一种基于多特征的日志事件异常检测方法研究

计算机工程与科学 ›› 2024, Vol. 46 ›› Issue (9): 1587-1597.

• 计算机网络与信息安全 • 上一篇下一篇

一种基于多特征的日志事件异常检测方法研究

余佳妮，胡朝霞，蒋从锋

（杭州电子科技大学计算机学院，浙江杭州 310018）

收稿日期:2024-01-24 修回日期:2024-03-27 出版日期:2024-09-25 发布日期:2024-09-19
基金资助:
国家自然科学基金(61972118)

Multi-feature-based log event anomaly detectionYU Jia-ni,HU Zhao-xia,JIANG Cong-feng

(School of Computer Science,Hangzhou Dianzi University,Hangzhou 310018,China)

As computer systems grow in scale, complexity, and user demands for higher quality of service, the importance of logging systems has increased significantly. Logs are records of data or events generated during the operation of computer systems, and abnormal data in log entries often indicate performance fluctuations, anomalies, or failures within the system. Existing research on log anomaly detection mostly relies on a single feature, leading to issues such as inefficiency, incompleteness, and high misjudgment rates. This paper proposes a multi-feature-based approach for detecting anomalies in log events. Firstly, we define the multi-dimensional features of logs, including sequential, quantitative, semantic, and temporal features. Secondly, we utilize BERT combined with TF-IDF to obtain semantic feature vectors and integrate these features to form the input for our model. Finally, we establish a Bi-LSTM anomaly detection model based on an attention mechanism. Experiments show that the proposed anomaly detection model achieves a certain improvement in accuracy, providing a valuable reference for assisting in the discovery of log anomalies.

Received:2024-01-24 Revised:2024-03-27 Online:2024-09-25 Published:2024-09-19

摘要/Abstract

摘要： 随着计算机系统规模增大、系统复杂性增加和用户服务质量要求提高，日志系统的重要性日益提高。日志用于记录计算机系统运行过程中产生的数据或事件，日志记录中的异常数据往往表明系统存在性能波动、异常或故障。针对现有的日志异常检测研究多采用单一特征进行异常检测，存在低效、不完备和误判率高等问题，提出基于多特征的日志事件异常检测方法。首先，定义了日志的多元特征，包括序列、定量、语义和时间特征。其次，采用BERT结合TF-IDF获取语义特征向量，并通过特征融合获取模型的输入特征。最后，建立基于注意力机制的Bi-LSTM异常检测模型。实验表明该异常检测模型在精确度上有一定提升，对于辅助发现日志异常具有一定参考作用。

关键词: 异常检测, 日志事件, 多元特征, 注意力机制

Abstract: anomaly detection;log event;multi-features;attention mechanism

余佳妮, 胡朝霞, 蒋从锋. 一种基于多特征的日志事件异常检测方法研究[J]. 计算机工程与科学, 2024, 46(9): 1587-1597.

(School of Computer Science, Hangzhou Dianzi University, Hangzhou , China). Multi-feature-based log event anomaly detectionYU Jia-ni,HU Zhao-xia,JIANG Cong-feng[J]. Computer Engineering & Science, 2024, 46(9): 1587-1597.

[1]	张凤1, 邵玉斌1, 杜庆治1, 龙华1, 马迪南2. 基于双通道图卷积网络的多模态方面级情感分析[J]. 计算机工程与科学, 2025, 47(7): 1321-1330.
[2]	林毅1, 2, 3, 宋慧慧1, 2, 3. 用于全色锐化的金字塔特征解耦提取融合网络[J]. 计算机工程与科学, 2025, 47(7): 1262-1273.
[3]	陈俊彦1, 李欣梅1, 朱昌洪2, 肖微3. 基于多视图图注意力机制的软件定义光传输网络路由优化算法[J]. 计算机工程与科学, 2025, 47(7): 1193-1204.

一种基于多特征的日志事件异常检测方法研究

Multi-feature-based log event anomaly detectionYU Jia-ni,HU Zhao-xia,JIANG Cong-feng

PDF

可视化

摘要/Abstract

引用本文

使用本文

相关文章 3

编辑推荐

Metrics

本文评价