摘要
针对日志信息中数据规模较大不利于异常读数检测的问题,提出基于日志信息的大规模网络异常读数检测方法。引入抽象算法合并不同格式日志信息并提取其中统一的网络事件,获取融合日志信息,去除冗余数据,减轻计算负担;将日志信息降维处理,获取低维度数据用于后续检测;结合网络读数时间关联性和相邻网络读数空间关联性实施分阶段检测,完成大规模网络异常读数检测。实验结果表明,所提方法能够有效地提高检测率和检测准确率、降低误报率,节省检测时间,说明该方法具备较好的检测效果。
Aiming at the problem that the large scale of data in log information is not conducive to abnormal reading detection, a large-scale network abnormal reading detection method based on log information is proposed. Abstract algorithms were introduced to merge log information in different formats and extract unified network events, so as to obtain integrated log information, remove redundant data and reduce the computational burden;The dimensions of log information were reduced to obtain low-dimensional data for subsequent detection;Combined with the temporal correlation of network readings and the spatial correlation of adjacent network readings, phased detection was implemented to complete the detection of large-scale network abnormal readings. The experimental results show that the proposed method can effectively improve the detection rate and detection accuracy, reduce the false alarm rate, and save the detection time, which indicates that the method has a good detection effect.
作者
薛莹
金景峰
XUE Ying;JIN Jing-feng(Shaanxi Police Officer Vocational College,Xi'an Shaanxi 710021,China;Equipment Project Management Center of Army Equipment Department,Beijing 100072,China)
出处
《计算机仿真》
北大核心
2022年第10期420-424,共5页
Computer Simulation
关键词
日志信息
异常读数
信息融合
信息降维
时空关联性
Log information
Abnormal readings
Information fusion
Information dimensionality reduction
Spatiotemporal correlation
