摘要
时序不变式反映了事件间的时序逻辑关系,被广泛应用于异常检测、系统行为理解、模型推理等技术.在实际使用中,一般通过分析软件系统的日志数据挖掘时序不变式.相比全序日志,偏序日志可为挖掘算法提供更为准确的数据来源.但是,现有的基于偏序日志的时序不变式挖掘方法存在效率较低等问题.为此,以系统执行路径为数据来源,提出了一种基于集合运算的时序不变式挖掘方法SOTIMiner,并研究了改进方案.相比现有方法,该方法不需要反向遍历日志数据,从而具有较高效率.实验显示.该方法在保证挖掘相同结果的基础上,效率平均是Synoptic挖掘工具的3.23倍.
The temporal invariants reflect the temporal logic relationship between events and have been widely used in anomaly detection,system behavior understanding,model reasoning,and other techniques.Generally,mining temporal invariants through analyzing the log data of software system is in actual use.Compared with totally ordered log,partially ordered log can provide a more accurate data source for mining algorithm.However,the existing temporal invariants mining methods based on partially ordered log have some problems such as its low efficiency.For this reason,this study uses the system execution path as the data source and proposes a temporal invariants mining method SOTIMiner based on set operations and studies an improved scheme.Compared with existing methods,it does not need to traverse the log data in reverse and for the reason that it has a higher efficiency.Experiments show that the method’s average efficiency is 3.23 times of the Synoptic mining tool on the basis of guaranteeing the same result.
作者
孙德权
周竞文
周海芳
SUN De-Quan;ZHOU Jing-Wen;ZHOU Hai-Fang(College of Computer Science and Technology,National University of Defense Technology,Changsha 410073,China;Laboratory of Software Engineering for Complex Systems(National University of Defense Technology),Changsha 410073,China)
出处
《软件学报》
EI
CSCD
北大核心
2022年第2期455-472,共18页
Journal of Software
基金
国家自然科学基金(61702530,61690203)
国家重点研发计划(2018YFB0204301,2017YFB1001802)。
