Search papers, labs, and topics across Lattice.
The paper introduces LogMILP, a weakly supervised framework for log anomaly localization that uses only bag-level labels to achieve both bag-level anomaly detection and instance-level anomaly localization. LogMILP employs prototype-guided structural modeling with counterfactual perturbation consistency regularization to identify critical log entries. Experiments on three public datasets show that LogMILP achieves competitive detection performance and more reliable instance-level localization compared to existing methods.
Pinpointing anomalous log entries is now possible with only coarse-grained labels, thanks to a new method that uses counterfactual perturbations to improve localization reliability.
Log anomaly detection is a critical task for system operations and security assurance. However, in networked systems at scale, log data are generated at massive scale while instance-level annotations are prohibitively expensive, posing great difficulties to fine-grained anomaly localization. To address this challenge, we propose LogMILP (Log anomaly localization based on Multi-Instance Learning enhanced by prototypes and Perturbation), a weakly supervised framework that enables both bag-level anomaly detection and instance-level anomaly localization using only bag-level labels. Our method guides the model to pinpoint the critical log entries using prototype-guided structural modeling with counterfactual perturbation consistency regularization, thereby improving localization reliability and interpretability under coarse-grained supervision. Experimental results on three public datasets demonstrate that LogMILP achieves competitive detection performance while yielding significantly more reliable instance-level localization. Our code is open-sourced at https://github.com/YUK1207/LogMILP.
