Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Log sequence anomaly detection framework based on nLSTM (Non-Log Sequence Transfer Module)-self attention

An anomaly detection and logging technology, applied in the field of network security, can solve problems such as insufficient performance characteristics and insufficient processing capabilities, and achieve long-term dependence and significant effects

Pending Publication Date: 2020-05-29
中国人民解放军陆军炮兵防空兵学院郑州校区
View PDF3 Cites 35 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

One-hot encoding input is used. In the abnormal detection part, a training and detection architecture based on 2-layer stacked LSTM (2LSTM is used below to represent 2-layer stacked LSTM) is used. Although it is better than machine learning methods in terms of accuracy on some data sets A great improvement has been achieved, but this architecture does not have a good effect on all data sets due to the lack of one-hot performance characteristics and the insufficient processing capacity of LSTM itself for longer sequences.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Log sequence anomaly detection framework based on nLSTM (Non-Log Sequence Transfer Module)-self attention
  • Log sequence anomaly detection framework based on nLSTM (Non-Log Sequence Transfer Module)-self attention
  • Log sequence anomaly detection framework based on nLSTM (Non-Log Sequence Transfer Module)-self attention

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] In order to make the purpose, content, and advantages of the present invention clearer, the specific implementation manners of the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments.

[0038] figure 1 Shown is a schematic diagram of the log sequence anomaly detection framework based on nLSTM-self attention, such as figure 1 As shown, the log sequence anomaly detection framework includes: a training phase and a detection phase. Wherein, the training phase includes: assuming that a log file contains k log templates E={e 1 ,e 2 L e k}, the input of the training phase is a sequence of log templates, a log sequence l of length h t-h ,... l t-2 , l t-1 The log template contained in l i ∈E, t-h≤i≤t-1, and the number of log templates in a sequence|l t-h ,... l t-2 , l t-1 |=m≤h. In order to facilitate data processing, firstly, each log template corresponds to a template number, and a log template ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a log sequence anomaly detection framework based on nLSTM-self attention, and the framework comprises a training model and an anomaly detection model. The training model comprises: assuming that one log file contains k log templates E = {e1, e2L ek}, wherein the input of the training model is a sequence of the log template, the log sequence lt-h,...lt-2, lt-1 with the length of h comprises a log template li belongs to E, t-h < = i < = t-1, and the log template number | lt-h,...lt-2, lt-1 | in one sequence is equal to m < = h; enabling each log template to correspond toone template number, generating a log template dictionary, generating an input sequence from a normal log template sequence, and feeding the input sequence and target data into an anomaly detection model for training. The detection stage comprises the following steps: the data input method is the same as the training stage, anomaly detection is carried out by using the model generated in the training stage, the model output is a probability vector P = (p1, p2L pk), pi represents the probability that the target log template is ei, if the actual target data is within the prediction value, it isjudged that the log sequence is normal, otherwise it is judged that the log sequence is abnormal.

Description

technical field [0001] The invention relates to network security technology, in particular to a log sequence anomaly detection framework based on nLSTM-self attention. Background technique [0002] The network environment is becoming more and more complex, and attacks against network applications and systems are constantly emerging, often using a combination of multiple attack methods, which makes the existing anomaly detection methods no longer applicable to new types of attacks. Once the attack is successful or the network application itself is abnormal, it will bring immeasurable losses to the owner and users of the application. The earlier attacks and bugs are discovered, the less damage will be caused. [0003] Networks, systems, and applications all generate logs during operation to record operating status and important events. Therefore, logs contain extremely rich dynamic information, and log analysis is crucial for maintaining various tasks. These tasks range from...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F11/30G06N3/04G06N3/08
CPCG06F11/3072G06N3/084G06N3/045
Inventor 钱叶魁杨瑞朋雒朝峰黄浩李宇翀宋彬杰杜江
Owner 中国人民解放军陆军炮兵防空兵学院郑州校区
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com