International Business Machines Corporation
Hybrid machine learning to detect anomalies

Abstract:

Mechanisms are provided to implement a hybrid machine learning (ML) anomaly detector comprising an ensemble of unsupervised ML models and a semi-supervised ML model. The ensemble of unsupervised ML models are executed on log data to generate, for each entry in the log data, a predicted anomaly score and corresponding anomaly classification label of the entry. A partially labeled dataset is generated based on a selected subset of entries and other unlabeled log data in the log data. A similarity analysis of the unlabeled log data with entries in the selected subset of entries is performed and anomaly classification labels of the selected subset of entries are propagated to the other unlabeled log data based on the similarity analysis.