A log anomaly detection method and system based on course open set domain adaptation

By employing a log anomaly detection method that incorporates source domain noise self-cleaning, course transfer, and LLM semantic enhancement, we have addressed the issues of noise interference, target domain adaptability, and open set identification in transfer learning, achieving high-precision log detection and proactive defense.

CN122247684APending Publication Date: 2026-06-19UNIV OF ELECTRONICS SCI & TECH OF CHINA +1

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
UNIV OF ELECTRONICS SCI & TECH OF CHINA
Filing Date
2026-03-20
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

Existing log detection methods based on transfer learning suffer from problems such as severe noise interference in the source domain, difficulty in adapting to cold starts in the target domain, and insufficient ability to identify unknown attacks and logical overreach behaviors in open sets.

Method used

By employing source domain noise self-stepping cleaning, a course transfer strategy based on optimal transmission, open set feature compaction, and large language model (LLM) semantic logic enhancement, a log anomaly detection model is constructed to achieve smooth alignment and accurate detection of target domain log features.

Benefits of technology

It significantly improves the accuracy and proactive defense of the log auditing system, effectively identifies and blocks unauthorized access and misleading content, has noise resistance and unknown threat awareness capabilities, and enables continuous iteration of defense capabilities.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure FT_1
    Figure FT_1
  • Figure FT_2
    Figure FT_2
  • Figure SMS_15
    Figure SMS_15
Patent Text Reader

Abstract

This invention belongs to the field of network security and log auditing technology, specifically involving a log anomaly detection method and system based on course open set domain adaptation. Addressing the problems of severe noise interference in source domain annotations, difficulty in cold-start adaptation in the target domain, and insufficient ability to identify unknown attacks and logical overreach behaviors in open sets in existing transfer learning log detection methods, this invention first performs structured parsing and semantic vectorization of source and target domain logs; employs a collaborative teaching strategy to screen high-confidence clean samples from the source domain; combines course learning concepts, and gradually aligns the feature distributions between domains based on optimal transfer theory and the FixMatch semi-supervised learning strategy; introduces an open set loss function into the classifier to effectively distinguish between known and unknown anomaly categories; for samples determined to be unknown or low-confidence, a large language model is invoked for in-depth analysis of contextual logic; finally, real-time blocking of anomaly logs and iterative optimization of the model are achieved.
Need to check novelty before this filing date? Find Prior Art