基于改进时间卷积网络的日志序列异常检测

doi:10.19678/j.issn.1000-3428.0055553

计算机工程 ›› 2020, Vol. 46 ›› Issue (8): 50-57. doi: 10.19678/j.issn.1000-3428.0055553

基于改进时间卷积网络的日志序列异常检测

杨瑞朋^1,2, 屈丹¹, 朱少卫², 钱叶魁², 唐永旺¹

1. 中国人民解放军战略支援部队信息工程大学信息系统工程学院, 郑州 450002;
2. 中国人民解放军陆军炮兵防空兵学院(郑州校区), 郑州 450002

收稿日期:2019-07-22 修回日期:2019-08-27 发布日期:2019-09-03
作者简介:杨瑞朋(1985-),女,博士研究生,主研方向为智能信息处理、网络安全;屈丹,教授、博士、博士生导师;朱少卫,副教授、硕士;钱叶魁,副教授、博士;唐永旺,讲师、硕士。
基金资助:
国家自然科学基金面上项目（61673395）。

Anomaly Detection for Log Sequence Based on Improved Temporal Convolutional Network

YANG Ruipeng^1,2, QU Dan¹, ZHU Shaowei², QIAN Yekui², TANG Yongwang¹

1. School of Information System Engineering, PLA Strategic Support Force Information Engineering University, Zhengzhou 450002, China;
2. PLA Army Academy of Artillery and Air Defense(Zhengzhou Campus), Zhengzhou 450002, China

Received:2019-07-22 Revised:2019-08-27 Published:2019-09-03

摘要/Abstract

摘要： 基于循环神经网络的日志序列异常检测模型对短序列有较好的检测能力，但对长序列的检测准确性较差。为此，提出一种基于时间卷积网络的通用日志序列异常检测框架。将日志模板序列建模为自然语言序列，把基于神经网络训练的词嵌入作为模型的输入，以表示目标词在当前日志序列中的语义规则，并通过降维提高整个框架的运算效率。此外，提出用带参数的ReLU替换ReLU，用自适应平均池化层替换全连接层，将日志序列的异常检测问题建模成自然语言序列生成问题。实验结果表明，该检测框架的总体准确率高于TCN+Linear、TCN+AAP等方法。

关键词: 异常检测, 日志, 时间卷积网络, 激活函数, 自适应平均池化

Abstract: Existing anomaly detection models for log sequence based on recurrent neural network perform well for shorter sequences,but underperform for long sequences.To address the problem,this paper proposes a general anomaly detection framework for log sequences based on temporal convolutional networks.By modeling the log template sequence as a natural language sequence and using word embedding based on neural network training as the input of the model,the semantic rules of the target words in the current log sequence can be represented,and the computing efficiency of the whole framework can be improved by dimension reduction.In addition,which uses ReLU with parameters to replaces ReLU and uses adaptive average pooling layer to replace fully connected layer.The anomaly detection problem of log sequence is modeled as the natural language sequence generation problem.Experimental results show that the overall accuracy of the detection framework is higher than that of TCN+Linear,TCN+AAP and other methods.

Key words: anomaly detection, log, Temporal Convolutional Network(TCN), activation function, adaptive average pooling

中图分类号:

TP183

杨瑞朋, 屈丹, 朱少卫, 钱叶魁, 唐永旺. 基于改进时间卷积网络的日志序列异常检测[J]. 计算机工程, 2020, 46(8): 50-57.

YANG Ruipeng, QU Dan, ZHU Shaowei, QIAN Yekui, TANG Yongwang. Anomaly Detection for Log Sequence Based on Improved Temporal Convolutional Network[J]. Computer Engineering, 2020, 46(8): 50-57.

http://www.ecice06.com/CN/Y2020/V46/I8/50

图/表 10

20200819134618

20200819134622

20200819134625

20200819134629

20200819134632

20200819134635

20200819134639

20200819134642

20200819134645

20200819134648

参考文献

[1] GAO Yun,ZHOU Wei,HAN Jizhong,et al.An online log anomaly detection method based on grammar compression[J].Chinese Journal of Computers,2014,37(1):73-86.(in Chinese)高赟,周薇,韩冀中,等.一种基于文法压缩的日志异常检测算法[J].计算机学报,2014,37(1):73-86.
[2] JIA Tong,YANG Lin,CHEN Pengfei,et al.LogSed:anomaly diagnosis through mining time-weighted control flow graph in logs[C]//Proceedings of the 10th IEEE International Conference on Cloud Computing.Washington D.C.,USA:IEEE Press,2017:447-455.
[3] SCHINDLER T.Anomaly detection in log data using graph databases and machine learning to defend advanced persistent threats[EB/OL].[2019-06-20].http://arxiv.org/pdf/1802.00259.
[4] BROWN A,TUR A,HUTCHINSON B,et al.Recurrent neural network attention mechanisms for interpretable system log anomaly detection[C]//Proceedings of the 1st Workshop on Machine Learning for Computing Systems.New York,USA:ACM Press,2018:1-8.
[5] LECUN Y,BENGIO Y,HINTON G.Deep learning[J].Nature,2015,521(7553):436-444.
[6] FU Yu,LI Hongcheng,WU Xiaoping,et al.Detecting APT attacks:a survey from the perspective of big data analysis[J].Journal on Communications,2015,36(11):1-14.(in Chinese)付钰,李洪成,吴晓平,等.基于大数据分析的APT攻击检测研究综述[J].通信学报,2015,36(11):1-14.
[7] JIANG W,HU C,PASUPATHY S,et al.Understanding customer problem troubleshooting from storage system logs[C]//Proceedings of IEEE Conference on File and Storage Technologies.Washington D.C.,USA:IEEE Press,2009:43-56
[8] OLINER A,STEARLEY J.What supercomputers say:a study of five system logs[C]//Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.Washington D.C.,USA:IEEE Press,2007:575-584.
[9] LIU Zhaoli,QIN Tao,GUAN Xiaohong,et al.An integrated method for anomaly detection from massive system logs[J].IEEE Access,2018,6:30602-30611.
[10] BAO Liang,LI Qian,LU Peiyao,et al.Execution anomaly detection in large-scale systems through console log analysis[J].Journal of Systems and Software,2018,143:172-186.
[11] ZHANG K,XU J,MIN M R,et al.Automated IT system failure prediction:a deep learning approach[C]//Proceedings of IEEE International Conference on Big Data.Washington D.C.,USA:IEEE Press,2016:1291-1300.
[12] DU Min,LI Feifei,ZHENG Guineng,et al.Deeplog:anomaly detection and diagnosis from system logs through deep learning[C]//Proceedings of 2017 ACM SIGSAC Conference on Computer and Communications Security.New York,USA:ACM Press,2017:1285-1298.
[13] BAI S,KOLTER J Z,KOLTUN V.An empirical evaluation of generic convolutional and recurrent networks for sequence modeling[EB/OL].[2019-06-20].https://arxiv.org/abs/1803.01271v1.
[14] OORD A,DIELEMAN S,ZEN H,et al.Wavenet:a generative model for raw audio[EB/OL].[2019-06-20].https://arxiv.org/abs/1609.03499v1.
[15] YU F,KOLTUN V.Multi-scale context aggregation by dilated convolutions[EB/OL].[2019-06-20].https://arxiv.org/abs/1511.071222015.
[16] HE Kaiming,ZHANG Xiangyu,REN Shaoqing,et al.Deep residual learning for image recognition[C]//Proceedings of IEEE Conference on Computer Vision and Pattern Recognition.Washington D.C.,USA:IEEE Press,2016:770-778.
[17] YANG Ruipeng,QU Dan,QIAN Yekui,et al.An online log template extraction method based on hierarchical clustering[J].EURASIP Journal on Wireless Communica-tions and Networking,2019(1):135-146.
[18] NAIR V,HINTON G E.Rectified linear units improve restricted boltzmann machines[C]//Proceedings of the 27th IEEE International Conference on Machine Learning.Washington D.C.,USA:IEEE Press,2010:807-814.
[19] HE Kaiming,ZHANG Xiangyu,REN Shaoqing.Delving deep into rectifiers:surpassing human-level performance on image net classification[C]//Proceedings of IEEE International Conference on Computer Vision.Washington D.C.,USA:IEEE Press,2015:1026-1034.
[20] MAAS A L,HANNUN A Y,NG A Y.Rectifier nonlinearities improve neural network acoustic models[J].Machine Learning,2013,30(1):3-8.
[21] LIN Min,CHEN Qiang,YAN Shuicheng.Network in network[EB/OL].[2019-06-20].https://arxiv.org/abs/1312.4400.
[22] OLINER A,STEAREY J.What supercomputers say:a study of five system logs[C]//Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.Washington D.C.,USA:IEEE Press,2007:575-584.
[23] VASWANI A,SHAZEER N,PARMAR N,et al.Attention is all you need[EB/OL].[2019-06-20].https://researchgate.net/publication/.

选择文件类型/文献管理软件名称

选择包含的内容

基于改进时间卷积网络的日志序列异常检测

Anomaly Detection for Log Sequence Based on Improved Temporal Convolutional Network

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献

相关文章 15

编辑推荐

Metrics

本文评价

[1]	陈仲磊, 伊鹏, 陈祥, 胡涛. 基于集成学习的系统调用实时异常检测框架[J]. 计算机工程, 2023, 49(6): 162-169,179.
[2]	王爱玲, 马文臻, 邹自明, 钟佳. 基于领域自适应的卫星工程参数异常检测[J]. 计算机工程, 2023, 49(5): 29-37,47.
[3]	张子宣, 宗学军, 何戡, 连莲. 基于CVAE-CatBoost的工业控制网络异常流量检测研究[J]. 计算机工程, 2023, 49(5): 173-180.
[4]	李培育, 张雅丽. 基于改进SRGAN模型的人脸图像超分辨率重建[J]. 计算机工程, 2023, 49(4): 199-205.
[5]	王禹博, 陈利锋, 许卫霞. 结合多解码器与两阶段通道选择的异常检测方法[J]. 计算机工程, 2023, 49(3): 37-48.
[6]	刘杭, 殷歆, 陈杰, 罗恒. 基于混合网络模型的多维时间序列预测[J]. 计算机工程, 2023, 49(1): 121-129.
[7]	董卫宇, 李海涛, 王瑞敏, 任化娟, 孙雪凯. 基于堆叠卷积注意力的网络流量异常检测模型[J]. 计算机工程, 2022, 48(9): 12-19.
[8]	孙嘉, 张建辉, 卜佑军, 陈博, 胡楠, 王方玉. 基于CNN-BiLSTM模型的日志异常检测方法[J]. 计算机工程, 2022, 48(7): 151-158,167.
[9]	生龙, 袁丽娜, 武南南, 姬少培. 基于GSA与DE优化混合核ELM的网络异常检测模型[J]. 计算机工程, 2022, 48(6): 146-153.
[10]	张伟成, 卫红权, 刘树新, 王庚润. 面向5G MEC基于行为的用户异常检测方案[J]. 计算机工程, 2022, 48(5): 27-34.
[11]	李贝贝, 彭力, 戴菲菲. 结合马氏距离与自编码器的网络流量异常检测方法[J]. 计算机工程, 2022, 48(4): 133-142.
[12]	秦鹏, 唐川明, 刘云峰, 张建林, 徐智勇. 基于改进YOLOv3的红外目标检测方法[J]. 计算机工程, 2022, 48(3): 211-219.
[13]	崔景洋, 陈振国, 田立勤, 张光华. 基于机器学习的用户与实体行为分析技术综述[J]. 计算机工程, 2022, 48(2): 10-24.
[14]	建澜涛, 任秀江, 张祯, 石嵩, 黄益明, 张春林. E级高性能计算机的维护故障诊断系统研究[J]. 计算机工程, 2022, 48(12): 24-37.
[15]	张攀, 高丰, 周逸, 饶涵宇, 毛冬, 李静. 一种在线实时微服务调用链异常检测方法[J]. 计算机工程, 2022, 48(11): 161-169.

模态框（Modal）标题

选择文件类型/文献管理软件名称

选择包含的内容

基于改进时间卷积网络的日志序列异常检测

Anomaly Detection for Log Sequence Based on Improved Temporal Convolutional Network

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献

相关文章 15

编辑推荐

Metrics

本文评价