System anomaly detection method and system based on depth log sequence analysis

An anomaly detection and sequence analysis technology, applied in neural learning methods, digital data information retrieval, unstructured text data retrieval, etc. The effect of improving accuracy

Pending Publication Date: 2020-11-13
SHANDONG NORMAL UNIV
View PDF0 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Due to the diversification of logs due to system differences and other reasons, it is a great challenge to detect anomalies in the system; in order to overcome this problem, many researchers have designed different log mining tools according to different systems, and used log mining method to detect anomalies in the system; although methods based on log mining have certain accuracy in detecting system anomalies, these methods are limited to specific scenarios, and a lot of professional knowledge is required in the process of log mining
Therefore, based on traditional data mining methods, they cannot play a better role in anomaly detection.
[0005] The inventors found that in the prior art, the method for anomaly detection of system logs mainly uses two data processes: log parsing and feature extraction. The original log events are converted into time-series log sequences through the log The parameters in the log-like event are constructed as a parameter vector, and the knowledge of natural language processing is used to detect the anomaly of the system by incorporating the attention mechanism into the RNN language model. Although this method has a certain effect on the anomaly detection of the system, However, it cannot effectively solve the problem of anomaly detection between different systems.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System anomaly detection method and system based on depth log sequence analysis
  • System anomaly detection method and system based on depth log sequence analysis
  • System anomaly detection method and system based on depth log sequence analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0034] The purpose of this embodiment is to provide a system anomaly detection method based on deep log sequence analysis.

[0035] Such as figure 1 As shown, in this embodiment, a system anomaly detection method based on deep log sequence analysis is provided, including:

[0036] Obtaining a log event historical data set, parsing the log event, and dividing the log event data set into several log sequences according to the parsed identifiers;

[0037] Using the log sequence as input, the Bi-LSTM-CRF model is trained;

[0038] Use the trained Bi-LSTM-CRF model to perform path anomaly detection on the log sequence to be detected;

[0039] Perform feature extraction on the analyzed log event, extract all parameters from the log event with the same identifier to construct a parameter vector, and use a normal distribution model to fit the parameter vector;

[0040] Perform parameter anomaly detection for log events in the log sequence to be tested through the normal distributio...

Embodiment 2

[0086] The purpose of this embodiment is to provide a system anomaly detection system based on deep log sequence analysis.

[0087] A system anomaly detection system based on deep log sequence analysis, including:

[0088] The data preprocessing module is used to obtain the log event historical data set, analyze each log event, and divide the log event data set into several log sequences according to the identifier obtained by parsing; and characterize the parsed log event Extract, extract all parameters from the log event with the same identifier to construct a parameter vector;

[0089] A model training module, for using the log sequence as input to train the Bi-LSTM-CRF model; and using a normal distribution model to fit the parameter vector;

[0090] The path anomaly detection module is used to utilize the trained Bi-LSTM-CRF model to perform path anomaly detection on the log sequence to be detected;

[0091] A parameter anomaly detection module, configured to perform pa...

Embodiment 3

[0094] The purpose of this embodiment is to provide an electronic device.

[0095] An electronic device, comprising, a memory, a processor, and a computer program stored on the memory, and the processor implements the following steps when executing the program, including:

[0096] Obtaining a log event historical data set, parsing the log event, and dividing the log event data set into several log sequences according to the parsed identifiers;

[0097] Using the log sequence as input, the Bi-LSTM-CRF model is trained;

[0098] Use the trained Bi-LSTM-CRF model to perform path anomaly detection on the log sequence to be detected;

[0099] Perform feature extraction on the analyzed log event, extract all parameters from the log event with the same identifier to construct a parameter vector, and use a normal distribution model to fit the parameter vector;

[0100] Perform parameter anomaly detection for log events in the log sequence to be tested through the normal distribution...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a system anomaly detection method and system based on deep log sequence analysis. The method comprises the following steps: applying a sequence labeling model Bi-LSTM-CRF to logpath anomaly detection; applying normal distribution to log parameter anomaly detection, so that the BiLCN can automatically learn normal log modes including log execution paths and log event parameters, and log events deviating from a normal model can be accurately detected and marked as anomalies. Meanwhile, the system further comprises a log analyzer, a feature extractor and a log path flow model, the log path flow model is constructed through the detected log sequence, abnormal conditions are fed back to the user so that the user can diagnose the system in time, and experiments prove thatthe method has high accuracy and execution efficiency.

Description

technical field [0001] The disclosure belongs to the technical field of large-scale system log anomaly detection, and in particular relates to a system anomaly detection method and system based on deep log sequence analysis. Background technique [0002] The statements in this section merely provide background information related to the present disclosure and do not necessarily constitute prior art. [0003] System anomaly detection is an essential and important task to detect system failures, debug machine performance, and maintain system security. more and more; thus, anomaly detection is also facing more and more challenges. System log files can be extracted from all computer systems, and record the operating status and events of the system at different times. They are important data for fault analysis, performance detection, and system anomaly detection. [0004] Due to the diversification of logs due to system differences and other reasons, it is a great challenge to ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F16/332G06F16/33G06N3/04G06N3/08
CPCG06F16/3329G06F16/3344G06N3/08G06N3/045
Inventor 鲁燃张林栋刘培玉朱振方
Owner SHANDONG NORMAL UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap