A1 Refereed original research article in a scientific journal
LogDLR: Unsupervised Cross-System Log Anomaly Detection Through Domain-Invariant Latent Representation
Authors: Zhou, Junwei; Ying, Shaowen; Wang, Shulan; Zhao, Dongdong; Xiang, Jianwen; Liang, Kaitai; Liu, Peng
Publisher: Institute of Electrical and Electronics Engineers (IEEE)
Publication year: 2025
Journal: IEEE Transactions on Dependable and Secure Computing
Volume: 22
Issue: 4
First page : 4456
Last page: 4471
ISSN: 1545-5971
eISSN: 1941-0018
DOI: https://doi.org/10.1109/TDSC.2025.3548050
Publication's open availability at the time of reporting: No Open Access
Publication channel's open availability : Partially Open Access publication channel
Web address : https://doi.org/10.1109/tdsc.2025.3548050
Log anomaly detection aims to discover abnormal events from massive log data to ensure the security and reliability of software systems. However, due to the heterogeneity of log formats and syntaxes across different systems, existing log anomaly detection methods often need to be designed and trained for specific systems, lacking generalization ability. To address this challenge, we propose LogDLR, a novel unsupervised cross-system log anomaly detection method. The core idea of LogDLR is to use universal sentence embeddings and a Transformer-based autoencoder to extract domain-invariant latent representations from log entries, which can effectively adapt to log format changes and capture semantic information and dependencies in log sequences. To obtain domain-invariant latent representations, we adopt a domain-adversarial training strategy, introducing a domain discriminator that competes with the Transformer-based encoder through a gradient reversal layer, forcing the encoder to learn shared knowledge between different system logs. Finally, the Transformer-based decoder detects anomalies based on the domain-invariant representations obtained by the encoder. We evaluate LogDLR in simulated cross-system scenarios using three publicly available log datasets. The experimental results show that LogDLR can handle heterogeneous logs effectively in cross-system scenarios and achieve efficient and accurate anomaly detection on both source and target systems.
