An Empirical Study of a PCA-Based Multivariate Framework for Interpretable Log Anomaly Detection

Effective anomaly detection is crucial for increasingly complex system logs, yet current methods often face challenges with labeled data reliance, high computational costs, or limited interpretability. This paper empirically applies an established Multivariate Statistical Network Monitoring (MSNM) framework, which leverages Principal Component Analysis (PCA) with D and Q statistics, to the log anomaly detection domain. We evaluate its performance on three benchmark datasets (HDFS, BGL, Thunderbird), focusing on its semi-supervised nature (requiring only normal operational data), computational efficiency, interpretability via count vector feature contributions, and ease of deployment. Our results demonstrate competitive F1 scores comparable to some supervised and deep learning methods, maintaining low computational overhead without GPU dependency. Furthermore, its strong interpretability is showcased through case studies, identifying specific log event patterns causing anomalies. This study highlights the MSNM framework's potential as a practical, efficient, and interpretable solution for log anomaly detection.