LogFold: Enhancing Log Anomaly Detection through Sequence Folding and Reconstruction

Modern large-scale systems and networks necessitate automated anomaly detection to support the high availability and quality of services. Since logs are an essential data source that can accurately reflect the state of a system, log anomaly detection has attracted a lot of attention from researchers in both academia and industry. As the technology of artificial intelligence advances, plenty of work has adopted deep learning to detect log anomalies and achieved promising results. Nevertheless, it usually suffers from a lack of labels, excessive log sequence length, and low throughput problems when deploying to real-world systems. To address these challenges, we propose LogFold, an unsupervised Transformer-based log anomaly detection approach. In LogFold, we propose fold embedding, which can compress long log sequences to enhance the efficiency of anomaly detection. And we design a sequence reconstruction technique to enhance the effectiveness of anomaly detection. Our evaluation shows LogFold achieves 90.55% and 99.90% F1-score on HDFS and BGL datasets, respectively, outperforming state-of-the-art methods. Besides, the fold embedding layer achieves compression rates of 36.55% and 64.86% on HDFS and BGL datasets, respectively, which helps to improve the throughput of LogFold.