FSLog: adversarial margin for cross-system few-shot log anomaly detection

Log-based anomaly detection (LAD) is imperative to ensure both the reliability and security of software systems. Although many deep learning approaches have been designed to capture complex and diverse anomaly patterns from log files, they heavily rely on large-scale annotated data. However, collecting sufficient labeled data is impractical when a software system has just been deployed. In this paper, we propose a cross- system few-shot learning log-based anomaly detection approach, namely FSLog, to solve the label scarcity problem, which is the main challenge of recent LAD research. Specifically, we leverage a pre-trained model from source system to enrich feature representations so that data instances from target system can also be effectively represented. Further, we introduce a novel adversarial margin loss to enhance our feature distinguishability while preserving their generalizability. We evaluate the proposed FSLog on three publicly available datasets based on a standard few-shot learning setup protocol. Experimental results demonstrate that our method achieves the best performance in detecting abnormal logs when compared to state-of-the-art methods.