Netinfo Security ›› 2022, Vol. 22 ›› Issue (11): 1-6.doi: 10.3969/j.issn.1671-1122.2022.11.001

Previous Articles     Next Articles

Design of Log-Based Anomaly Detection System Based on Temporal and Logical Relationship

NIU Yinuo1,2, ZHANG Yifei1, GAO Neng1(), MA Cunqing1   

  1. 1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
    2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
  • Received:2022-06-20 Online:2022-11-10 Published:2022-11-16
  • Contact: GAO Neng E-mail:gaoneng@iie.ac.cn.

Abstract:

With the development of computer systems, logs have become an important data source for maintaining stable operation of computer systems. System logs record the status and important event information of key points during system operation, which can help technicians locate system faults and analyze their causes, provide data support for problem solving, and monitor illegal operations and provide help for system recovery, so log anomaly detection is of great significance. However, most of the existing researches only utilize a single feature of logs for anomaly detection. To this end, the paper designed a machine learning-based log anomaly detection system, which implemented a complete process of log collection, log parsing, log feature extraction and log anomaly detection; a machine learning method that incorporates log temporal and logical relationships is proposed to make better use of log features to increase the accuracy of detection results.

Key words: machine learning, system log, anomaly detection

CLC Number: