Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Abnormity detection method based on log event graph and association relationship mining

An association relationship and anomaly detection technology, applied in the computer field, can solve the problems of log information instability, ignore log input order, multiple exception overlapping, etc., to enhance robustness and anomaly detection capabilities, reduce log volume, robustness strong effect

Pending Publication Date: 2021-08-31
UNIV OF SCI & TECH OF CHINA
View PDF0 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0018] The technology of the present invention solves the problem: overcomes the deficiencies of the prior art, and provides an anomaly detection method based on log event graph and association relationship mining, which ignores the input sequence of logs and considers the frequency of log events, effectively solving the problem of log sequence Out-of-order, duplication, loss, overlapping of multiple exceptions, etc., and can well deal with the loss of a small amount of logs that retain key log information, and has high robustness to the instability of log information and overlapping of multiple exceptions; at the same time, it can effectively Use log information to accurately identify system anomalies

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Abnormity detection method based on log event graph and association relationship mining
  • Abnormity detection method based on log event graph and association relationship mining
  • Abnormity detection method based on log event graph and association relationship mining

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0050] The present invention will be described in detail below in conjunction with the accompanying drawings and embodiments.

[0051] In software-intensive systems, in order to record the operating status of the computer system, programmers often add output statements in the code to generate system logs. System log is a kind of semi-structured text information, which not only contains natural language written by programmers, but also includes machine language to record various states of the system. For example, for the system log: "Connection from 10.10.34.12closed", its natural language part is: "Connection from*closed", and "10.10.34.12" is the machine language part of the log.

[0052] Such as figure 1 As shown, it is a flow chart of an anomaly detection method based on log event graph and correlation mining provided by the embodiment of the present invention, the method mainly includes:

[0053] Step 1. Collect system logs from the computer system, and delete the machin...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to an abnormity detection method based on a log event graph and association relationship mining. The method comprises the following steps: collecting an original log of a system to obtain log events; segmenting the log events into different groups according to a set time span or a task number, wherein the log events in each group form a log event sequence according to the generated time; according to association relationship mining, mining system log events having association relationships with each abnormity, and removing log events irrelevant to the abnormities in the log event sequence; extracting a semantic vector of each log event as a feature vector of the log event; generating a bidirectional full-connection log event graph according to the log event sequence, updating a feature vector of each node by using a gating graph neural network, performing weighted summation on the updated feature vectors of all the nodes by using an attention network, calculating a global feature vector of the log event graph, finally performing classification detection through a full-connection network, and obtaining the normal or abnormal type of the system.

Description

technical field [0001] The invention relates to the field of computer technology, and relates to an abnormality detection method based on log event graph and association relationship mining. Background technique [0002] Modern computer systems are often complex large-scale distributed software-intensive systems, such as large cloud service systems or centralized data processing and storage systems. These systems can often provide a variety of online services for millions of users at the same time, but once an exception occurs, it may lead to the collapse of system services, resulting in huge economic losses. Therefore, when an exception occurs, a fast and accurate anomaly detection mechanism is essential for system maintenance personnel to quickly discover and resolve the anomaly and restore the system to normal as soon as possible. As an important part of modern systems, logs are semi-structured text information that records system status and various events during operati...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F16/18G06F16/2458G06F11/30G06N3/04
CPCG06F16/1815G06F16/2465G06F11/3006G06N3/045
Inventor 陈双武李江明杨坚杨锋徐正欢吴枫
Owner UNIV OF SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com