Abnormality detecting method and device

An anomaly detection and abnormal sample technology, applied in the field of anomaly detection, can solve the problems of parameter sensitivity and linear inseparability, and achieve the effect of improving detection performance, reducing labeling cost, and reducing the amount of labeling data

Active Publication Date: 2017-10-24
BEIJING QIYI CENTURY SCI & TECH CO LTD
View PDF6 Cites 49 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Due to the lack of prior knowledge such as labeled data, these methods often face problems such as parameter sensitivity and linear inseparability.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Abnormality detecting method and device
  • Abnormality detecting method and device
  • Abnormality detecting method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0056] An anomaly detection method provided by an embodiment of the present invention is introduced in detail.

[0057] refer to figure 1 , shows a flowchart of steps of an abnormality detection method in an embodiment of the present invention.

[0058] Step 110, acquiring target log data to be detected.

[0059] Simply put, the core of log data is log messages or logs. Log messages are things generated by computer systems, equipment, software, etc. in response to certain stimuli. The exact stimulus depends largely on the source of the log message. For example, the Unix operating system will record user login and logout messages, the firewall will record the ACL (Access Control List, Access Control List) passed and rejected messages, and the disk storage system will fail when a failure occurs or some systems think that it will fail. log information is generated.

[0060] Log data is the intrinsic meaning of a log message. In other words, log data is the information in a ...

Embodiment 2

[0079] An anomaly detection method provided by an embodiment of the present invention is introduced in detail.

[0080] refer to figure 2 , shows a flowchart of steps of an abnormality detection method in an embodiment of the present invention.

[0081] Step 210, acquiring target log data to be detected.

[0082] Step 220, train the classification model by using a plurality of access sample data whose categories have been determined.

[0083] In this application, before using the classification model to obtain the first probability that the target log data belongs to the abnormal classification, the classification model needs to be trained. Specifically, the classification model can be trained by utilizing multiple access sample data whose classifications have been determined.

[0084] For example, a plurality of access sample data whose categories have been determined can be used as the input of the classification model, and the classification results of the corresponding...

Embodiment 3

[0097] An anomaly detection method provided by an embodiment of the present invention is introduced in detail.

[0098] refer to image 3 , shows a flowchart of steps of an abnormality detection method in an embodiment of the present invention.

[0099] Step 310, acquiring target log data to be detected.

[0100] Step 320, constructing a training sample set and a test sample set by using multiple access sample data with known classification results; wherein the classification results of each accessed sample data are determined by preset classification rules.

[0101] In this application, in order to train the classification model, a plurality of access sample data with known classification results can be used to construct a training sample set and a test sample set. The training sample set can be used to train the classification model, and the test sample set can be used to test the performance of the trained classification model. The access sample data contained in the tra...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an abnormality detecting method and device and relates to the technical field of abnormality detection. The method comprises acquiring target log data to be detected; acquiring a first probability that the target log data belong to the category of abnormality through preset categorization models which are acquired by training a plurality of access sample data with categories determined; determining whether the first probability is higher than a preset threshold value; if so, determining abnormality of the target log data. Therefore, the abnormality detecting method solves the technical problem such as large data labelling volume, high labelling costs, sensitive parameters and linear inseparability in existing abnormality detecting methods and has the advantages of reducing data labelling volume and labelling costs and improving detecting performance.

Description

technical field [0001] The invention relates to the technical field of anomaly detection, in particular to an anomaly detection method and device. Background technique [0002] With the development of the big data era, more and more service applications are running in distributed systems, and the scale of machine clusters for deploying distributed systems is also increasing. In the field of information security, a very important issue is how to find abnormal behaviors in massive log data. Moreover, in a complex distributed system, when the performance of the program is abnormal, how to quickly and effectively detect and diagnose the abnormality, and then help developers optimize the program, has become an important issue in the field of distributed systems. At present, most computer systems (including distributed systems) use log output to help users detect and diagnose system anomalies. Logs are usually unstructured text information, which mainly records the status and ev...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F17/30G06F11/30
CPCG06F11/3006G06F16/1734G06F16/1815G06F2216/03
Inventor 宗志远
Owner BEIJING QIYI CENTURY SCI & TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap