DOI":"10.1145\/3510003.3510155"},{"key":"e_1_2_10_43_2","doi-asserted-by":"crossref","unstructured":"LeV. H.andZhangH. Log-based anomaly detection without log parsing Proceedings of the 2021 36th IEEE\/ACM International Conference on Automated Software Engineering (ASE) November 2021 Melbourne Australia 492\u2013504.","DOI":"10.1109\/ASE51524.2021.9678773"},{"key":"e_1_2_10_44_2","unstructured":"KipfT. N.andWellingM. Semi-supervised classification with graph convolutional networks 2016 https:\/\/arxiv.org\/abs\/1609.02907."},{"key":"e_1_2_10_45_2","unstructured":"LouC. HuangP. andSmithS. Understanding detecting and localizing partial failures in large system software Proceedings of the 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI 20) February 2020 Santa Clara CA USA 559\u2013574."},{"key":"e_1_2_10_46_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102717"},{"key":"e_1_2_10_47_2","article-title":"Attention is all you need","volume":"30","author":"Vaswani A.","year":"2017","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_2_10_48_2","unstructured":"ChenZ. LiuJ. GuW. SuY. andLyuM. R. Experience report: deep learning-based system log analysis for anomaly detection 2021 https:\/\/arxiv.org\/abs\/2107.05908."},{"key":"e_1_2_10_49_2","doi-asserted-by":"crossref","unstructured":"OlinerA.andStearleyJ. What supercomputers say: a study of five system logs Proceedings of the 37th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN\u203207) June 2007 Edinburgh UK 575\u2013584.","DOI":"10.1109\/DSN.2007.103"},{"key":"e_1_2_10_50_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.icte.2020.06.003"}],"container-title":["International Journal of Intelligent Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/ijis\/2023\/3777826.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/ijis\/2023\/3777826.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1155\/2023\/3777826","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,12,31]],"date-time":"2024-12-31T05:18:37Z","timestamp":1735622317000},"score":1,"resource":{"primary":{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/10.1155\/2023\/3777826"}},"subtitle":[],"editor":[{"given":"Gianni","family":"Costa","sequence":"additional","affiliation":[]}],"short-title":[],"issued":{"date-parts":[[2023,1]]},"references-count":50,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2023,1]]}},"alternative-id":["10.1155\/2023\/3777826"],"URL":"https:\/\/doi.org\/10.1155\/2023\/3777826","archive":["Portico"],"relation":{},"ISSN":["0884-8173","1098-111X"],"issn-type":[{"type":"print","value":"0884-8173"},{"type":"electronic","value":"1098-111X"}],"subject":[],"published":{"date-parts":[[2023,1]]},"assertion":[{"value":"2023-03-13","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-08-30","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-09-20","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"3777826"}}