CoLog: Unified Framework for Log Anomaly Detection

This paper introduces CoLog, a novel framework for log anomaly detection in operating systems. It addresses the limitations of existing unimodal and multimodal methods by utilizing collaborative transformers and multi-head impressed attention to effectively handle interactions between different log data modalities. The framework's ability to adapt representations from various modalities through a modality adaptation layer is a key innovation, leading to improved anomaly detection capabilities, especially for both point and collective anomalies. The high performance metrics (99%+ precision, recall, and F1 score) across multiple benchmark datasets highlight the practical significance of CoLog for cybersecurity and system monitoring.

• •CoLog is a unified framework for detecting point and collective anomalies in OS logs.
• •It uses collaborative transformers and multi-head impressed attention to handle interactions between log modalities.
• •A modality adaptation layer is incorporated to adapt representations from different log modalities.
• •CoLog achieves state-of-the-art performance on benchmark datasets.
• •The implementation of CoLog is available at https://github.com/NasirzadehMoh/CoLog.