Qin, Hong; Yang, Li
College of Engineering and Computer Science
University of Tennessee at Chattanooga
Place of Publication
Log files contain valuable information for detecting abnormal behavior. To detect anomalies, researchers have proposed representing log files as knowledge graphs (KGs) and using KG completion (KGC) techniques to predict new facts. However, current research in this area is limited, and there is no end-to-end system that includes both KG generation and KGC for log-based anomaly detection. In this study, we present an end-to-end system that utilizes graph neural networks (GNNs) and KGC to detect anomalies in log files. The proposed system has two main components. The first component employs templates to generate a KG from logs that capture normal behavior. The second component applies KG embedding models enhanced with GNN layers to the generated KG and employs KGC to determine suspiciousness of new information through binary classification. We evaluated the proposed method using two public datasets with standard KGC metrics. The experimental results demonstrate its promising potential.
This endeavor would not have been possible without Dr. Mengjun Xie, my committee chair and advisor, who helped decide my thesis topic and offered valuable aid throughout the research, development, and writing process. I am also extremely grateful to the other members of my committee, Drs. Hong Qin and Li Yang, for their feedback and support. Additionally, I could not have undertaken this project without the generous support from the National Security Agency, who funded my research. Special thanks should go to my wife for her unwavering love, support, and encouragement. I am also grateful to my friends and family, especially my parents, for holding me accountable, working around my odd hours, and for their love and support. Of course, I would be remiss in not mentioning my dog Bailey, who encouraged me to take frequent breaks from my work.
M. S.; A thesis submitted to the faculty of the University of Tennessee at Chattanooga in partial fulfillment of the requirements of the degree of Master of Science.
Computer systems; Computer system failures; Machine learning
xii, 60 leaves
Payne, Lucas, "Log file anomaly detection using knowledge graphs and graph neural networks" (2023). Masters Theses and Doctoral Dissertations.