Anomaly detection is a key step in ensuring the security and reliability of large-scale distributed systems. Analyzing system logs through artificial intelligence methods can quickly detect anomalies and thus help maintenance personnel to maintain system security. Most of the current works only focus on the temporal or spatial features of distributed system logs, and they cannot sufficiently extract the global features of distributed system logs to achieve a good correct rate of anomaly detection. To further address the shortcomings of existing methods, this paper proposes a deep learning model with global spatiotemporal features to detect the presence of anomalies in distributed system logs. First, we extract semi-structured log events from log templates and model them as natural language. In addition, we focus on the temporal characteristics of logs using the bidirectional long short-term memory network and the spatial invocation characteristics of logs using the Transformer. Extensive experimental evaluations show the advantages of our proposed model for distributed system log anomaly detection tasks. The optimal F1-Score on three open-source datasets and our own collected distributed system datasets reach 98.04%, 94.34%, 88.16%, and 97.40%, respectively.

中文翻译：

---

使用基于深度学习的日志分析进行分布式系统异常检测

异常检测是保证大规模分布式系统安全可靠的关键步骤。通过人工智能方法分析系统日志，可以快速发现异常情况，从而帮助维护人员维护系统安全。目前大多数工作仅关注分布式系统日志的时间或空间特征，无法充分提取分布式系统日志的全局特征以实现良好的异常检测正确率。为了进一步解决现有方法的缺点，本文提出了一种具有全局时空特征的深度学习模型来检测分布式系统日志中是否存在异常。首先，我们从日志模板中提取半结构化日志事件并将其建模为自然语言。此外，我们重点关注使用双向长短期记忆网络的日志的时间特征和使用 Transformer 的日志的空间调用特征。广泛的实验评估表明了我们提出的分布式系统日志异常检测任务模型的优势。在三个开源数据集和我们自己收集的分布式系统数据集上的最佳 F1-Score 分别达到 98.04%、94.34%、88.16% 和 97.40%。