摘要
随着计算机系统的发展,日志已经成为维护计算机系统稳定运行的重要数据来源。系统日志记录了系统运行时的状态和关键点的重要事件信息,可以帮助技术人员定位系统故障并分析其原因,为解决问题提供了数据支持,还可以监控非法操作并为恢复系统提供帮助,因此日志异常检测具有重要意义。但现有研究大多只利用了日志的单一特征进行异常检测,为此,文章设计了一个基于机器学习的日志异常检测系统,实现了日志收集、日志解析、日志特征提取和日志异常检测的完整流程;提出了融合日志时序关系和逻辑关系的机器学习方法,可以更好地利用日志特征,以增加检测结果的准确性。
With the development of computer systems,logs have become an important data source for maintaining stable operation of computer systems.System logs record the status and important event information of key points during system operation,which can help technicians locate system faults and analyze their causes,provide data support for problem solving,and monitor illegal operations and provide help for system recovery,so log anomaly detection is of great significance.However,most of the existing researches only utilize a single feature of logs for anomaly detection.To this end,the paper designed a machine learning-based log anomaly detection system,which implemented a complete process of log collection,log parsing,log feature extraction and log anomaly detection;a machine learning method that incorporates log temporal and logical relationships is proposed to make better use of log features to increase the accuracy of detection results.
作者
牛艺诺
张逸飞
高能
马存庆
NIU Yinuo;ZHANG Yifei;GAO Neng;MA Cunqing(State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China)
出处
《信息网络安全》
CSCD
北大核心
2022年第11期1-6,共6页
Netinfo Security
基金
国家自然科学基金(61902398)。
关键词
机器学习
系统日志
异常检测
machine learning
system log
anomaly detection