CN113344133B - Method and system for detecting abnormal fluctuation of time sequence behaviors - Google Patents
Method and system for detecting abnormal fluctuation of time sequence behaviors Download PDFInfo
- Publication number
- CN113344133B CN113344133B CN202110740773.3A CN202110740773A CN113344133B CN 113344133 B CN113344133 B CN 113344133B CN 202110740773 A CN202110740773 A CN 202110740773A CN 113344133 B CN113344133 B CN 113344133B
- Authority
- CN
- China
- Prior art keywords
- variation
- coefficient
- value
- time sequence
- calculating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
Landscapes
- Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Theoretical Computer Science (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Artificial Intelligence (AREA)
- Evolutionary Biology (AREA)
- Evolutionary Computation (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Alarm Systems (AREA)
- Complex Calculations (AREA)
Abstract
A time sequence behavior abnormal fluctuation detection method and a system belong to the technical field of data processing, and solve the problem of how to realize abnormal detection of time sequence behaviors based on business data when various industrial scenes are faced; obtaining a time series group, calculating a variation coefficient, calculating and processing a variation coefficient difference value, calculating a normal behavior numerical value fluctuation interval and judging an abnormal object; objects with different numbers and levels are unified to the same level for consideration, and certain objects with extremely high abnormal degrees in time sequence behaviors are determined, so that false alarm of a safety detection scene is effectively reduced; the data set extracted according to the set period changes along with the time change, so that the behavior data detection result is related to the behavior in the recent time period, does not depend on the early historical data, and eliminates the influence of the historical rule; all the objects are unified to the same dimension for comparison, and the low-frequency abnormal operation objects which cannot be identified by most high-frequency detection methods can be identified.
Description
Technical Field
The invention belongs to the technical field of data processing, and particularly relates to a method and a system for detecting abnormal fluctuation of time sequence behaviors.
Background
Anomaly detection is one of the most mature applications of data analysis, and timing anomaly detection is defined as the process of identifying abnormal events or behaviors from a normal time series. Efficient timing anomaly detection is widely used in many areas of the real world, such as quantitative transactions, network security detection, autonomous vehicles, and routine maintenance of large industrial equipment.
In general, many abnormal objects can be determined manually. However, when the service combination is complex and the time sequence scale is large, the judgment is carried out by means of the traditional manual and simple absolute value algorithms such as the same ratio and the ring ratio, and the like, so that the method is very interesting. Therefore, when various industrial-level scenes are faced, how to realize an anomaly detection method based on the time-series behavior of the business data is particularly important.
The existing time series anomaly detection methods are mainly divided into two types, one is anomaly detection of unsupervised learning by utilizing a statistical or machine learning algorithm, and the other is anomaly detection by utilizing a supervised learning algorithm. The two existing methods have the following defects:
1) The common time series abnormity detection method utilizes a time series algorithm to carry out model training, finds historical rules, predicts a time value, compares the time value with the actual time value and judges the abnormal condition of data. The method depends on the self regularity of the historical data, and has poor detection effect on irregular time sequence data.
2) The common time series abnormity detection method is used for finding the self rule of an object, further comparing the self trend of the object, judging whether the object is abnormal or not, and finding the object with high abnormity degree in group behaviors, wherein the group comparison cannot be carried out.
3) The timing sequence abnormity detection method based on the labeled data needs to use expert experience to perform business analysis in advance so as to train a supervised machine learning model, and therefore the detection effect of the model depends on the accuracy of a label in advance.
In the prior art, a chinese patent application "service data anomaly detection method based on time series classification" with publication date of 2020, 2, 25 days automatically selects parameters or algorithms to perform time series anomaly detection aiming at different types of time series automatic classification and identification, automatically identifies time series types when processing large-scale time series anomaly detection, reduces false alarm and missing alarm of alarm, and effectively saves labor cost; the use method of the technical scheme is a sequence clustering method, the calculation mode is based on distance calculation, the mode is easily influenced by dimensions, and the difference between different types of accounts can influence the calculation of distance similarity. The document ' time series data anomaly detection method based on deep learning ' (Hu Jiaojiao and the like, the Sian rational university) with the publication date of 2018 and the document ' time series anomaly detection algorithm LSTMAD (Gong Jiaheng and the university of Engineers, zhejiang industry and commerce) with the publication date of 2020 and 6 are used for carrying out anomaly sequence detection uniformly in a deep learning-based mode, the algorithm type is supervised learning, manual labeling is needed for the supervised learning, model training is carried out according to labeled data, the model effect depends on label labeling quality, and the resource cost required for deep learning is high for large-batch data.
Disclosure of Invention
The technical problem to be solved by the invention is how to realize abnormal detection of time series behaviors based on business data when various industrial scenes are faced.
The invention solves the technical problems through the following technical scheme:
a time sequence behavior abnormal fluctuation detection method comprises the following steps:
s1, selecting a time node, acquiring system operation log data in a specified period, and counting the operation times of each system account in a preset time interval based on the system operation log data to form a time sequence dimension frequency array list;
s2, based on the time sequence dimension frequency array list, selecting a given dimension value of each object in the time sequence dimension frequency array list to construct a new array list1; calculating the coefficient of variation CV1 of a first given dimensional value and the coefficient of variation CV2 of a second given dimensional value of each object according to the new array list1;
s3, obtaining a variation coefficient difference value delta CV1 based on the variation coefficient CV1 of the first given dimension value and the variation coefficient CV2 of the second given dimension value;
s4, calculating a normal behavior numerical value fluctuation interval by utilizing a quantile criterion based on the variation coefficient difference value delta CV1;
and S5, judging based on the normal behavior numerical value fluctuation interval and by combining with business requirements, and judging that the abnormal behavior numerical value is abnormal when the delta CV1 exceeds the interval upper limit.
Objects with different numbers and levels are considered in a unified way to the same level, and certain objects with extremely high abnormal degrees in time sequence behaviors are determined, so that false alarm of a safety detection scene is effectively reduced; the data set extracted according to the set period changes along with the time change, so that the behavior data detection result is related to the behavior in the recent time period, does not depend on the early historical data, and eliminates the influence of the historical rule; all the objects are unified to the same dimension for comparison, and the low-frequency abnormal operation objects which cannot be identified by most high-frequency detection methods can be identified.
As a further improvement of the technical solution of the present invention, the step S2 of calculating the coefficient of variation CV1 of the first given dimensional value of each object according to the new array list1 specifically includes:
where σ 1 represents the standard deviation of all objects in the new array list1, and μ 1 represents the mean of all objects in the new array list 1.
As a further improvement of the technical solution of the present invention, the step S2 of calculating the coefficient of variation CV2 of the second given dimensional value of each object according to the time sequence dimensional frequency array list specifically includes:
where σ 2 represents the standard deviation of all objects in the time-series dimensional frequency array list, and μ 2 represents the average value of all objects in the time-series dimensional frequency array list.
As a further improvement of the technical solution of the present invention, in step S3, the method for obtaining the difference Δ CV1 of the coefficient of variation based on the coefficient of variation CV1 of the first given dimensional value and the coefficient of variation CV2 of the second given dimensional value comprises: Δ CV1= CV2-CV1.
As a further improvement of the technical solution of the present invention, the method for calculating the normal behavior numerical value fluctuation interval by using the quantile criterion in step S4 comprises: performing ascending arrangement on a group of data, respectively taking a quarter-quartile Q _1, a median and a three-quartile Q _3, and calculating a position separation IQR = Q _3-Q _1; wherein [ Q _1-1.5 iQR, Q _3+1.5 iQR ] is an inner limit interval; and [ Q _1-3 + IQR, Q _3+ 3+ IQR ] is an outer limit interval.
A time series behavior anomaly fluctuation detection system, comprising: the device comprises an acquisition time sequence array module, a variation coefficient calculation module, a variation coefficient difference calculation and processing module, a normal behavior value fluctuation interval calculation module and an abnormal object judgment module;
the acquisition time sequence array module is used for selecting time nodes, acquiring system operation log data in a specified period, and counting the operation times of each system account in a preset time interval based on the system operation log data to form a time sequence dimension frequency array list;
the variation coefficient calculation module is used for selecting a given dimensional value of each object in the time sequence dimensional frequency array list based on the time sequence dimensional frequency array list so as to construct a new array list1; calculating a coefficient of variation CV1 of a first given dimensional value and a coefficient of variation CV2 of a second given dimensional value of each object according to the new array list1;
the coefficient of variation difference calculating and processing module is used for acquiring a coefficient of variation difference Δ CV1 based on the coefficient of variation CV1 of the first given dimension value and the coefficient of variation CV2 of the second given dimension value;
the normal behavior numerical value fluctuation interval calculation module is used for calculating a normal behavior numerical value fluctuation interval by utilizing a quantile criterion based on the variation coefficient difference value delta CV1;
and the abnormal object judgment module is used for judging based on the normal behavior numerical value fluctuation interval and in combination with business requirements, and judging as abnormal when the delta CV1 exceeds the interval upper limit.
As a further improvement of the technical solution of the present invention, the calculating the daily variation coefficient CV1 of the first given dimensional value of each object according to the new array list1 in the variation coefficient calculating module specifically includes:
where σ 1 represents the standard deviation of all objects in the new array list1, and μ 1 represents the mean of all objects in the new array list 1.
As a further improvement of the technical solution of the present invention, the calculating the coefficient of variation CV2 of the second given dimensional value of each object according to the time sequence dimensional frequency array list in the coefficient of variation calculating module specifically includes:
where σ 2 represents the standard deviation of all objects in the time-series dimensional frequency array list, and μ 2 represents the average value of all objects in the time-series dimensional frequency array list.
As a further improvement of the technical solution of the present invention, in the coefficient of variation difference calculation and processing module, a method for obtaining the coefficient of variation difference Δ CV1 based on the coefficient of variation CV1 of the first given dimension value and the coefficient of variation CV2 of the second given dimension value comprises: Δ CV1= CV2-CV1.
As a further improvement of the technical scheme of the present invention, the method for calculating the normal behavior value fluctuation interval by using the quantile criterion in the module for calculating the normal behavior value fluctuation interval comprises: carrying out ascending arrangement on a group of data, respectively taking a quarter-quartile Q _1, a median and a three-quarter-quartile Q _3, and calculating a dividing distance IQR = Q _3-Q _1; wherein [ Q _1-1.5 + IQQR and Q _3+1.5 + IQQR ] are internal limit intervals; and [ Q _1-3 + IQR, Q _3+ 3+ IQR ] is an outer limit interval.
The invention has the advantages that:
(1) The method and the system design time sequence behavior fluctuation detection method adopt a variation coefficient calculation mode, unify different numbers of level objects to the same level for consideration, can determine some objects with extremely high abnormal degree in the time sequence behavior, and effectively reduce false alarm of a safety detection scene.
(2) The method and the system of the invention change along with the time change and the data set extracted according to the set period also changes along with the time, so that the detection result of the behavior data is related to the behavior in the recent time period and does not depend on the earlier historical data, namely, the time sequence fluctuation difference value is calculated by using a sliding time window for comparison, the influence of the historical rule is eliminated, and the detection object is not influenced by the historical abnormal behavior value in the time sequence value.
(3) The method and the system of the invention unify all the objects to the same dimension for comparison, and can identify the low-frequency abnormal operation objects which can not be identified by most high-frequency detection methods.
Drawings
Fig. 1 is a flowchart of a method for detecting abnormal fluctuation of time-series behavior according to a first embodiment of the present invention;
fig. 2 is a flowchart of an embodiment of a method for detecting abnormal fluctuation of time-series behavior according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are some embodiments of the present invention, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The technical scheme of the invention is further described by combining the drawings and the specific embodiments in the specification:
example one
As shown in fig. 1 and fig. 2, a method for detecting abnormal fluctuation of time-series behavior includes the following steps:
s1, acquiring log data, and acquiring time sequence groups according to objects
Selecting a time node of an analysis object, acquiring system operation log data in a specified period, selecting an analysis object system account, and counting operation times of each account in an equal time interval, taking data obtained by tracing back a month before a specified date as an example, counting operation frequency of each object every day and sequencing the operation frequency with time to form a time sequence dimension frequency array list.
Along with time change, the data set extracted according to the established period can also change along with the time, and the time sequence fluctuation difference value is calculated by utilizing the sliding time window for comparison, so that the behavior data detection result is related to the behavior in the recent time period, the method does not depend on earlier historical data, the influence of the historical rule is eliminated, and the detection object is not influenced by the historical abnormal behavior value in the time sequence value.
S2, calculating the coefficient of variation
The coefficient of variation (coeffient of variation), which is a normalized measure of the degree of dispersion of the probability distribution, is defined as the ratio of the standard deviation to the mean. The calculation mode is a data standardization mode, and the data standardization processing mainly comprises two aspects of data chemotaxis processing and non-dimensionalization processing. The coefficient of variation eliminates the effect of unit and average differences on the comparison of the degree of variation of two or more data. The smaller the coefficient of variation, the smaller the degree of variation (deviation) and the smaller the risk; conversely, the greater the coefficient of variation, the greater the degree of variation (deviation) and the greater the risk.
Based on the time sequence dimension frequency array list obtained in the step S1, selecting the previous 29 dimension values of each object to construct a new array list1, and calculating the previous 29-day variation coefficient CV1 of each object according to the list1 as follows:
where σ 1 represents the standard deviation of all objects in the new array list1, and μ 1 represents the average of all objects in the new array list 1.
According to the time sequence dimension frequency array list, a 30-day variation coefficient CV2 of each object is calculated as follows:
where σ 2 represents the standard deviation of all objects in the time-series dimensional frequency array list, and μ 2 represents the average value of all objects in the time-series dimensional frequency array list.
By adopting a calculation mode of the variation coefficient, different numbers of level objects are considered in a unified way to the same level, some objects with extremely high abnormal degree in the time sequence behavior can be determined, and the false alarm of a safety detection scene is effectively reduced.
S3, calculating and processing variation coefficient difference value
And detecting the abnormal fluctuation of the time sequence behavior of the object of the appointed time node, and calculating the fluctuation change condition of the appointed time node. And obtaining the coefficient of variation CV1 and CV2 of each object according to the step S2, and subtracting CV1 from CV2 to obtain a variation system difference value delta CV1.
△CV1=CV2-CV1
In the actual business safety alarm, in order to avoid influence of historical fluctuation on change of the delta CV1, all numerical values of which the delta CV1 is a negative value are replaced by numerical values of zero, and a new variation coefficient difference value delta CV2 is obtained.
The method provided by the invention has the advantages that all objects are unified to the same dimension for comparison, and most low-frequency abnormal operation objects which cannot be identified by a high-frequency detection method can be identified, because high-frequency detection is mainly used for detecting that data contains larger behavior values, and for objects with larger behavior data values, abnormality cannot be identified.
S4, calculating the fluctuation interval of the normal behavior numerical value
And obtaining new variation coefficient difference values delta CV2 of all objects based on the step S3, and calculating a normal behavior numerical value fluctuation interval by utilizing a quantile criterion. The delta CV2 is used for describing the variation condition of the variation coefficient at the appointed time point and is used for describing the behavior numerical value variation of the appointed time node; and forming a new numerical value by the variable quantity of all the objects, and calculating a normal numerical value interval, namely a numerical value fluctuation interval of normal behaviors of the user object by using a quantile criterion based on the new numerical value.
The principle of quantile criterion is as follows: and (3) carrying out ascending arrangement on a group of data, respectively taking a quarter-quartile Q _1, a median and a three-quarter-quartile Q _3, and calculating a dividing distance IQR = Q _3-Q _1. Wherein [ Q _1-1.5 iQR, Q _3+1.5 iQR ] is an inner limit interval; and the [ Q _ 1-3I QR, Q _3+ 3I QR ] is an outer limit interval, and if the behavior numerical value is outside the inner limit interval, the data is all abnormal values, wherein the abnormal value between the inner limit and the outer limit is a mild abnormal value, and the abnormal value outside the outer limit is an extreme abnormal value.
S5, judging abnormal objects
And judging according to the service requirement based on the normal behavior numerical value fluctuation interval obtained in the step S4, and judging as an abnormal value if the delta CV2 exceeds the interval upper limit.
Example two
A time series behavior anomaly fluctuation detection system, comprising: the device comprises an acquisition time sequence array module, a variation coefficient calculation module, a variation coefficient difference calculation and processing module, a normal behavior value fluctuation interval calculation module and an abnormal object judgment module;
the acquisition time sequence array module is used for selecting time nodes, acquiring system operation log data in a specified period, selecting and analyzing system accounts, counting the operation times of each account in equal time intervals, and forming a time sequence dimension frequency array list;
the calculation variation coefficient module is used for selecting the first 29 dimensional numerical values of each object according to the obtained time sequence dimensional frequency array list to construct a new array list1, calculating the first 29-day variation coefficient CV1 of each object according to the new array list1, and calculating the 30-day variation coefficient CV2 of each object according to the time sequence dimensional frequency array list;
where σ 1 represents the standard deviation of all objects in the array list1, and μ 1 represents the mean of all objects in the array list 1.
Where σ 2 represents the standard deviation of all objects in the array list, and μ 2 represents the mean of all objects in the array list.
The variation coefficient difference value calculating and processing module is used for detecting abnormal fluctuation of the object time sequence behaviors of the appointed time node, calculating and processing the variation coefficient difference value to obtain all object variation coefficient difference values delta CV2;
subtract CV1 from CV2 to yield Δ CV1, i.e.: Δ CV1= CV2-CV1; in the actual business safety alarm, in order to avoid influence of historical fluctuation on change of the delta CV1, all numerical values of which the delta CV1 is a negative value are replaced by numerical values of zero, and a new variation coefficient difference value delta CV2 is obtained.
The normal behavior numerical value fluctuation interval calculation module is used for calculating a normal behavior numerical value fluctuation interval by utilizing a quantile criterion according to the difference value delta CV2 of the variation coefficients of all the objects;
performing ascending arrangement on a group of data, respectively taking a quarter-quartile Q _1, a median and a three-quarter-quartile Q _3, and calculating a bit distance IQR = Q _3-Q _1; wherein [ Q _ 1-1.5I QR, Q _3+ 1.5I QR ] is an inner limit interval [ Q _ 1-3I QR, Q _3+ 3I QR ] is an outer limit interval, if the behavior numerical value is outside the inner limit interval, the data is all abnormal values, wherein the abnormal value between the inner limit and the outer limit is a mild abnormal value, and the abnormal value outside the outer limit is an extreme abnormal value.
And the abnormal object judgment module is used for judging according to the obtained normal behavior numerical value fluctuation interval and the service requirement, and judging as an abnormal value if the delta CV2 exceeds the interval upper limit.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (4)
1. A time sequence behavior abnormal fluctuation detection method is characterized by comprising the following steps:
s1, selecting a time node, acquiring system operation log data in a specified period, and counting the operation times of each system account in a preset time interval based on the system operation log data to form a time sequence dimension frequency array list;
s2, based on the time sequence dimension frequency array list, selecting a given dimension value of each object in the time sequence dimension frequency array list to construct a new array list1; calculating the coefficient of variation CV1 of a first given dimensional value and the coefficient of variation CV2 of a second given dimensional value of each object according to the new array list1;
calculating the coefficient of variation CV1 of the first given dimension value of each object according to the new array list1 specifically includes:
calculating the coefficient of variation CV2 of the second given dimensional value of each object according to the time sequence dimensional frequency array list specifically includes:
wherein σ 1 represents the standard deviation of all objects in the new array list1, σ 2 represents the standard deviation of all objects in the time sequence dimension frequency array list, μ 1 represents the average value of all objects in the new array list1, and μ 2 represents the average value of all objects in the time sequence dimension frequency array list;
s3, obtaining a variation coefficient difference value delta CV1 based on the variation coefficient CV1 of the first given dimension value and the variation coefficient CV2 of the second given dimension value;
s4, based on the variation coefficient difference value delta CV1, a method for calculating a normal behavior numerical value fluctuation interval by using a quantile criterion comprises the following steps: performing ascending arrangement on a group of data, respectively taking a quarter-quartile Q _1, a median and a three-quartile Q _3, and calculating a position separation IQR = Q _3-Q _1; wherein [ Q _1-1.5 iQR, Q _3+1.5 iQR ] is an inner limit interval; [ Q _1-3 + IQR, Q _3+ 3+ IQR ] as an outer limit interval;
and S5, judging based on the normal behavior numerical value fluctuation interval and by combining with business requirements, and judging that the abnormal behavior numerical value is abnormal when the delta CV1 exceeds the interval upper limit.
2. The method for detecting abnormal fluctuation of time series behavior according to claim 1, wherein the method for obtaining the coefficient of variation difference Δ CV1 based on the coefficient of variation CV1 of the first given dimensional value and the coefficient of variation CV2 of the second given dimensional value in step S3 comprises: Δ CV1= CV2-CV1.
3. A time series behavior abnormal fluctuation detection system, comprising: the device comprises an acquisition time sequence array module, a variation coefficient calculation module, a variation coefficient difference calculation and processing module, a normal behavior value fluctuation interval calculation module and an abnormal object judgment module;
the acquisition time sequence array module is used for selecting time nodes, acquiring system operation log data in a specified period, and counting the operation times of each system account in a preset time interval based on the system operation log data to form a time sequence dimension frequency array list;
the variation coefficient calculation module is used for selecting a given dimensional value of each object in the time sequence dimensional frequency array list based on the time sequence dimensional frequency array list so as to construct a new array list1; calculating a coefficient of variation CV1 of a first given dimensional value and a coefficient of variation CV2 of a second given dimensional value of each object according to the new array list1;
the calculating the daily variation coefficient CV1 of the first given dimension value of each object according to the new array list1 in the variation coefficient calculating module specifically includes:
the calculating of the coefficient of variation CV2 of the second given dimensional value of each object according to the time sequence dimensional frequency array list in the coefficient of variation calculating module is specifically as follows:
wherein σ 1 represents the standard deviation of all objects in the new array list1, σ 2 represents the standard deviation of all objects in the time sequence dimension frequency array list, μ 1 represents the average value of all objects in the new array list1, and μ 2 represents the average value of all objects in the time sequence dimension frequency array list;
the coefficient of variation difference calculating and processing module is used for acquiring a coefficient of variation difference Δ CV1 based on the coefficient of variation CV1 of the first given dimension value and the coefficient of variation CV2 of the second given dimension value;
the normal behavior numerical value fluctuation interval calculation module is used for calculating the normal behavior numerical value fluctuation interval by using a quantile criterion based on the variation coefficient difference value delta CV1, and the method comprises the following steps: performing ascending arrangement on a group of data, respectively taking a quarter-quartile Q _1, a median and a three-quarter-quartile Q _3, and calculating a bit distance IQR = Q _3-Q _1; wherein [ Q _1-1.5 iQR, Q _3+1.5 iQR ] is an inner limit interval; [ Q _1-3 + IQR, Q _3+ 3+ IQR ] as an outer limit interval; and the abnormal object judgment module is used for judging based on the normal behavior numerical value fluctuation interval and in combination with business requirements, and judging as abnormal when the delta CV1 exceeds the interval upper limit.
4. The system according to claim 3, wherein the method for obtaining the coefficient of variation difference Δ CV1 based on the coefficient of variation CV1 of the first given dimensional value and the coefficient of variation CV2 of the second given dimensional value in the coefficient of variation difference calculation and processing module is: Δ CV1= CV2-CV1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110740773.3A CN113344133B (en) | 2021-06-30 | 2021-06-30 | Method and system for detecting abnormal fluctuation of time sequence behaviors |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110740773.3A CN113344133B (en) | 2021-06-30 | 2021-06-30 | Method and system for detecting abnormal fluctuation of time sequence behaviors |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113344133A CN113344133A (en) | 2021-09-03 |
| CN113344133B true CN113344133B (en) | 2023-04-18 |
Family
ID=77481945
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110740773.3A Active CN113344133B (en) | 2021-06-30 | 2021-06-30 | Method and system for detecting abnormal fluctuation of time sequence behaviors |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113344133B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113742927B (en) * | 2021-09-08 | 2024-01-26 | 成都卡普数据服务有限责任公司 | Meteorological forecast data quality detection method |
| CN114504313A (en) * | 2022-01-24 | 2022-05-17 | 苏州大学 | Portable wearable respiration monitoring device and monitoring method |
| CN114780400B (en) * | 2022-04-18 | 2023-06-27 | 南京安元科技有限公司 | Method for blocking cyclic call between services based on periodic data balance statistics |
| CN116488948B (en) * | 2023-06-25 | 2023-09-01 | 上海观安信息技术股份有限公司 | Machine behavior abnormality detection method, device, equipment and medium |
| CN116510223B (en) * | 2023-06-29 | 2023-09-01 | 欣灵电气股份有限公司 | Self-identification fire pump electrical parameter inspection monitoring system based on Internet of things |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018177247A1 (en) * | 2017-03-28 | 2018-10-04 | 瀚思安信(北京)软件技术有限公司 | Method of detecting abnormal behavior of user of computer network system |
| CN110933115A (en) * | 2019-12-31 | 2020-03-27 | 上海观安信息技术股份有限公司 | Analysis object behavior abnormity detection method and device based on dynamic session |
| CN110990242A (en) * | 2019-11-29 | 2020-04-10 | 上海观安信息技术股份有限公司 | Method and device for determining fluctuation abnormity of user operation times |
| CN111459778A (en) * | 2020-03-12 | 2020-07-28 | 平安科技(深圳)有限公司 | Operation and maintenance system abnormal index detection model optimization method and device and storage medium |
| CN111898639A (en) * | 2020-06-30 | 2020-11-06 | 河海大学 | Dimension reduction-based hierarchical time memory industrial anomaly detection method and device |
| CN112465073A (en) * | 2020-12-23 | 2021-03-09 | 上海观安信息技术股份有限公司 | Numerical value distribution anomaly detection method and system based on distance |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120137367A1 (en) * | 2009-11-06 | 2012-05-31 | Cataphora, Inc. | Continuous anomaly detection based on behavior modeling and heterogeneous information analysis |
| US10740212B2 (en) * | 2017-06-01 | 2020-08-11 | Nec Corporation | Content-level anomaly detector for systems with limited memory |
-
2021
- 2021-06-30 CN CN202110740773.3A patent/CN113344133B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018177247A1 (en) * | 2017-03-28 | 2018-10-04 | 瀚思安信(北京)软件技术有限公司 | Method of detecting abnormal behavior of user of computer network system |
| CN110990242A (en) * | 2019-11-29 | 2020-04-10 | 上海观安信息技术股份有限公司 | Method and device for determining fluctuation abnormity of user operation times |
| CN110933115A (en) * | 2019-12-31 | 2020-03-27 | 上海观安信息技术股份有限公司 | Analysis object behavior abnormity detection method and device based on dynamic session |
| CN111459778A (en) * | 2020-03-12 | 2020-07-28 | 平安科技(深圳)有限公司 | Operation and maintenance system abnormal index detection model optimization method and device and storage medium |
| CN111898639A (en) * | 2020-06-30 | 2020-11-06 | 河海大学 | Dimension reduction-based hierarchical time memory industrial anomaly detection method and device |
| CN112465073A (en) * | 2020-12-23 | 2021-03-09 | 上海观安信息技术股份有限公司 | Numerical value distribution anomaly detection method and system based on distance |
Non-Patent Citations (3)
| Title |
|---|
| 军车多区域无线集群通信故障检测方法研究;严代彪等;《计算机仿真》;20121115(第11期);全文 * |
| 基于变异系数的SOM算法在多维分析中的应用研究;陈维民;《电脑知识与技术》;20171115(第32期);全文 * |
| 基于孤立点异常度的Web攻击数据挖掘算法;张路青;《舰船电子工程》;20180920(第09期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113344133A (en) | 2021-09-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113344133B (en) | Method and system for detecting abnormal fluctuation of time sequence behaviors | |
| CN113255795B (en) | Equipment state monitoring method based on multi-index cluster analysis | |
| WO2021184630A1 (en) | Method for locating pollutant discharge object on basis of knowledge graph, and related device | |
| CN107742127B (en) | Improved electricity stealing prevention intelligent early warning system and method | |
| CN108805202B (en) | Machine learning method for electrolytic bath fault early warning and application thereof | |
| CN109583680B (en) | Power stealing identification method based on support vector machine | |
| CN110895526A (en) | Method for correcting data abnormity in atmosphere monitoring system | |
| CN111507376B (en) | Single-index anomaly detection method based on fusion of multiple non-supervision methods | |
| US20220334904A1 (en) | Automated Incident Detection and Root Cause Analysis | |
| US20220004163A1 (en) | Apparatus for predicting equipment damage | |
| CN111309565A (en) | Alarm processing method and device, electronic equipment and computer readable storage medium | |
| CN115858794B (en) | Abnormal log data identification method for network operation safety monitoring | |
| CN109947815B (en) | Power theft identification method based on outlier algorithm | |
| CN112906738B (en) | Water quality detection and treatment method | |
| CN110990242A (en) | Method and device for determining fluctuation abnormity of user operation times | |
| CN112905671A (en) | Time series exception handling method and device, electronic equipment and storage medium | |
| CN116823496A (en) | Intelligent insurance risk assessment and pricing system based on artificial intelligence | |
| CN113705714A (en) | Power distribution Internet of things equipment abnormal behavior detection method and device based on behavior sequence | |
| CN116562746B (en) | Bedding and clothing data monitoring method and related device of bedding and clothing logistics site | |
| CN116485020B (en) | Supply chain risk identification early warning method, system and medium based on big data | |
| CN113255096A (en) | High-loss line abnormal distribution area positioning method and system based on forward stepwise regression | |
| CN116383645A (en) | Intelligent system health degree monitoring and evaluating method based on anomaly detection | |
| CN114140241A (en) | Abnormity identification method and device for transaction monitoring index | |
| CN113673600A (en) | Industrial signal abnormity early warning method, system, storage medium and computing equipment | |
| CN115858606A (en) | Method, device and equipment for detecting abnormity of time series data and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |