模式识别在海量日志分析中的应用研究

Research and application of pattern recognition in massive log analysis

银行对于系统日志、应用日志的分析需求日趋繁复,但目前对日志的分析大多基于简单关键字告警以及信息分类统计。为从银行海量日志信息中挖掘出更多有价值的信息,例如潜在安全风险、交易分布情况等,通过将模式识别的概念引入到日志分析方法中,对关键信息设定模式长度和模式次数等属性,从日志中挖掘通常难以发现的信息。在日志管理平台上实现了日志模式识别分析策略,从而及时发现安全隐患,进一步提升信息系统安全管理的能力。

The demand of analyzing system log and application log is becoming much more complex in banks recently. The commonest methods of log analysis are key words alarming and information statistic. To find more valuable information from mass logs, for example, information of security risk, trade distributions and so on, pattern recognition is brought into log analysis, which sets attributes about pattern length and pattern frequency for key information, to mine indiscoverable information from logs. The analytic strategy of pattern recognition is realized in the log analysis platform, so that the hidden danger can be found in time,and the security management capability of the information system is further enhanced.