信息网络安全 ›› 2020, Vol. 20 ›› Issue (9): 1-5.doi: 10.3969/j.issn.1671-1122.2020.09.001

• 优秀论文 • 上一篇    下一篇

基于改进时间序列模型的日志异常检测方法

陆佳丽()   

  1. 北京天融信科技股份有限公司,北京 100085
  • 收稿日期:2020-07-16 出版日期:2020-09-10 发布日期:2020-10-15
  • 通讯作者: 陆佳丽 E-mail:lu_jiali@topsec.com.cn
  • 作者简介:陆佳丽(1995—),女,河北,硕士,主要研究方向为网络安全

Log Anomaly Detection Method Based on Improved Time Series Model

LU Jiali()   

  1. Beijing Topsec Science & Technology Inc., Beijing 100085, China
  • Received:2020-07-16 Online:2020-09-10 Published:2020-10-15
  • Contact: Jiali LU E-mail:lu_jiali@topsec.com.cn

摘要:

安全日志分析在网络安全领域具有不可替代的重要作用。针对安全日志的特点,文章提出一种多模型组合的时间序列异常检测算法。该方法结合时间序列的特点,利用傅立叶级数剔除复杂季节分量,利用趋势外推法剔除趋势分量,再利用ESD检验对随机残差分量进行异常检测。实验结果表明,该算法具有良好的检测准确性。

关键词: 安全日志, 时间序列, 异常检测

Abstract:

Security log analysis plays an irreplaceable role in the field of network security. Aiming at the characteristics of security log, this paper proposes a multi-model combination time series anomaly detection algorithm. It combines the characteristics of time series, uses Fourier series to remove complex seasonal components, uses trend extrapolation to remove trend components, and then uses ESD testing to perform anomaly detection on random residual components. The experimental results show that the time series anomaly detection algorithm proposed in this paper has good detection accuracy.

Key words: security log, time series, anomaly detection

中图分类号: