摘要
针对基于日志聚类的异常检测方法(LogCluster)处理的日志类型单一的问题,提出一种改进的基于LogCluster的日志异常检测方法,SW-LogCluster。通过使用滑动窗口(sliding window)的方式将日志划分为日志序列,将划分后的日志序列向量化来进行特征提取,使其既能检测带标记符的日志,也能检测不带标记符的日志,扩展原始方法的应用范围。实验结果表明,SW-LogCluster方法能对所有类型的非结构化日志进行检测,有效扩展了LogCluster方法的适用性。
Regarding the problem that the log type resolved using the log clustering-based anomaly detection(LogCluster)is too simple,an improved LogCluster-based log anomaly detection method,SW-LogCluster,was proposed.Logs were divided into log sequences using a sliding window,and the divided log sequences were vectorized for feature extraction,so that both the labled log and the non-labled log were detected,which extended the scope of application of the original method.Experimental results show that the SW-LogCluster method can detect all types of unstructured logs,which effectively extends the applicability of the LogCluster method.
作者
冯士龙
台宪青
马治杰
FENG Shi-long;TAI Xian-qing;MA Zhi-jie(Research and Development Center of Data and Service,Research and Development Center for Internet of Things,Chinese Academy of Sciences,Wuxi 214135,China;School of Microelectronics,University of Chinese Academy of Sciences,Beijing 101407,China;Laboratory of Geospatial Information Systems,Institute of Electronics,Chinese Academy of Sciences,Suzhou 215121,China)
出处
《计算机工程与设计》
北大核心
2020年第4期1087-1092,共6页
Computer Engineering and Design
基金
中国科学院战略性先导科技专项(A类)基金项目(XDA 19080201)。
关键词
异常检测
滑动窗口
日志序列划分
日志聚类
日志向量化
anomaly detection
sliding window
log sequence division
log clustering
log vectorization
