Recurrent Neural Network Attention Mechanisms for Interpretable System Log Anomaly Detection

Brown, Andy; Hutchinson, Brian J.; Tuor, Aaron R.; Nichols, Nicole M.

doi:10.1145/3217871.3217872

Title: Recurrent Neural Network Attention Mechanisms for Interpretable System Log Anomaly Detection

Conference · Mon Jun 11 00:00:00 EDT 2018

DOI:https://doi.org/10.1145/3217871.3217872· OSTI ID:1525466

Brown, Andy ^[1]; Hutchinson, Brian J. ^[2]; Tuor, Aaron R. ^[3]; Nichols, Nicole M. ^[3]

Western Washington University
WESTERN WASHINGTON UNIVERSITY
BATTELLE (PACIFIC NW LAB)

Deep learning has recently demonstrated state-of-the art performance on key tasks related to the maintenance of computer systems, such as intrusion detection, denial of service attack detection, hardware and software system failures, and malware detection. In these contexts, model interpretability is vital for administrator and analyst to trust and act on the automated analysis of machine learning models. Deep learning methods have been criticized as black box oracles which allow limited insight into decision factors. In this work we seek to "bridge the gap'' between the impressive performance of deep learning models and the need for interpretable model introspection. To this end we present recurrent neural network (RNN) language models augmented with attention for anomaly detection in system logs. Our methods are generally applicable to any computer system and logging source. By incorporating attention variants into our RNN language models we create opportunities for model introspection and analysis without sacrificing state-of-the art performance. We demonstrate model performance and illustrate model interpretability on an intrusion detection task using the Los Alamos National Laboratory (LANL) cyber security dataset, reporting upward of 0.99 area under the receiver operator characteristic curve despite being trained only on a single day's worth of data.

OSTI does not have a digital full text copy available. For more information, please see document availability, search WorldCat, or search Google Scholar.

Cite

Export

Save

Research Organization:: Pacific Northwest National Lab. (PNNL), Richland, WA (United States)

Sponsoring Organization:: USDOE

DOE Contract Number:: AC05-76RL01830

OSTI ID:: 1525466

Report Number(s):: PNNL-SA-133000

Resource Relation:: Conference: Proceedings of the 1st Workshop on Machine Learning for Computing Systems (MLCS 2018), June 12, 2018, Tempe, AZ

Country of Publication:: United States

Language:: English

Similar Records

Hierarchical attention networks for information extraction from cancer pathology reports

Journal Article · Thu Nov 16 00:00:00 EST 2017 · Journal of the American Medical Informatics Association · OSTI ID:1525466

Gao, Shang; Young, Michael T.; Qiu, John X.; +5 more

On the Effectiveness of Recurrent Neural Networks for Live Modeling of Cyber-Physical Systems

Conference · Fri Nov 01 00:00:00 EDT 2019 · OSTI ID:1525466

Yoginath, Srikanth; Tansakul, Varisara; Chinthavali, Supriya; +4 more

Classifying Cancer Pathology Reports with Hierarchical Self-Attention Networks

Journal Article · Tue Oct 15 00:00:00 EDT 2019 · Artificial Intelligence in Medicine · OSTI ID:1525466

Gao, Shang; Qiu, John X.; Alawad, Mohammed; +10 more

Related Subjects

Anomaly detection
Attention
Recurrent Neural Networks
Interpretable Machine Learning
Online Training
System Log Analysis

Title: Recurrent Neural Network Attention Mechanisms for Interpretable System Log Anomaly Detection

Citation Formats

Similar Records

Related Subjects