Severity-oriented Multiclass Drone Flight Logs Anomaly Detection


The availability of log data recorded by computer-based systems such as operating system and network logs, makes it possible for the stakeholder to look after the system for monitoring, evaluation, and improvement purposes. If an incident happens to the system, the log is the first and most important artefact to recover so that investigations may be performed to gather an understanding of why such incidents may have occurred. Log-based anomaly detection is one of the common approaches to uncovering incident scenarios and finding the root cause of such incidents. In the context of drone flight, incidents reported in logs include errors during take-off, flight range issues, and cancellations of actions. Existing studies employ sequence anomaly detection to check whether an event during a drone flight is anomalous. It needs several preceding events and includes deciding if the following event is legitimate or malicious. However, one single log record can have no relationship to other log events and be malicious at the same time. Thus, several studies explored point anomaly detection, where one log record is the only feature needed. Dividing the anomalies into two categories can be overwhelming as the number of logs generated by a system is large. At the same time, it can be helpful to separate critical anomalies from the less severe ones. Therefore, this study proposes DroLoVe, a severity-oriented multiclass anomaly detection approach for drone flight log data. In accordance with the dataset characteristics, where the samples from different severity levels share common features, this paper employs a multitask-based label vector representation to train deep neural network models. After an extensive experiment on several baselines, the proposed scenario outperforms other models from existing studies with promising results. The proposed label’s representation improves the prediction confidence score on various encoder types with 8.6% and 1.8% from focal and cross-entropy scenarios on average, respectively.

IEEE Access