Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Log-based Abnormal Behavior Detection Method for Complex Software Systems

A software system and detection method technology, applied in software testing/debugging, error detection/correction, hardware monitoring, etc., can solve problems such as inability to obtain root causes, inability to accurately distinguish abnormal log statements, unfavorable resolution of abnormalities, etc., to achieve Complete anomaly detection and location method, convenient anomaly troubleshooting and modification, clear effect of operation logic relationship

Active Publication Date: 2020-07-28
河钢数字技术股份有限公司
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The disadvantage of this method is that it can determine the abnormal log type and the normal log type, and cannot accurately distinguish the abnormal log statement from the log statement that causes the system to run abnormally, and the clustering method has certain instability
[0006] These methods can only analyze the log statement when an exception occurs in the system, and it is difficult to obtain the log trace that caused the exception. It is impossible to trace according to the exception log statement, and the root cause of the exception cannot be obtained, which is not conducive to solving the exception.
Moreover, clustering algorithms are used in some methods, but the clustering methods have certain instability.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Log-based Abnormal Behavior Detection Method for Complex Software Systems
  • Log-based Abnormal Behavior Detection Method for Complex Software Systems
  • Log-based Abnormal Behavior Detection Method for Complex Software Systems

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0023] With the rapid development of science and technology, the scale of modern software systems has become larger, their functions more complete, and their structures more complex. In this case, once the software system fails, it may lead to a series of chain effects. At present, the abnormal behavior detection of some large-scale software systems mainly relies on manual investigation. This method is not timely, lacks pertinence, low efficiency and incompleteness in locating problems. In the prior art, there are also methods for detecting system abnormal behaviors based on analyzing logs, but these methods can only analyze the log statements when the system is abnormal, and it is difficult to obtain the log traces that lead to the exception, and it is impossible to analyze the abnormal behavior according to the abnormal log statements. Tracking, and clustering algorithms are used in some methods, and the clustering methods have certain instability.

[0024] In view of the a...

Embodiment 2

[0031] The log-based abnormal behavior detection method of a complex software system is the same as in embodiment 1. In step 1, analyze the source code of the software system to obtain the reachability relationship between log print statements, specifically including the following steps:

[0032] 1.1 Define the representation of control flow graph, reachability graph and log template

[0033] Definition 1: Control flow graph with function calls (Control flow graph with function calls): The control flow graph with function call information uses G F =(V F ,E F ) means that:

[0034] V F Represents the set of nodes in the control flow graph {v f1 ,v f2 ,...,v fn}, where each node is a base node, a log node, or a function call node.

[0035] E. F Represents the set of edges connecting vertices in the control flow graph {(v fi ,v fj ),(v fk ,v fl ),...}, each edge consists of a pair of ordered nodes (v fi ,v fj ) indicates that it is a control path or a path from v fi ...

Embodiment 3

[0054] The log-based abnormal behavior detection method of a complex software system is the same as in embodiment 1-2. In step 2, the log statement is parsed, and the log template with the highest matching degree is associated with the log statement, specifically including the following steps:

[0055] 2.1 Define the representation of log messages and logs

[0056] Definition 3: Log Message (Log Message): It is a complete line of information describing the execution events of a specific system in a log file. The log message lm is represented by a five-tuple: lm=(ln,tm,lv,pv,ct) ,in:

[0057] ln indicates the line number of the log message in the log file, which is used to locate the exception.

[0058] tm represents the timestamp of the log message.

[0059] lv indicates the level of the log message, which can be DEBUG, INFO, WARN, ERROR and FATAL.

[0060] pv=(ls, tid) indicates the source information of the log message, where ls is the log template for printing the log st...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a log-based complex software system abnormal behavior detection method. The problems that an existing method can only analyze log sentences when the system is abnormal, and tracking cannot be performed according to abnormal log sentences are solved. The method comprises the steps of collecting a system source code, converting the source code into a control flow diagram adopting a function as a unit, extracting a log template, and obtaining the reachable relation among log printing languages; adopting the operation logic relation among the log sentences for log message analysis; on the basis of structured log messages and the source code control flow diagram, performing log execution track extraction and processing filtering, and achieving relatively accurate and complete abnormal detection and positioning. The log template is obtained by analyzing the source code, an experiment result is more accurate, and the defect of instability of a clustering algorithm is overcome. Log tracks are extracted, on the basis of abnormal sentence tracking, root causes resulting in system abnormity can be obtained conveniently and then the abnormal problem is solved. The method is used for operating and maintaining a distributed complex software system.

Description

technical field [0001] The invention belongs to the field of computer application technology, and mainly relates to system abnormal behavior detection, in particular to a log-based method for detecting abnormal behavior of complex software systems, which can be used for operation and maintenance of distributed systems. Background technique [0002] With the continuous development of distributed systems and cloud computing technology, the log scale becomes larger and larger and cannot be manually detected and unstructured and cannot be automatically analyzed. Some operators usually make temporary manuscripts to query keywords such as "error" and "exception", etc., but this manual detection method has been proven to be incomplete and inaccurate in determining the problem. However, under the circumstances that the existing manual detection methods have been proved to have low accuracy, incomplete anomaly detection, and low processing efficiency, no efficient and mature solution...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F11/34G06F11/30G06F11/36
CPCG06F11/302G06F11/3051G06F11/3476G06F11/3604G06F11/3636
Inventor 鲍亮鲁沛瑶栗殷路杰陈平
Owner 河钢数字技术股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products