Multi-node web service anomaly detection method and system

A web service and anomaly detection technology, applied in the field of information security, can solve problems such as system defects that cannot detect intrusion attacks

Active Publication Date: 2016-04-06
CHINA SOUTHERN POWER GRID DIGITAL GRID RES INST CO LTD +1
View PDF3 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The main limitation of these methods is that they only detect suspicious behaviors in the system based on known intrusion sequences and system defect patterns, but cannot detect new intrusion attack behaviors and unknown and potential system defects.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-node web service anomaly detection method and system
  • Multi-node web service anomaly detection method and system
  • Multi-node web service anomaly detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] A multi-node web service anomaly detection system, comprising: a metadata collection module, a metadata index module, a web service anomaly detection module and a web service anomaly location module, wherein:

[0045] A. The metadata acquisition module reads the syslog protocol or log text, and obtains the log metadata of the web server of each node in the entire network;

[0046] B. Metadata indexing module: format heterogeneous logs of different types of web servers, unify the data format, and use ElasticSearch technology to index metadata;

[0047] C. Web service anomaly detection module: periodically calculate the error log ratio of each web server node, the same web service is often completed by multiple web server nodes, calculate the average error log ratio of the web service, and build a baseline data model for this ratio , when the current error log ratio of the web service deviates greatly from the error log ratio baseline model of the web service, it is deter...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention aims to provide a multi-node web service anomaly detection system. The system comprises a metadata acquisition module, a metadata index module, a web service anomaly detection module and a web service anomaly positioning module, wherein the metadata acquisition module acquires web server log metadata of each node of a full network; the metadata index module formats heterogeneous logs of different web servers; the web service anomaly detection module periodically calculates an error log ratio of each web server node; and the web service anomaly positioning module retrieves all log metadata of anomalous web services at a fault time point through web metadata indexes. According to the system, the performance of a web service system is subjected to real-time analysis and correlation analysis by innovatively adopting a web log metadata technology, based on a data perspective and by adopting a big data full-text retrieval technology, so that the web service system can be comprehensively controlled.

Description

technical field [0001] The invention relates to the field of information security, in particular to the abnormal detection of large-scale enterprise web services. Background technique [0002] In today's IT environment, various businesses of enterprises have been more and more closely integrated with the Internet, and the application information system composed of servers, databases, middleware, etc. The requirements are becoming higher and higher, and it is becoming more and more difficult to troubleshoot various emergencies. The growth and acquisition of corporate profits directly depend on whether the business can run effectively, and the running quality of the application is directly related to the service level that users can provide. It is an urgent need to improve user services for performance monitoring and management on those key applications, as well as timely and effective analysis and processing of performance problems. [0003] After a business system is put i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F17/30
CPCG06F16/148G06F16/164G06F16/1815
Inventor 吕华辉梁志宏关泽武欧阳可萃胡岸波张延佳
Owner CHINA SOUTHERN POWER GRID DIGITAL GRID RES INST CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap