Anomaly Detection in Operating System Logs with Deep Learning-Based Sentiment Analysis

The purpose of sentiment analysis is to detect an opinion or polarity in text data. We can apply such an analysis to detect negative sentiment, which represents the anomalous activities in operating system (OS) logs. Existing methods involve manual searching, predefined rules, or traditional machine learning techniques to detect such suspicious events. In this article, we propose a novel deep learning-based sentiment analysis technique to check whether there are anomalous activities in OS logs. Log messages are modeled as sentences and we identify the sentiments using the gated recurrent unit (GRU) networks. OS log datasets inherently have a class imbalance in the sense that the number of negative sentiment is much lower than that of the number of positive ones. In order to address the class imbalance, we build a GRU layer on top of a class imbalance solver using the Tomek link method. Experimental results demonstrate that the proposed method can detect anomalous events in OS logs with an overall F1 and accuracy of 99.84 and 99.93 percent, respectively.

Automated summary

This article introduces a deep learning-based sentiment analysis technique to detect anomalous activities in OS logs. By utilizing GRU networks and the Tomek link method, the class imbalance issue is successfully addressed, resulting in high accuracy and F1 scores.