Abstract
Anomalies of software systems cause inconvenience for users and further lead to significant financial losses for service providers. Detecting such anomalies is therefore crucial. While different approaches have been applied to system logs for anomaly detection, few studies explore graph-based models. In this paper, we introduce a novel log anomaly detection system that combines techniques of knowledge graph learning and recurrent deep learning. We treat log templates extracted from log data as entity nodes in a knowledge graph with these nodes being connected by their connectivity and position relations. By deriving node and relation embeddings, distance scores of log template sequences can be calculated and fed into an LSTM-based classifier to identify system anomalies. The experimental results based on a substantial dataset demonstrate our model’s superior performance in terms of precision, recall, and F1 measures compared to state-of-the-art methods.