摘要
日志信息是信息系统快速发展中产生的重要信息资源,通过日志的分析,可以进行异常检测、故障诊断和性能诊断等。研究基于日志的异常检测技术,首先对主要使用的基于日志的异常检测框架进行介绍,然后对日志解析、日志异常检测等关键技术进行详细介绍。最后对当前技术进行总结,并对未来研究方向给出建议。
Log information has become an important information resource in the rapid development of information systems.Through the analysis of logs,abnormal detection,fault diagnosis and performance diagnosis can be performed.The log-based anomaly detection technology was focused on.Firstly,the currently used log-based anomaly detection framework was introduced,and then the key link technologies such as log analysis and log anomaly detection were focused on.Finally,the current technology was summarized and suggestions for future research directions were given.
作者
张颖君
刘尚奇
杨牧
张海霞
黄克振
ZHANG Yingjun;LIU shangqi;YANG Mu;ZHANG Haixia;HUANG Kezhen(Trusted Computing and Information Assurance Laboratory,Institute of Software,Chinese Academy of Sciences,Beijing 100190,China;Network Security Corps of Beijing Municipal Public Security Bureau,Beijing 100029,China)
出处
《网络与信息安全学报》
2020年第6期1-12,共12页
Chinese Journal of Network and Information Security
基金
公安部科技项目(2018JSYJA08)。
关键词
异常检测
日志分析
机器学习
abnormal detection
log analysis
machine learning
