{"id":"https://openalex.org/W7117759509","doi":"https://doi.org/10.48550/arxiv.2512.23380","title":"A unified framework for detecting point and collective anomalies in operating system logs via collaborative transformers","display_name":"A unified framework for detecting point and collective anomalies in operating system logs via collaborative transformers","publication_year":2025,"publication_date":"2025-12-29","ids":{"openalex":"https://openalex.org/W7117759509","doi":"https://doi.org/10.48550/arxiv.2512.23380"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2512.23380","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.23380","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2512.23380","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5121420728","display_name":"Mohammad Nasirzadeh","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Nasirzadeh, Mohammad","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5010007196","display_name":"Jafar Tahmoresnezhad","orcid":"https://orcid.org/0000-0002-4893-1272"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Tahmoresnezhad, Jafar","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5099637637","display_name":"Parviz Rashidi-Khazaee","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Rashidi-Khazaee, Parviz","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9879999756813049,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9879999756813049,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.003000000026077032,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.0010999999940395355,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.8120999932289124},{"id":"https://openalex.org/keywords/anomaly","display_name":"Anomaly (physics)","score":0.5673999786376953},{"id":"https://openalex.org/keywords/precision-and-recall","display_name":"Precision and recall","score":0.5273000001907349},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.5055999755859375},{"id":"https://openalex.org/keywords/point","display_name":"Point (geometry)","score":0.4341999888420105},{"id":"https://openalex.org/keywords/modalities","display_name":"Modalities","score":0.36000001430511475},{"id":"https://openalex.org/keywords/transformer","display_name":"Transformer","score":0.3443000018596649}],"concepts":[{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.8120999932289124},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6746000051498413},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.589900016784668},{"id":"https://openalex.org/C12997251","wikidata":"https://www.wikidata.org/wiki/Q567560","display_name":"Anomaly (physics)","level":2,"score":0.5673999786376953},{"id":"https://openalex.org/C81669768","wikidata":"https://www.wikidata.org/wiki/Q2359161","display_name":"Precision and recall","level":2,"score":0.5273000001907349},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.5055999755859375},{"id":"https://openalex.org/C28719098","wikidata":"https://www.wikidata.org/wiki/Q44946","display_name":"Point (geometry)","level":2,"score":0.4341999888420105},{"id":"https://openalex.org/C2779903281","wikidata":"https://www.wikidata.org/wiki/Q6888026","display_name":"Modalities","level":2,"score":0.36000001430511475},{"id":"https://openalex.org/C66322947","wikidata":"https://www.wikidata.org/wiki/Q11658","display_name":"Transformer","level":3,"score":0.3443000018596649},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.32269999384880066},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.3160000145435333},{"id":"https://openalex.org/C2780009758","wikidata":"https://www.wikidata.org/wiki/Q6804172","display_name":"Measure (data warehouse)","level":2,"score":0.2946999967098236},{"id":"https://openalex.org/C160920958","wikidata":"https://www.wikidata.org/wiki/Q7662746","display_name":"Synthetic data","level":2,"score":0.28839999437332153},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.2822999954223633},{"id":"https://openalex.org/C2780226545","wikidata":"https://www.wikidata.org/wiki/Q6888030","display_name":"Modality (human\u2013computer interaction)","level":2,"score":0.2800999879837036},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.27059999108314514},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.26669999957084656},{"id":"https://openalex.org/C139807058","wikidata":"https://www.wikidata.org/wiki/Q352374","display_name":"Adaptation (eye)","level":2,"score":0.26440000534057617},{"id":"https://openalex.org/C2780814629","wikidata":"https://www.wikidata.org/wiki/Q327353","display_name":"System administrator","level":2,"score":0.2572000026702881}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2512.23380","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.23380","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2512.23380","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.23380","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Log":[0],"anomaly":[1,66,96,135,180,206,218],"detection":[2,136,184,219],"is":[3,22],"crucial":[4],"for":[5,178,192],"preserving":[6],"the":[7,14,43,55,100,114,131,228,239],"security":[8],"of":[9,16,34,46,160,165,172,186,241],"operating":[10],"systems.":[11],"Depending":[12],"on":[13],"source":[15],"log":[17,30,47,65,118,205,232],"data":[18,233],"collection,":[19],"various":[20,78],"information":[21],"recorded":[23],"in":[24,148,204],"logs":[25,76],"that":[26,73],"can":[27],"be":[28],"considered":[29],"modalities.":[31,59,79,119],"In":[32],"light":[33],"this":[35],"intuition,":[36],"unimodal":[37],"methods":[38,51],"often":[39],"struggle":[40],"by":[41,103],"ignoring":[42],"different":[44,117],"modalities":[45],"data.":[48],"Meanwhile,":[49],"multimodal":[50,61],"fail":[52],"to":[53,64,88,124,214,227],"handle":[54,99],"interactions":[56,90],"between":[57],"these":[58,104],"Applying":[60],"sentiment":[62],"analysis":[63,234],"detection,":[67,207],"we":[68],"propose":[69],"CoLog,":[70],"a":[71,108,157,162,168,201,209,221,225],"framework":[72,223],"collaboratively":[74],"encodes":[75],"utilizing":[77],"CoLog":[80,106,123,155,187,199,242],"utilizes":[81],"collaborative":[82],"transformers":[83],"and":[84,128,152,167,196,211,216,224],"multi-head":[85],"impressed":[86],"attention":[87],"learn":[89,125],"among":[91],"several":[92],"modalities,":[93],"ensuring":[94],"comprehensive":[95,183],"detection.":[97,181],"To":[98],"heterogeneity":[101],"caused":[102],"interactions,":[105],"incorporates":[107],"modality":[109],"adaptation":[110],"layer,":[111],"which":[112],"adapts":[113],"representations":[115],"from":[116],"This":[120],"methodology":[121],"enables":[122],"nuanced":[126],"patterns":[127],"dependencies":[129],"within":[130],"data,":[132],"enhancing":[133],"its":[134],"capabilities.":[137],"Extensive":[138],"experiments":[139],"demonstrate":[140],"CoLog's":[141],"superiority":[142],"over":[143],"existing":[144],"state-of-the-art":[145],"methods.":[146],"Furthermore,":[147],"detecting":[149],"both":[150],"point":[151,215],"collective":[153,217],"anomalies,":[154],"achieves":[156],"mean":[158,163,169],"precision":[159],"99.63%,":[161],"recall":[164],"99.59%,":[166],"F1":[170],"score":[171],"99.61%":[173],"across":[174],"seven":[175],"benchmark":[176],"datasets":[177],"log-based":[179],"The":[182],"capabilities":[185],"make":[188],"it":[189],"highly":[190],"suitable":[191],"cybersecurity,":[193],"system":[194],"monitoring,":[195],"operational":[197],"efficiency.":[198],"represents":[200],"significant":[202],"advancement":[203],"providing":[208],"sophisticated":[210],"effective":[212],"solution":[213,226],"through":[220],"unified":[222],"complex":[229],"challenges":[230],"automatic":[231],"poses.":[235],"We":[236],"also":[237],"provide":[238],"implementation":[240],"at":[243],"https://github.com/NasirzadehMoh/CoLog.":[244]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-12-31T00:00:00"}