US20250291700
2025-09-18
Physics
G06F11/3476
A system is designed to improve anomaly detection in log messages by utilizing code-derived message patterns. It involves training models that can identify potential issues by analyzing historical data and the source code responsible for generating these logs. This approach aims to enhance the accuracy of identifying unusual activity within log data.
The process begins with a system manager who trains two primary models: a pattern matching model and an anomaly detection model. These models are developed using historical log messages, feedback on these logs, and the specific parts of the source code that produce the log messages. This comprehensive training helps in understanding typical and atypical system behaviors.
Code-derived message patterns are extracted from the message-generating portions of the source code. These patterns help categorize different types of log messages, providing a structured framework to assess new incoming messages. By understanding the expected structure and content of log messages, the system can better identify deviations.
When a new log message is received, a log processor determines if it corresponds to any pre-existing code-derived message patterns. The processor then matches the message to one of these patterns, which helps in evaluating whether the message represents a normal or anomalous behavior. This matching process is crucial for accurate anomaly detection.
Based on the matched code-derived message pattern, the system decides whether to trigger an anomaly notification. This decision is influenced by how closely the new message aligns with known patterns of normal operation versus those indicative of potential issues. This targeted approach aims to minimize false positives and improve response times to genuine anomalies.