Lu Li,Yi Man,Mo Chen

DOI: https://doi.org/10.1007/978-3-319-74521-3_9

2018-01-01

Abstract:With the development of the telecommunication network, more and more devices are used in the network, which has been a burden for the network operation and maintenance. At the same time, network devices generate large amounts of log data every day, recording the activities of each device in detail. As a result, the log can reflect the performance of network state, and sometimes, we can predict the occurrence of network failure based on the log. However, since the log has such features: big volume, multi-source heterogeneous and difficult to understand, people have not reasonably used it to analyze and predict network failure. Therefore, we propose a method for structuring a large number of device logs in the short term, and use the data generated from a real communication device network to verify the effect. Besides, we compare our method with the traditional log parsers, such as regular expressions, LogSig, etc. to demonstrate the efficient processing performance and accurate pattern extraction analysis for massive network device logs.

Weiwei Cao,Chen Liu,Yanbo Han

DOI: https://doi.org/10.1007/978-3-030-30952-7_27

2019-01-01

Abstract:Predictive maintenance aims at enabling proactive scheduling of maintenance, and thus prevents unexpected equipment failures. Most approaches focus on predicting failures occurring within individual sensors. However, a failure is not always isolated. The complex dependencies between different sensors result in complex temporal dependencies across multi anomaly events. Therefore, mining such temporal dependencies are valuable as it can help forecast future anomalies in advance and identifying the possible root causes for an observable anomaly. In this paper, we transform the temporal dependency mining problem into a frequent co-occurrence pattern mining problem and propose a temporal dependency mining algorithm to capture temporal dependency among multi anomaly events. Finally, we have made a lot of experiments to show the effectiveness of our approach based on a real dataset from a coal power plant.

Yan Tang,Feifei Li,Hongyan Li

DOI: https://doi.org/10.1109/fskd.2012.6233766

2012-01-01

Abstract:In many data stream applications, data segments which are sequential and complicatedly changeable always imply great domain specific value. Especially in the field of medical survey, mining such sequential data segments will help making diagnosis. We discovered that, based on extensive analysis, although containing rich semantics, these data segments are actually composed of some certain basic units, and these units can form different kinds of complex patterns with duplication or lack in certain positions considering a temporal logic. Therefore, we present a scalable pattern mining method. With this method, the Scalable Pattern Tree (SPTree) structure is designed to support the expression of scalable semantics and efficient mining. At last, the experimental results on real datasets prove that our method is feasible and efficient.

Jiawei Liu,Zhirong Hou,Ying Li

DOI: https://doi.org/10.1007/978-3-030-27615-7_5

2019-01-01

Abstract:Large-scale distributed system suffers from the problem that system manager can't discover, locate and fix system anomaly in time when system malfunctions. People often use system logs for anomaly detection. However, manually inspecting system logs to detect anomaly is unfeasible due to the increasing scale and complexity of distributed systems. As a result, various methods of automatically mining log patterns for anomaly detection have been developed. Existing methods for log pattern mining have drawbacks of either time-consuming or low-accuracy. In order to address these problems, we propose Lopper, a hybrid clustering tree for online log pattern mining. Our method accelerates the mining process by clustering raw log data in one-pass manner and ensures the accuracy by merging and combing similar patterns with different kernel functions in each step. We evaluate our method on massive sets of log data generated in different industrial applications. The experimental results show that Lopper achieves the accuracy with 92.26% on average which is much better than comparative methods and remains high efficiency at the same time. We also conduct experiments on system anomaly detection task using the log patterns generated by Lopper, the results show an average F-Measure performance of 91.97%, which further proves the effectiveness of Lopper.

Yi Yang,Da Yan,Huanhuan Wu,James Cheng,Shuigeng Zhou,John C. S. Lui

DOI: https://doi.org/10.1145/2939672.2939848

2016-01-01

Abstract:Many graphs in real-world applications, such as telecommunications networks, social-interaction graphs and co-authorship graphs, contain temporal information. However, existing graph mining algorithms fail to exploit these temporal information and the resulting subgraph patterns do not contain any temporal attribute. In this paper, we study the problem of mining a set of diversified temporal subgraph patterns from a temporal graph, where each subgraph is associated with the time interval that the pattern spans. This problem motivates important applications such as finding social trends in social networks, or detecting temporal hotspots in telecommunications networks. We propose a divide-and-conquer algorithm along with effective pruning techniques, and our approach runs 2 to 3 orders of magnitude faster than a baseline algorithm and obtains high-quality temporal subgraph patterns in real temporal graphs.

Rui Ren,Xiaoyu Fu,Jianfeng Zhan,Wei Zhou

DOI: https://doi.org/10.48550/arXiv.1003.0951

2013-01-15

Abstract:This paper presents a methodology and a system, named LogMaster, for mining correlations of events that have multiple attributions, i.e., node ID, application ID, event type, and event severity, in logs of large-scale cluster systems. Different from traditional transactional data, e.g., supermarket purchases, system logs have their unique characteristic, and hence we propose several innovative approaches to mine their correlations. We present a simple metrics to measure correlations of events that may happen interleavedly. On the basis of the measurement of correlations, we propose two approaches to mine event correlations; meanwhile, we propose an innovative abstraction: event correlation graphs (ECGs) to represent event correlations, and present an ECGs based algorithm for predicting events. For two system logs of a production Hadoop-based cloud computing system at Research Institution of China Mobile and a production HPC cluster system at Los Alamos National Lab (LANL), we evaluate our approaches in three scenarios: (a) predicting all events on the basis of both failure and non-failure events; (b) predicting only failure events on the basis of both failure and non-failure events; (c) predicting failure events after removing non-failure events.

Distributed, Parallel, and Cluster Computing

Jingtian Zhang,Lidan Shou,Sai Wu,Gang Chen,Ke Chen

DOI: https://doi.org/10.1016/j.eswa.2019.112946

IF: 8.5

2019-01-01

Expert Systems with Applications

Abstract:A typical mining task is to retrieve all frequent patterns from a multi-dimensional dataset. Those patterns give us a basic idea of how the data look like and the hidden inherent regularities. However, this is only useful for an unfamiliar dataset, while for datasets that are analyzed periodically, "unexpected" patterns are more interesting (e.g., some customers decided to subscribe to long-term deposits despite the burden of housing loan). In this paper, we propose a new mining job, unexpected mining, which targets at retrieving frequent patterns that are not valid in a reference dataset, but are significant enough in a specific subgroup. Given a reference dataset, we step by step generate all unexpected patterns for all subgroups. We extend existing mining approaches to support the new mining job efficiently. In particular, our scheme consists of an offline process and an online process. Offline process generates candidate patterns and builds an index table. Online process can retrieve unexpected patterns from user-defined subgroups and a given support. Experiments on real datasets show that our approach can find interesting patterns and is very efficient compared to existing approaches. (C) 2019 Elsevier Ltd. All rights reserved.

Xinjie Wei,Jie Wang,Chang‐ai Sun,Dave Towey,Shoufeng Zhang,Wanqing Zuo,Yiming Yu,Ruoyi Ruan,Guyang Song

DOI: https://doi.org/10.1002/smr.2650

2024-02-09

Journal of Software Evolution and Process

Abstract:A log‐based anomaly‐detection framework that identifies and highlights log‐grouping and feature‐pattern mining steps. A systematic review of state‐of‐the‐art log‐grouping and feature‐pattern mining techniques. An industry experience using Ray, Hadoop, and BlueGene/L reveals the gaps between theory and industrial settings, pointing out several open issues based on these gaps. Distributed systems have been widely used in many safety‐critical areas. Any abnormalities (e.g., service interruption or service quality degradation) could lead to application crashes or decrease user satisfaction. These things may cause serious economic losses. Among the various quality assurance approaches for distributed systems, log‐based anomaly detection (LAD) has become a popular research topic. Its popularity relates to system logs being able to record and reveal important run‐time information. This paper presents a general LAD framework for distributed systems. Log grouping and feature‐pattern mining are two crucial LAD components that impact on the anomaly‐detection effectiveness. We also present a systematic survey of techniques in these two directions; propose classification frameworks for log grouping and feature patterns; and summarize four log‐grouping techniques and five feature patterns (which refer to invariant relationships among logs that can be used for anomaly detection). To evaluate their applicability, we report on the findings when applying existing techniques to Ray, a popular industrial distributed system. Based on these findings, several open issues are identified, which provide potential guidance for future research and development.

computer science, software engineering

Len Feremans,Vincent Vercruyssen,Wannes Meert,Boris Cule,Bart Goethals

DOI: https://doi.org/10.1007/978-3-030-48861-1_1

2020-01-01

Abstract:In the present-day, sensor data and textual logs are generated by many devices. Analysing these time series data leads to the discovery of interesting patterns and anomalies. In recent years, numerous algorithms have been developed to discover interesting patterns in time series data as well as detect periods of anomalous behaviour. However, these algorithms are challenging to apply in real-world settings. We propose a framework, consisting of generic transformations, that allows to combine state-of-the-art time series representation, pattern mining, and pattern-based anomaly detection algorithms. Using an early- or late integration our framework handles a mix of multi-dimensional continuous series and event logs. In addition, we present an open-source, lightweight, interactive tool that assists both pattern mining and domain experts to select algorithms, specify parameters, and visually inspect the results, while shielding them from the underlying technical complexity of implementing our framework.

Xin Li,Zhi-Hong Deng,Hao Ma,Shi-Wei Tang,Bei Zhang

DOI: https://doi.org/10.1016/j.eswa.2010.06.012

IF: 8.5

2010-01-01

Expert Systems with Applications

Abstract:The main objective of network monitoring is to discover the event patterns that happen frequently. In this paper, we have intensively studied the techniques used to mine frequent patterns from network data flow. We devel-oped a powerful class of algorithms to deal with a series of problems when min-ing frequent patterns from network data flow. We experimentally evaluate our algorithms on real datasets collected from the campus network of Peking Uni-versity. The experimental results show these algorithms are efficient.

Ning Li,Yang Gao,Guifeng Tang,Shifu Chen

DOI: https://doi.org/10.1007/978-3-540-24655-8_106

2004-01-01

Abstract:In this paper, the problem of discovering sequential patterns from the Web log is discussed and an algorithm of sequential patterns mining is brought forward. First, the data in the Web server log file is cleaned and the temporal set about every user is constructed. After the analysis of the temporal set, Markov decision process is applied to model Web log. Then, the sequential patterns of user behaviors are mined by means of reinforcement learning technology. Finally the experiment shows that our mining algorithm is effective.

Jia Chen,Peng Wang,Fan Qiao,Shi-Qing Du,Wei Wang

2022-01-01

Abstract:As software systems grow more and more complex,extensive techniques have been proposed to analyze log data to obtain the insight of the system status.However,during log data analysis,tedious manual efforts are paid to search interesting or informative log patterns from a huge volume of log data,named pattern-based queries.Although existing log management tools and database management systems can also support pattern-based queries,they suffer from low efficiency.To deal with this problem,we propose a novel approach,named PLQ(Pattern-based Log Query).First,PLQ organizes logs into disjoint chunks and builds chunk-wise bitmap indexes for log types and attribute values.Then,based on bitmap indexes,PLQ finds candidate logs with a set of efficient bit-wise operations.Finally,PLQ fetches candidate logs and validates them according to the queried pattern.Extensive experiments are conducted on real-life datasets.According to experimental results,compared with existing log management systems,PLQ is more efficient in querying log patterns and has a higher pruning rate for filtering irrelevant logs.Moreover,in PLQ,since the ratio of the index size to the data size does not exceed 2.5％for log datasets of different sizes,PLQ has a high scalability.

Xingquan Zhu,Bin Li,Xindong Wu,Dan He,Chengqi Zhang

DOI: https://doi.org/10.1016/j.dss.2011.05.002

IF: 6.969

2011-01-01

Decision Support Systems

Abstract:The purpose of data mining from distributed information systems is usually threefold: (1) identifying locally significant patterns in individual databases; (2) discovering emerging significant patterns after unifying distributed databases in a single view; and (3) finding patterns which follow special relationships across different data collections. While existing research has significantly advanced the techniques for mining local and global patterns (the first two goals), very little attempt has been made to discover patterns across distributed databases (the third goal). Moreover, no framework currently exists to support the mining of all three types of patterns. This paper proposes solutions to discover patterns from distributed databases. More specifically, we consider pattern mining as a query process where the purpose is to discover patterns from distributed databases with patterns' relationships satisfying user specified query constraints. We argue that existing self-contained mining frameworks are neither efficient, nor feasible to fulfill the objective, mainly because their pattern pruning is single-database oriented. To solve the problem, we advocate a cross-database pruning concept and propose a collaborative pattern (CLAP) mining framework with cross-database pruning mechanisms for distributed pattern mining. In CLAP, distributed databases collaboratively exchange pattern information between sites so that each site can leverage information from other sites to gain cross-database pruning. Experimental results show that CLAP fits a niche position, and demonstrate that CLAP not only outperforms its other peers with significant runtime performance gains, but also helps find patterns incapable of being discovered by others.

Xixi Lu,Dirk Fahland,Robert Andrews,Suriadi Suriadi,Moe T. Wynn,Arthur H. M. ter Hofstede,Wil M. P. van der Aalst

DOI: https://doi.org/10.1007/978-3-319-69462-7_11

2017-01-01

Abstract:Process mining offers a variety of techniques for analyzing process execution event logs. Although process discovery algorithms construct end-to-end process models, they often have difficulties dealing with the complexity of real-life event logs. Discovered models may contain either complex or over-generalized fragments, the interpretation of which is difficult, and can result in misleading insights. Detecting and visualizing behavioral patterns instead of creating model structures can reduce complexity and give more accurate insights into recorded behaviors. Unsupervised detection techniques, based on statistical properties of the log only, generate a multitude of patterns and lack domain context. Supervised pattern detection requires a domain expert to specify patterns manually and lacks the event log context. In this paper, we reconcile supervised and unsupervised pattern detection. We visualize the log and help users extract patterns of interest from the log or obtain patterns through unsupervised learning automatically. Pattern matches are visualized in the context of the event log (also showing concurrency and additional contextual information). Earlier patterns can be extended or modified based on the insights. This enables an interactive and iterative approach to identify complex and concrete behavioral patterns in event logs. We implemented our approach in the ProM framework and evaluated the tool using both the BPI Challenge 2012 log of a loan application process and an insurance claims log from a major Australian insurance company.

Qiang Yang,Hui Wang,Wei Zhang

2002-01-01

Abstract:The web log data embed much of web users' browsing behavior. From the web logs, one can discover patterns that predict the users' future requests based on their current behavior. These web data are very complex due to their large size and sequential nature. In the past, researchers have proposed different methods to predict what pages will be visited next based on their present visit patterns. In this paper, we extend this work to discover patterns that can predict when these web page accesses will occur. Our method is based on a novel extension of association rule classification method. We extend the traditional association rules by including the temporal information explicitly in each rule, and reason about the confidence of each prediction in terms of its temporal region. We compare two different methods for temporal event prediction, demonstrate the effectiveness of our methods empirically on realistic web logs, and explore the tradeoff between prediction accuracy and data mining time for our models.

Xiaoming Jin,Yuchang Lu,Chunyi Shi

DOI: https://doi.org/10.1007/3-540-47887-6_47

2002-01-01

Abstract:In recent years, there bas been increased interest in using data mining techniques to extract temporal rules from temporal sequences. Local temporal rules, which only a subsequence exhibits, are actually very common in practice. Efficient discovery of the time duration in which temporal rules are valid could benefit KDD of many real applications. In this paper, we present a novel problem class that is the discovery of the distribution of temporal rules. We simplify the mining problem and depict a model that could represent this knowledge clearly, uniquely and efficiently. Our methods include four online dividing strategies for different mining interest, an incremental algorithm for measuring rule-sets, and an algorithm for mining this knowledge. We have analyzed the behavior of the problem and our algorithms with both synthetic data and real data. The results correspond with the definition of our problem and reveal a kind of novel knowledge.

Xi Li,Ting Wang,Shexiong Wang

DOI: https://doi.org/10.1142/s0218126621502960

2021-01-01

Journal of Circuits Systems and Computers

Abstract:It draws researchers' attentions how to make use of the log data effectively without paying much for storing them. In this paper, we propose pattern-based deep learning method to extract the features from log datasets and to facilitate its further use at the reasonable expense of the storage performances. By taking the advantages of the neural network and thoughts to combine statistical features with experts' knowledge, there are satisfactory results in the experiments on some specified datasets and on the routine systems that our group maintains. Processed on testing data sets, the model is 5%, at least, more likely to outperform its competitors in accuracy perspective. More importantly, its schema unveils a new way to mingle experts' experiences with statistical log parser.

Jia Chen,Peng Wang,Fan Qiao,Shi-Qing Du,Wei Wang

DOI: https://doi.org/10.1007/s11390-020-0653-5

IF: 1.871

2022-01-01

Journal of Computer Science and Technology

Abstract:As software systems grow more and more complex, extensive techniques have been proposed to analyze log data to obtain the insight of the system status. However, during log data analysis, tedious manual efforts are paid to search interesting or informative log patterns from a huge volume of log data, named pattern-based queries. Although existing log management tools and database management systems can also support pattern-based queries, they suffer from low efficiency. To deal with this problem, we propose a novel approach, named PLQ (Pattern-based Log Query). First, PLQ organizes logs into disjoint chunks and builds chunk-wise bitmap indexes for log types and attribute values. Then, based on bitmap indexes, PLQ finds candidate logs with a set of efficient bit-wise operations. Finally, PLQ fetches candidate logs and validates them according to the queried pattern. Extensive experiments are conducted on real-life datasets. According to experimental results, compared with existing log management systems, PLQ is more efficient in querying log patterns and has a higher pruning rate for filtering irrelevant logs. Moreover, in PLQ, since the ratio of the index size to the data size does not exceed 2.5% for log datasets of different sizes, PLQ has a high scalability.

Xiaoming Jin,Yuchang Lu,Chunyi Shi

2002-01-01

Abstract:In recent years, there has been increased interest in using data mining techniques to extract frequent patterns from temporal sequences. Previous work mainly considers finding global patterns, where every record in the temporal sequence contributes to support the patterns. However, local patterns, which are frequent only in some time durations, are actually very common in practice and are potentially very useful. In this paper, we present a problem class that is the discovery of local sequential patterns with the format "if A occurs, then B occurs within time T". We describe an index structure that support efficient locating and counting of the instances of local patterns. Based on the index, we propose a two-phase method for efficiently mining of local patterns. We have analyzed the behavior of the problem and evaluated the performance of our algorithm with both synthetic and real data. The results correspond with the definition of our problem and reveal a kind of novel knowledge. In addition, the experiment verified the superiority of our approach. Keywords.

Xm Jin,Yc Lu,Cy Shi

DOI: https://doi.org/10.1007/3-540-36087-5_4

2002-01-01

Abstract:In this paper, we address a data-mining problem that is the discovery of local sequential patterns from a set of long sequences. Each local sequential pattern is represented by a pattern A-->B and a time period in which A-->B is frequent. Such patterns are actually very common in practice and are potentially very useful. However it is impractical to use traditional methods on this problem directly. We propose a suffix-tree-like data structure for indexing the instances of the patterns. Based on this index, our mining method can discover all locally frequent patterns after one scan of the sequences. We have analyzed the behavior of the problem and evaluated the performance of our algorithm with both synthetic and real data. The results correspond with the definition of the problem and verify the superiority of our approach.