Log anomaly detection is a key component in the field of artificial intelligence for IT operations (AIOps). Considering log data of variant domains, retraining the whole network for unknown domains is inefficient in real industrial scenarios. However, previous deep models merely focused on extracting the semantics of log sequences in the same domain, leading to poor generalization on multi-domain logs. To alleviate this issue, we propose a unified Transformer-based framework for Log anomaly detection (LogFormer) to improve the generalization ability across different domains, where we establish a two-stage process including the pre-training and adapter-based tuning stage. Specifically, our model is first pre-trained on the source domain to obtain shared semantic knowledge of log data. Then, we transfer such knowledge to the target domain via shared parameters. Besides, the Log-Attention module is proposed to supplement the information ignored by the log-paring. The proposed method is evaluated on three public and one real-world datasets. Experimental results on multiple benchmarks demonstrate the effectiveness of our LogFormer with fewer trainable parameters and lower training costs.

翻译：日志异常检测是人工智能运维（AIOps）领域的关键组成部分。考虑到不同领域的日志数据，在实际工业场景中，针对未知领域重新训练整个网络效率低下。然而，以往的深度模型仅聚焦于提取同领域内日志序列的语义信息，导致在多领域日志上泛化能力差。为解决此问题，我们提出一种基于Transformer的统一日志异常检测框架（LogFormer），通过建立包含预训练和基于适配器微调的两阶段流程，提升跨领域的泛化能力。具体而言，我们的模型首先在源领域进行预训练，以获取日志数据的共享语义知识；随后通过共享参数将这些知识迁移至目标领域。此外，我们提出了日志注意力模块，用于补充日志解析过程中被忽略的信息。该方法在三个公开数据集和一个真实数据集上进行了评估。多个基准实验结果表明，我们的LogFormer在可训练参数更少、训练成本更低的情况下仍表现有效。