摘要
随着计算和网络技术的进步,计算机应用系统的规模和复杂性不断增加,系统日志数据的数量和类型也随之迅速增加。因此,识别日志是否异常成为保障复杂系统安全的重大挑战。然而,现有的基于规则或机器学习的日志异常检测方法存在局限性,如忽略日志变量、日志语义特征提取不足及在检测新类型日志时性能不佳。为了解决上述问题,本文提出了一种新型的基于深度学习的日志异常检测模型——基于变量融合和稀疏注意力的模版驱动异常检测方法。该模型融合了日志数据中的模板和变量信息,并通过引入稀疏注意力机制,在处理长序列日志时表现出了优异的性能,可以有效地捕获并表征序列的整体特征。不仅能理解日志变量的语义,还能有效检测日志序列中的异常行为。实验结果表明,该模型在3个开源数据集上展示了较高的性能。
With the advance of computing and network technologies,the scale and complexity of computer application systems have been continuously increasing,leading to a rapid growth in the volume and variety of system log data.Consequently,identifying log anomalies has become a significant challenge in ensuring the security of complex systems.However,existing rule-based or machine learning-based log anomaly detection methods have limitations,such as ignoring log variables,insufficient extraction of log semantic features,and poor performance in detecting new types of logs.To address these issues,this paper proposes a novel deep learning-based log anomaly detection model—template-driven log anomaly detection with variable integration and sparse attention.The model integrates template and variable information from log data and introduces a sparse attention mechanism,demonstrating excellent performance in handling long sequences of logs.It effectively captures and represents the overall characteristics of sequences.Not only can the model understand the semantics of log variables,but it can also effectively detect anomalous behaviors in log sequences.Experimental results show that the model exhibits high performance on three open-source datasets.
作者
苏岩
史方旭
禹可
吴晓非
SU Yan;SHI Fangxu;YU Ke;WU Xiaofei(Beijing University of Posts and Telecommunications,Beijing 100876,China)
出处
《智能安全》
2024年第3期12-20,共9页
Artificial Intelligence Security
基金
国家自然科学基金资助项目(042700118)。
