ICeTEA: Mixture of Detectors for Metric-Log Anomaly Detection

Publication Date: 8/4/2025

Event: The 11th Mining and Learning from Time Series Workshop: From Classical Methods to LLMs (KDD MILETS Workshop 2025)

Reference: pp. 1-6, 2025

Authors: Junxiang Wang, NEC Laboratories America, Inc.; Xu Zheng, NEC Laboratories America, Inc., Florida International University; Zhengzhang Chen, NEC Laboratories America, Inc.; Masanao Natsumeda, NEC Corporation; Jun Nishioka, NEC Corporation; Dongsheng Luo, Florida International University; Haifeng Chen, NEC Laboratories America, Inc.

Abstract: Anomaly detection is essential for identifying unusual system behaviors and has wide-ranging applications, from fraud detection to system monitoring. In web servers, anomalies are typically detected using two types of data: metrics (numerical indicators of performance) and logs (records of system events). While correlations between metrics and logs in real-world scenarios highlight the need for joint analysis, which is termed the “metric-log anomaly detection” problem, it has not been fully explored yet due to inherent differences between metrics and logs. In this paper, we propose ICeTEA, a novel system for metric-log anomaly detection that integrates three detectors: a metric-log detector based on a multimodal Variational Autoencoder (VAE), and two individual metric and log detectors. By leveraging the ensemble technique to combine outputs of these detectors, ICeTEA enhances the effectiveness and robustness of metric-log anomaly detection. Case studies demonstrate two key functionalities of ICeTEA: data visualization and rankings of contributions to anomaly scores. Experiments demonstrate that our proposed ICeTEA accurately detects true anomalies while significantly reducing false positives.

Publication Link: https://kdd-milets.github.io/milets2025/papers/MILETS_2025_paper_2.pdf