KRONE Framework Introduces Hierarchical Log Anomaly Detection Using LLM-Augmented Abstraction
The newly developed KRONE framework for hierarchical anomaly detection tackles the challenges associated with recognizing system failures and security threats within log data. Conventional techniques often overlook nested execution structures, leading advanced methods to overlook genuine dependencies and to identify false correlations. KRONE reconstructs execution hierarchies from flat logs, enabling modular and multi-tiered anomaly detection. The KRONE Log Abstraction Model identifies application-specific semantic hierarchies, breaking down log sequences into KRONE Seqs. This approach refocuses detection efforts on modular KRONE Seq-level tasks. Each test KRONE Seq utilizes a hybrid detection strategy. This framework, elaborated in arXiv:2602.07303v3, seeks to enhance accuracy by recovering essential structural information vital for detecting system failures and security vulnerabilities.
Key facts
- KRONE is a hierarchical anomaly detection framework for log data
- It automatically derives execution hierarchies from flat logs
- The KRONE Log Abstraction Model extracts application-specific semantic hierarchies
- Log sequences are decomposed into coherent execution units called KRONE Seqs
- Sequence-level detection becomes modular KRONE Seq-level detection tasks
- A hybrid modular detection strategy routes between methods for each test KRONE Seq
- Traditional methods lose nested component execution structure when storing logs as flat sequences
- State-of-the-art methods often miss true dependencies while learning spurious correlations
Entities
—