Browsing by Author "Astekin, M."

Filter results by typing the first few letters
Now showing 1 - 4 of 4
  • Placeholder
    ArticlePublicationMetadata only
    DILAF: A framework for distributed analysis of large-scale system logs for anomaly detection
    (Wiley, 2019-02) Astekin, M.; Zengin, H.; Sözer, Hasan; Computer Science; SÖZER, Hasan
    System logs constitute a rich source of information for detection and prediction of anomalies. However, they can include a huge volume of data, which is usually unstructured or semistructured. We introduce DILAF, a framework for distributed analysis of large-scale system logs for anomaly detection. DILAF is comprised of several processes to facilitate log parsing, feature extraction, and machine learning activities. It has two distinguishing features with respect to the existing tools. First, it does not require the availability of source code of the analyzed system. Second, it is designed to perform all the processes in a distributed manner to support scalable analysis in the context of large-scale distributed systems. We discuss the software architecture of DILAF and we introduce an implementation of it. We conducted controlled experiments based on two datasets to evaluate the effectiveness of the framework. In particular, we evaluated the performance and scalability attributes under various degrees of parallelism. Results showed that DILAF can maintain the same accuracy levels while achieving more than 30% performance improvement on average as the system scales, compared to baseline approaches that do not employ fully distributed processing.
  • Placeholder
    Conference paperPublicationMetadata only
    Evaluation of distributed machine learning algorithms for anomaly detection from large-scale system logs: a case study
    (IEEE, 2018) Astekin, M.; Zengin, H.; Sözer, Hasan; Computer Science; SÖZER, Hasan
    Anomaly detection is a valuable feature for detecting and diagnosing faults in large-scale, distributed systems. These systems usually provide tens of millions of lines of logs that can be exploited for this purpose. However, centralized implementations of traditional machine learning algorithms fall short to analyze this data in a scalable manner. One way to address this challenge is to employ distributed systems to analyze the immense amount of logs generated by other distributed systems. We conducted a case study to evaluate two unsupervised machine learning algorithms for this purpose on a benchmark dataset. In particular, we evaluated distributed implementations of PCA and K-means algorithms. We compared the accuracy and performance of these algorithms both with respect to each other and with respect to their centralized implementations. Results showed that the distributed versions can achieve the same accuracy and provide a performance improvement by orders of magnitude when compared to their centralized versions. The performance of PCA turns out to be better than K-means, although we observed that the difference between the two tends to decrease as the degree of parallelism increases.
  • Placeholder
    Conference paperPublicationMetadata only
    Incremental analysis of large-scale system logs for anomaly detection
    (IEEE, 2019) Astekin, M.; Özcan, S.; Sözer, Hasan; Computer Science; SÖZER, Hasan
    Anomalies during system execution can be detected by automated analysis of logs generated by the system. However, large scale systems can generate tens of millions of lines of logs within days. Centralized implementations of traditional machine learning algorithms are not scalable for such data. Therefore, we recently introduced a distributed log analysis framework for anomaly detection. In this paper, we introduce an extension of this framework, which can detect anomalies earlier via incremental analysis instead of the existing offline analysis approach. In the extended version, we periodically process the log data that is accumulated so far. We conducted controlled experiments based on a benchmark dataset to evaluate the effectiveness of this approach. We repeated our experiments with various periods that determine the frequency of analysis as well as the size of the data processed each time. Results showed that our online analysis can improve anomaly detection time significantly while keeping the accuracy level same as that is obtained with the offline approach. The only exceptional case, where the accuracy is compromised, rarely occurs when the analysis is triggered before all the log data associated with a particular session of events are collected.
  • Placeholder
    Conference paperPublicationMetadata only
    Utilizing clone detection for domain analysis of simulation systems
    (IEEE, 2012) Astekin, M.; Sözer, Hasan; Computer Science; SÖZER, Hasan
    This paper presents a case study on utilizing a clone detection technique for deriving commonalities among four different industrial simulation software systems. We have examined cloning both within each system and across the four systems. We have showed that several commonalities can be identified with the help of clone detection. The analysis results can support domain analysis, identification of reusable components and the design of a reference architecture.