Committee Chair

Xie, Mengjun

Committee Member

Qin, Hong; Yang, Li

Department

Dept. of Computer Science and Engineering

College

College of Engineering and Computer Science

Publisher

University of Tennessee at Chattanooga

Place of Publication

Chattanooga (Tenn.)

Abstract

Log files contain valuable information for detecting abnormal behavior. To detect anomalies, researchers have proposed representing log files as knowledge graphs (KGs) and using KG completion (KGC) techniques to predict new facts. However, current research in this area is limited, and there is no end-to-end system that includes both KG generation and KGC for log-based anomaly detection. In this study, we present an end-to-end system that utilizes graph neural networks (GNNs) and KGC to detect anomalies in log files. The proposed system has two main components. The first component employs templates to generate a KG from logs that capture normal behavior. The second component applies KG embedding models enhanced with GNN layers to the generated KG and employs KGC to determine suspiciousness of new information through binary classification. We evaluated the proposed method using two public datasets with standard KGC metrics. The experimental results demonstrate its promising potential.

Acknowledgments

This endeavor would not have been possible without Dr. Mengjun Xie, my committee chair and advisor, who helped decide my thesis topic and offered valuable aid throughout the research, development, and writing process. I am also extremely grateful to the other members of my committee, Drs. Hong Qin and Li Yang, for their feedback and support. Additionally, I could not have undertaken this project without the generous support from the National Security Agency, who funded my research. Special thanks should go to my wife for her unwavering love, support, and encouragement. I am also grateful to my friends and family, especially my parents, for holding me accountable, working around my odd hours, and for their love and support. Of course, I would be remiss in not mentioning my dog Bailey, who encouraged me to take frequent breaks from my work.

Degree

M. S.; A thesis submitted to the faculty of the University of Tennessee at Chattanooga in partial fulfillment of the requirements of the degree of Master of Science.

Date

8-2023

Subject

Computer systems; Computer system failures; Machine learning

Keyword

log file; anomaly detection; knowledge graph; graph neural network

Document Type

Masters theses

DCMI Type

Text

Extent

xii, 60 leaves

Language

English

Rights

http://rightsstatements.org/vocab/InC/1.0/

License

http://creativecommons.org/licenses/by/4.0/

Download

Share

COinS