Meta-Learning Framework Improves Cross-Domain Log Anomaly Detection

Global: Meta-Learning Framework Improves Cross-Domain Log Anomaly Detection

Researchers have introduced a new meta‑learning based framework that enhances log anomaly detection across disparate system environments. The study, posted on arXiv in January 2026, aims to mitigate class imbalance and domain shift that traditionally hinder detection models when applied to new target domains such as HDFS and Linux.

Data Preparation and Labeling Strategy

The approach begins by processing raw logs with the Drain3 parsing algorithm, followed by a dynamic drift‑based labeling technique. This method leverages semantic and fuzzy matching to transfer existing anomaly knowledge from a source domain to a target domain, thereby creating labeled datasets despite the absence of explicit anomaly annotations.

Semantic Embedding and Dimensionality Reduction

After labeling, the pipeline generates BERT‑based semantic embeddings for each log entry. Feature selection is then applied to reduce dimensionality, ensuring that downstream models operate on a concise yet informative representation of the log data.

Meta-Learning Models Employed

To achieve rapid adaptation, the framework trains two meta‑learning architectures: Model‑Agnostic Meta‑Learning (MAML) and Prototypical Networks. Both models are optimized to learn a shared initialization that can be fine‑tuned quickly on new domains with minimal data.

Handling Class Imbalance

The study incorporates the SMOTE oversampling technique to address the pronounced imbalance between normal and anomalous log entries, generating synthetic minority samples that improve classifier sensitivity.

Evaluation Methodology

Performance is assessed using a leave‑one‑out source validation scheme, wherein each domain serves as the target while the remaining domains act as sources. Mean F1 scores are reported for each configuration to quantify detection accuracy.

Key Findings

Empirical results indicate that the meta‑learning driven solution attains the highest mean F1 score among the tested configurations, demonstrating robust effectiveness in cross‑domain log anomaly detection scenarios.

This report is based on information from arXiv, licensed under Academic Preprint / Open Access. Based on the abstract of the research paper. Full text available via ArXiv.