摘要
系统日志反映了系统运行状态,记录着系统中特定事件的活动信息,快速准确地检测出系统异常日志,对维护系统安全稳定具有重要意义。提出了一种基于GRU神经网络的日志异常检测算法,基于log key技术实现日志解析,利用执行路径的异常检测模型和参数值的异常检测模型实现日志异常检测,具有参数少、训练快的优点,在取得较高检测精度的同时提升了运行速度,适用于大型信息系统的日志分析。
The system log reflects the running status of the system and records the activity information of specific events in the system.Therefore,the rapid and accurate detection of the system abnormal log is important to the security and stability of the system.A log anomaly detection algorithm based on GRU neural network is proposed.Log parsing is implemented based on log key technology.Log anomaly detection is realized by using anomaly detection model of execution path and anomaly detection model of parameter value.The system has the advantages of less parameters and faster training.It improves the running speed while achieving higher detection accuracy,and is suitable for log analysis of large information systems.
作者
王易东
刘培顺
王彬
WANG Yidong;LIU Peishun;WANG bin(College of Information Science and Engineering,Ocean University of China,Qingdao 266100,China;School of Continuing Education,Ocean University of China,Qingdao 226100,China)
出处
《网络与信息安全学报》
2019年第5期105-118,共14页
Chinese Journal of Network and Information Security
基金
国家重点研发计划基金资助项目(No.2016YFF0806200)~~
