{"id":"https://openalex.org/W3121951581","doi":"https://doi.org/10.1109/tifs.2021.3053371","title":"Log-Based Anomaly Detection With Robust Feature Extraction and Online Learning","display_name":"Log-Based Anomaly Detection With Robust Feature Extraction and Online Learning","publication_year":2021,"publication_date":"2021-01-01","ids":{"openalex":"https://openalex.org/W3121951581","doi":"https://doi.org/10.1109/tifs.2021.3053371","mag":"3121951581"},"language":"en","primary_location":{"is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2021.3053371","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false},"type":"article","type_crossref":"journal-article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5000944856","display_name":"Shangbin Han","orcid":"https://orcid.org/0000-0002-1976-7856"},"institutions":[{"id":"https://openalex.org/I82880672","display_name":"Beihang University","ror":"https://ror.org/00wk2mp56","country_code":"CN","type":"education","lineage":["https://openalex.org/I82880672"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shangbin Han","raw_affiliation_strings":["School of Cyber Science and Technology, Beihang University, Beijing, China","State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, Beihang University, Beijing, China","institution_ids":["https://openalex.org/I82880672"]},{"raw_affiliation_string":"State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022955566","display_name":"Qianhong Wu","orcid":"https://orcid.org/0000-0002-6407-4194"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I82880672","display_name":"Beihang University","ror":"https://ror.org/00wk2mp56","country_code":"CN","type":"education","lineage":["https://openalex.org/I82880672"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qianhong Wu","raw_affiliation_strings":["School of Cyber Science and Technology, Beihang University, Beijing, China","State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Science and Technology, Beihang University, Beijing, China","institution_ids":["https://openalex.org/I82880672"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100399382","display_name":"Han Zhang","orcid":"https://orcid.org/0000-0003-4429-9959"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]},{"id":"https://openalex.org/I82880672","display_name":"Beihang University","ror":"https://ror.org/00wk2mp56","country_code":"CN","type":"education","lineage":["https://openalex.org/I82880672"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Han Zhang","raw_affiliation_strings":["INSC&BNRist, Tsinghua University, Beijing, China","School of Cyber Science and Technology, Beihang University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"INSC&BNRist, Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]},{"raw_affiliation_string":"School of Cyber Science and Technology, Beihang University, Beijing, China","institution_ids":["https://openalex.org/I82880672"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5111808632","display_name":"Bo Qin","orcid":"https://orcid.org/0000-0001-6015-7788"},"institutions":[{"id":"https://openalex.org/I78988378","display_name":"Renmin University of China","ror":"https://ror.org/041pakw92","country_code":"CN","type":"education","lineage":["https://openalex.org/I78988378"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Bo Qin","raw_affiliation_strings":["School of Information, Renmin University of China, Beijing, China"],"affiliations":[{"raw_affiliation_string":"School of Information, Renmin University of China, Beijing, China","institution_ids":["https://openalex.org/I78988378"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075234257","display_name":"Jiankun Hu","orcid":"https://orcid.org/0000-0003-0230-1432"},"institutions":[{"id":"https://openalex.org/I31746571","display_name":"UNSW Sydney","ror":"https://ror.org/03r8z3t63","country_code":"AU","type":"education","lineage":["https://openalex.org/I31746571"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Jiankun Hu","raw_affiliation_strings":["School of Engineering and Information Technology, University of New South Wales, Canberra, NSW, Australia"],"affiliations":[{"raw_affiliation_string":"School of Engineering and Information Technology, University of New South Wales, Canberra, NSW, Australia","institution_ids":["https://openalex.org/I31746571"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047888843","display_name":"Xingang Shi","orcid":"https://orcid.org/0000-0001-6487-9526"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xingang Shi","raw_affiliation_strings":["INSC&BNRist, Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"INSC&BNRist, Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100358867","display_name":"Linfeng Liu","orcid":"https://orcid.org/0000-0002-0824-6203"},"institutions":[{"id":"https://openalex.org/I41198531","display_name":"Nanjing University of Posts and Telecommunications","ror":"https://ror.org/043bpky34","country_code":"CN","type":"education","lineage":["https://openalex.org/I41198531"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Linfeng Liu","raw_affiliation_strings":["Jiangsu Key Laboratory of Big Data Security and Intelligent Processing, Nanjing University of Posts and Telecommunications, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"Jiangsu Key Laboratory of Big Data Security and Intelligent Processing, Nanjing University of Posts and Telecommunications, Nanjing, China","institution_ids":["https://openalex.org/I41198531"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100446843","display_name":"Xia Yin","orcid":"https://orcid.org/0000-0001-9784-8742"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xia Yin","raw_affiliation_strings":["DCST, Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"DCST, Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]}],"institution_assertions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":5.693,"has_fulltext":false,"cited_by_count":40,"citation_normalized_percentile":{"value":0.999939,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":98},"biblio":{"volume":"16","issue":null,"first_page":"2300","last_page":"2311"},"is_retracted":false,"is_paratext":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Log Analysis and System Performance Diagnosis","score":0.9999,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Log Analysis and System Performance Diagnosis","score":0.9999,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Intrusion Detection and Defense Mechanisms","score":0.9971,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection in High-Dimensional Data","score":0.9968,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/outlier-detection","display_name":"Outlier Detection","score":0.591292},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly Detection","score":0.575441},{"id":"https://openalex.org/keywords/botnet-detection","display_name":"Botnet Detection","score":0.530343},{"id":"https://openalex.org/keywords/log-analysis","display_name":"Log Analysis","score":0.520426},{"id":"https://openalex.org/keywords/novelty-detection","display_name":"Novelty Detection","score":0.505027},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.4384266},{"id":"https://openalex.org/keywords/anomaly","display_name":"Anomaly (physics)","score":0.43405503}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.80814517},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.77151585},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.6332373},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5222483},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.50475466},{"id":"https://openalex.org/C99498987","wikidata":"https://www.wikidata.org/wiki/Q2210247","display_name":"Noise (video)","level":3,"score":0.49127787},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4832164},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.4384266},{"id":"https://openalex.org/C12997251","wikidata":"https://www.wikidata.org/wiki/Q567560","display_name":"Anomaly (physics)","level":2,"score":0.43405503},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.40364307},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.35289687},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.0},{"id":"https://openalex.org/C26873012","wikidata":"https://www.wikidata.org/wiki/Q214781","display_name":"Condensed matter physics","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2021.3053371","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.63}],"grants":[{"funder":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China","award_id":"61932011"},{"funder":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China","award_id":"61972019"},{"funder":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China","award_id":"61672083"},{"funder":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China","award_id":"62002009"},{"funder":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China","award_id":"61532021"},{"funder":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China","award_id":"91646203"},{"funder":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China","award_id":"61772538"}],"datasets":[],"versions":[],"referenced_works_count":48,"referenced_works":["https://openalex.org/W1184354083","https://openalex.org/W1540258466","https://openalex.org/W1563576199","https://openalex.org/W1850731992","https://openalex.org/W1976478782","https://openalex.org/W2039157918","https://openalex.org/W2054137409","https://openalex.org/W2072412055","https://openalex.org/W2107263349","https://openalex.org/W2170890990","https://openalex.org/W2401686019","https://openalex.org/W2508465325","https://openalex.org/W2513180554","https://openalex.org/W2536393303","https://openalex.org/W2583874385","https://openalex.org/W2735085484","https://openalex.org/W2742298024","https://openalex.org/W2744561214","https://openalex.org/W2754665629","https://openalex.org/W2767094836","https://openalex.org/W2792207129","https://openalex.org/W2794433597","https://openalex.org/W2794671739","https://openalex.org/W2806521373","https://openalex.org/W2813318576","https://openalex.org/W2883560233","https://openalex.org/W2890112720","https://openalex.org/W2891833507","https://openalex.org/W2895482461","https://openalex.org/W2899083685","https://openalex.org/W2908621704","https://openalex.org/W2913446593","https://openalex.org/W2921900206","https://openalex.org/W2947815220","https://openalex.org/W2947820052","https://openalex.org/W2953215929","https://openalex.org/W2963999143","https://openalex.org/W2965838158","https://openalex.org/W2971315908","https://openalex.org/W2980979367","https://openalex.org/W2994619583","https://openalex.org/W2997976278","https://openalex.org/W3000096704","https://openalex.org/W3049160591","https://openalex.org/W3089662691","https://openalex.org/W3127712067","https://openalex.org/W3145644127","https://openalex.org/W4205841652"],"related_works":["https://openalex.org/W4377864969","https://openalex.org/W4300558037","https://openalex.org/W4290647774","https://openalex.org/W3210364259","https://openalex.org/W3207797160","https://openalex.org/W3189286258","https://openalex.org/W3030345572","https://openalex.org/W2912112202","https://openalex.org/W2806741695","https://openalex.org/W2667207928"],"abstract_inverted_index":{"Cloud":[0],"technology":[1],"has":[2],"brought":[3],"great":[4],"convenience":[5],"to":[6,22,91,103,142,170],"enterprises":[7],"as":[8,10,32,34,114,144],"well":[9],"customers.":[11],"System":[12],"logs":[13,31],"record":[14],"notable":[15],"events":[16],"and":[17,24,64,97,130,137,176],"are":[18,62],"becoming":[19],"valuable":[20],"resources":[21],"track":[23],"investigate":[25],"system":[26],"status.":[27],"Detecting":[28],"anomaly":[29,119,156],"from":[30],"fast":[33],"possible":[35],"can":[36,178],"improve":[37,179],"the":[38,93,115,124,132,138,150,172,180],"quality":[39],"of":[40,95,117,126,152,174],"service":[41],"significantly.":[42],"Although":[43],"many":[44],"machine":[45],"learning":[46],"algorithms":[47,158],"(e.g.,":[48],"SVM,":[49],"Logistic":[50],"Regression)":[51],"have":[52,66],"high":[53,67],"detection":[54,120,157,181],"accuracy,":[55],"we":[56,76],"find":[57],"that":[58,166],"they":[59],"assume":[60],"data":[61],"clean":[63],"might":[65],"training":[68],"time.":[69],"Facing":[70],"these":[71],"challenges,":[72],"in":[73,128],"this":[74],"paper,":[75],"propose":[77,108],"Robust":[78,87],"Online":[79,98,109],"Evolving":[80,99,110],"Anomaly":[81,100],"Detection":[82,101],"(ROEAD)":[83],"framework":[84],"which":[85],"adopts":[86],"Feature":[88],"Extractor":[89],"(RFE)":[90],"remove":[92,171],"effects":[94,173],"noise":[96,175],"(OEAD)":[102],"dynamic":[104],"update":[105],"parameters.":[106],"We":[107,122,148],"SVM":[111],"(OES)":[112],"algorithm":[113],"example":[116],"online":[118],"methods.":[121],"analyze":[123],"performance":[125,133,151],"OES":[127,136,177],"theory":[129],"prove":[131],"difference":[134],"between":[135],"best":[139],"hypothesis":[140],"tends":[141],"zero":[143],"time":[145],"goes":[146],"infinity.":[147],"compare":[149],"ROEAD":[153,167],"against":[154],"state-of-the-art":[155],"using":[159],"public":[160],"log":[161],"datasets.":[162],"The":[163],"results":[164],"demonstrate":[165],"is":[168],"able":[169],"accuracy":[182],"by":[183],"more":[184],"than":[185],"40%.":[186]},"cited_by_api_url":"https://api.openalex.org/works?filter=cites:W3121951581","counts_by_year":[{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":15},{"year":2022,"cited_by_count":13},{"year":2021,"cited_by_count":3}],"updated_date":"2024-11-21T23:06:34.601266","created_date":"2021-02-01"}