CN110011990A  Intranet security threatens intelligent analysis method  Google Patents
Intranet security threatens intelligent analysis method Download PDFInfo
 Publication number
 CN110011990A CN110011990A CN201910219705.5A CN201910219705A CN110011990A CN 110011990 A CN110011990 A CN 110011990A CN 201910219705 A CN201910219705 A CN 201910219705A CN 110011990 A CN110011990 A CN 110011990A
 Authority
 CN
 China
 Prior art keywords
 log
 stream
 inconsistency
 value
 measured
 Prior art date
 Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
 Granted
Links
Classifications

 G—PHYSICS
 G06—COMPUTING; CALCULATING OR COUNTING
 G06F—ELECTRIC DIGITAL DATA PROCESSING
 G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
 G06F17/10—Complex mathematical operations
 G06F17/18—Complex mathematical operations for evaluating statistical data, e.g. average values, frequency distributions, probability functions, regression analysis

 H—ELECTRICITY
 H04—ELECTRIC COMMUNICATION TECHNIQUE
 H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
 H04L63/00—Network architectures or network communication protocols for network security
 H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
 H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
 H04L63/1425—Traffic logging, e.g. anomaly detection
Abstract
The invention proposes a kind of intranet securities to threaten intelligent analysis method, is applied to network safety filed.It is accomplished by the following way: the 1st, calculating of multimodel inconsistency score, comprising: the 1.1st step generates log template set；1.2nd step calculates inconsistency score；2nd, intranet security threatens intelligent analysis method, comprising: the 2.1st step calculates PValue；2.2nd step predicts log stream to be measured based on statistical learning.The present invention utilizes artificial intelligence analysis rather than Manual analysis, realizes the analysis to log；Change log and be stored in local storage mode, then block chain is used to carry out secure storage, and realizes that the merging of the log generated to Intranet distinct device uses；This method supports a variety of log analytic modell analytical models, realizes multimodel collaboration；Using statistical learning method, the detectivity to abnormal log is improved.
Description
Technical field
The invention belongs to computer network security fields.
Background technique
With the development of network, the amount that equipment generates log is increasing, it is difficult to Manual analysis；Due to the development of technology,
Originally being stored in local log faces the huge risk being tampered；Currently, in Intranet, what equipment cannot encounter oneself
Attack notice is the same as the other equipment in net；Single model will appear degeneration at any time, lead to not obtain comprehensive and accurate
Testing result.Log is analyzed so needing to construct one and can use artificial intelligence, can use block chain to day
Will is more safely stored, can play Intranet advantage go detection abnormal log, and can be cooperateed with by multimodel into
The model of row defence, to find to threaten.
Summary of the invention
The invention aims to solve in the case where Intranet generates a large amount of logs, these logs are easily tampered, cannot
The problem of being merged use and model will appear degeneration, prediction is caused to be unable to get comprehensive and accurate result, provides one kind
Intranet security based on statistical learning threatens intelligent analysis method.This method utilizes artificial intelligence analysis rather than Manual analysis,
Realize the analysis to log；Change log and be stored in local storage mode, then uses block chain to carry out secure storage, and real
The merging of the log now generated to Intranet distinct device uses；This method supports a variety of log analytic modell analytical models, realizes multimodel association
Together；The recognition capability to abnormal log is improved using statistical learning algorithm.
Technical solution of the present invention
Intranet security threatens intelligent analysis method, includes the following steps:
Basic conception:
(1) log: the text of valuable application and system operation information is recorded, content includes timestamp etc.；
(2) log stream: the log with reference format can be used as the input of log analytical algorithm, the difference with log exists
There can only be a log stream in every row, but there can be multirow log；
(3) log template: being only made of the constant in log stream, can represent one group of log stream；
(4) inconsistency metric function: being that log stream to be measured and known log stream set similitude are evaluated by score
Function；
The similitude of log stream known to one log stream and one group is described, input is a log template and a day to be measured
Will stream, output are a numerical value, also referred to as inconsistency score, and score is higher, illustrate that log stream to be measured is got over this group of log stream
It is similar；Score is lower, illustrates that log stream to be measured and this group of log stream are more dissimilar；
(5) PValue: being the statistic for measuring log stream significance in known log stream set to be measured, is used for multimode
The comparison of type prediction result confidence level；
1st, the calculating of multimodel inconsistency score, includes the following steps:
1.1st step generates log template set
1.1.1, for log stream set, it is handled using log analytical algorithm f, obtains log template set
T；
The input that 1.1.2, log parse: original log adfluxion X, log analytical algorithm set G:
1. original log adfluxion X: including n log stream x_{j}, j ∈ 1,2 ..., and n }, X={ x_{1},...,x_{n}}；
2. log analytical algorithm set G: including m log analytical algorithm f_{k}, k ∈ 1,2 ..., and m }, G={ f_{1},...,
f_{m}}；
The output that 1.1.3, log parse: including m log template set T_{k}, k ∈ 1,2 ..., and m }, T=
{T_{1},...,T_{m}}；Wherein each log template set T_{k}Include q log template t_{kb}, b ∈ { 1,2 ..., q }, T_{k}=
{t_{k1},...,t_{kb}}。
1.2nd step calculates inconsistency score
The log analytical algorithm of 1.2.1, each isomery, to log stream y to be measured_{i}, can be according to log template t_{kb}, utilize
Inconsistency metric function g calculates inconsistency score α；Not having between the inconsistency score that isomery model provides can
It is comparative, the quality of direct contrast model prediction result cannot be carried out according to inconsistency score；
The input of 1.2.2, inconsistency measurement: log template set T, log stream set Y to be measured, inconsistency measurement
Function g:
1. log template set T: including m log template set T_{k}, k ∈ 1,2 ..., and m }, T={ T_{1},...,
T_{m}}；Wherein each log template set T_{k}Include q log template t_{kb}, b ∈ 1,2 ...,
q},T_{k}={ t_{k1},...,t_{kb}}；
2. log stream set Y to be measured: including w log y_{i}, i ∈ 1,2 ..., and w }, Y={ y_{1},...,y_{w}}；
3. inconsistency metric function g；Return value is the real number for being referred to as inconsistency score, the input of the function
For log stream and log template t_{kb}, return value is a real number, which shows the different of log stream to be measured and log stream set
Cause property；
The output of 1.2.3, inconsistency measurement: inconsistency score set；
1.2.4, algorithm flow:
2nd, intranet security threatens intelligent analysis method, and this method comprises the following steps:
2.1st step calculates PValue
2.1.1, to log log template t_{kb}For, to original log stream x_{j}Inconsistency measurement is carried out, is corresponded to
Inconsistency score set { a_{kb_1},a_{kb_2},...,a_{kb_j}}；
2.1.2, by log stream y to be measured_{i}Inconsistency score a_{kb_i}It is put into the inconsistency score set of class, this
The PValue value of class is greater than or equal to log stream y to be measured_{i}Inconsistency score a_{kb_i}Log stream quantity and log stream it is total
Several ratio；
The bigger explanation log stream y to be measured of 2.1.3, PValue value_{i}Significance in such is higher；
2.1.4, input: the inconsistency score set of log stream；
2.1.5, output: log stream y to be measured_{i}PValue value；
2.1.6, algorithm flow:
2.2nd step predicts log stream to be measured based on statistical learning
2.2.1, all PValue value sets obtained for upper step are greater than maximum error probability ε's wherein choosing
PValue value, obtains the corresponding template class set of these PValue values, and the log stream y to be measured is then predicted in null set if it exists_{i}
For abnormal log, the log stream y to be measured is otherwise predicted_{i}For normal log；
2.2.2, input: log stream y to be measured_{i}PValue value set；Maximum acceptable error probability ε, is mentioned by user
For showing the acceptable maximum error probability of user；
2.2.3, output: prediction result；
2.2.4, algorithm flow:
The advantages and positive effects of the present invention:
The present invention proposes that the intranet security based on statistical learning threatens intelligent analysis method.This method utilizes artificial intelligence point
Analysis rather than Manual analysis, realize analysis to log, improve analysis efficiency；This method changes log and is stored in local deposit
Storage mode, then block chain is used to carry out secure storage, improve safety；The method achieve generate to Intranet distinct device
The merging of log use, improve the abnormal efficiency of detection；This method supports a variety of isomery log analytic modell analytical models, utilizes statistics
Method realizes multimodel composite defense.
Detailed description of the invention
Fig. 1 is that the intranet security based on statistical learning threatens intelligent analysis method flow chart.
Fig. 2 is the part of industry control log stream set.
Fig. 3 is the log template set that industry control log is obtained using IPLoM algorithm.
Fig. 4 is the log template set that industry control log is obtained using Drain algorithm.
Fig. 5 is the log template set that industry control log is obtained using LogSig algorithm.
Fig. 6 is the PValue value set that industry control log is obtained using IPLoM algorithm.
Fig. 7 is the PValue value set that industry control log is obtained using Drain algorithm.
Specific embodiment
The present invention is specifically described for detecting abnormal log, any to close to obtain day by inputting original log adfluxion
The log analytical algorithm of will template set can be used in this method, method flow such as Fig. 1, in present embodiment with IPLoM,
Tetra kinds of log analytical algorithms of Drain, DrainV1 and LogSig are for example, be specifically described as follows:
IPLoM is a kind of log analytical algorithm.This algorithm is divided into four steps when parsing log, and most starting will
All log inputs are entered.All original logs are divided into different groups according to length by the first step；Second step is to log length
Original log in identical group continues to be grouped.All words of the same position of all log recordings are counted, are looked for
To the position for possessing minimum unique words, classified according to these unique words.The original log for possessing identical unique words is assigned to one
In group.Third step will operate each group obtained in the previous step.According to the corresponding relationship between word, by its original log point
At different groups.The group that 4th step each finally obtains upper step is handled.Word in same position is if it is different, then use wildcard
Symbol substitution, identical word are just directly write down, and log template is obtained.
Drain is a kind of log analytical algorithm.This algorithm is divided into three steps when parsing log, and inputs one every time
Log.The purpose of the first step is that the identical original log of length is grouped into a group；The purpose of second step is identical for that will have
The identical log of the length of token is referred to a group, and the token in the method may be first word of log, it is also possible to
It is the last one word of log, it is also possible to asterisk wildcard；The purpose of third step is by length is identical and token identical original day
Similar log in will gathers the log template for obtaining to represent this set together.
DrainV1 is a kind of log analytical algorithm.This algorithm is divided into three steps when parsing log, and inputs every time
One log.The purpose of the first step is that the identical original log of length is grouped into a group；The purpose of second step is will have phase
With the length of token, identical log is referred to a group, and the token in the method may be first word of log, can also
It can be asterisk wildcard；The purpose of third step be by length is identical and the identical original log of token in similar log gather one
It rises, obtains the log template that can represent this set.
LogSig is a kind of log analytical algorithm.This algorithm is divided into three steps when parsing log, and most starts to want
All logs input is entered.Every log stream is cut into multiple words pair by the first step, forms word to group；Second step is first
All logs are randomly divided into the group of fixed number, every log is then transferred to suitable group；Third step purpose is needle
To each group obtained in the previous step, suitable log template is obtained.
Each log analytical algorithm can be handled original log collection, obtain the mould that can represent log collection
Plate collection T_{k}.To log y to be measured_{i}, can be according to obtained log template set T_{k}, using inconsistency metric function g, calculate not
Consistency score.Do not have comparability between the inconsistency score that isomery model provides, it cannot be according to inconsistency score
Carry out the quality of direct contrast model prediction result, therefore also needs after each isomery model obtains inconsistency score based on statistics
The step of habit prediction log to be measured, present embodiment, is as follows.
1. preprocessing original log
Original log set is become log stream set by this embodiment.Using automatized script to differentformat
The original log of textual is handled, and is allowed to become suitable for as the input of log analytical algorithm, the day with reference format
Will adfluxion is closed.The industry control log stream set obtained after pretreatment is as shown in Figure 2.
2. storage and shared log stream
This embodiment realizes the safe and effective day stored and generate to plurality of devices to log stream using block chain
The merging of will stream uses.Each block of block chain is made of block head and block body.Block and Hash are one by one
It is corresponding.When being encrypted using block chain, the cryptographic Hash of current block is encrypted with the content of current block head, and is worked as
The content of proparea build includes the Hash of a upper block and the Hash of current block body again.This is ensured that can using block chain
To realize the secure storage to log stream；When having data that block chain is written, all nodes require synchrodata, this is just
It can guarantee the log that interior online every equipment can use all devices to generate, realize the conjunction of the log stream generated to plurality of devices
And it uses.
3. obtaining log template set
This embodiment uses tetra kinds of log analytical algorithm processing 2,000 of IPLoM, Drain, DrainV1 and LogSig
Log stream, obtains log template set.The log stream set being stored on block chain is inputted, output is log template.Benefit
Log event template is generated with the constant in log stream in unstructured content.IPLoM algorithm combination log length, word mark
Position and word mark between mapping relations go generate log event template, as shown in Figure 3.Drain algorithm utilizes can be certainly
The dynamic acyclic figure of orientation for generating and updating goes to generate logging time template, is used primarily in online and distributed system, such as Fig. 4
It is shown.LogSig algorithm first by every log be converted into it is multiple include two words and between them position word pair, so
Operation is grouped to them afterwards, finally obtains log event template, as shown in Figure 5.
4. calculating inconsistency score
In this embodiment, the log template set obtained using upper step, according to inconsistency metric function to log
Adfluxion is total to calculate inconsistency score, each log analytical algorithm obtain each log template set can obtain one it is inconsistent
Property score set.For each log analytical algorithm, we can finally obtain identical with log template number inconsistent
Property score set.
Then, the template obtained using IPLoM, Drain, DrainV1 and LogSig these four log analytical algorithms is right
Log stream x to be measured carries out inconsistency measurement, the corresponding inconsistency score of each template.IPLoM,Drain,DrainV1,
Do not have comparability between the inconsistency score that provides of LogSig these four log analytical algorithms, it cannot be according to inconsistent
Property score, come direct contrast model prediction result quality.
5. calculating PValue
In this embodiment, with one of template t_{kb}For, remember that its corresponding inconsistency score collection is combined into
{a_{kb_1}, a_{kb_2},...,a_{kb_j}, log stream y to be measured_{i}The inconsistency score of this corresponding template is denoted as a_{kb_i}.By log stream to be measured
y_{i}Inconsistency score a_{kb_i}It is put into the corresponding inconsistency score set { a of template_{kb_1},a_{kb_2},...,a_{kb_j}In, this template
Corresponding PValue value is set { a_{kb_1},a_{kb_2},...,a_{kb_j}In inconsistency score be greater than or equal to a_{kb_i}Number with
The ratio of sum.Identical calculations are carried out to all templates that same log analytical algorithm obtains, can be obtained and each log solution
Analyse the corresponding PValue value set of algorithm.The corresponding PValue value of both log analytical algorithms of IPLoM and Drain is used herein
Set citing, such as Fig. 6 and Fig. 7.
6. detecting log stream based on statistical learning
For all PValue value sets that upper step obtains, the PValue for being greater than maximum error probability ε is wherein being chosen
Value, maximum error probability ε are provided by user, obtain the corresponding template class set of these PValue values.Null set if it exists, then
Predict the log stream y to be measured_{i}For abnormal log, the log stream y to be measured is otherwise predicted_{i}For normal log.
7. overall algorithm process
(1) input: log stream set X, log Y to be measured, log analytical algorithm set G, inconsistency metric function g, can
Receive maximum error probability ε:
1. original log adfluxion X: including n log stream x_{j}, j ∈ 1,2 ..., and n }, X={ x_{1},...,x_{n}}；
2. log stream set Y to be measured: including w log y_{i}, i ∈ 1,2 ..., and w }, Y={ y_{1},...,y_{w}}；
3. log analytical algorithm set G: including m log analytical algorithm f_{k}, k ∈ 1,2 ..., and m }, G={ f_{1},...,
f_{m}}；
4. inconsistency metric function g；Return value is the real number for being referred to as inconsistency score, the input of the function
For log stream and log template t_{kb}, return value is a real number, which shows the different of log stream to be measured and log stream set
Cause property；
5. maximum acceptable error probability ε, is provided by user, show the acceptable maximum error probability of user.
(2) it exports:
Prediction result, i.e., log y to be measured_{i}It is normal or abnormal.
(3) algorithm flow:
Claims (5)
1. intranet security threatens intelligent analysis method characterized by comprising
1st, the calculating of multimodel inconsistency score, includes the following steps:
1.1st step generates log template set；
1.2nd step calculates inconsistency score；
2nd, intranet security threatens intelligent analysis method, includes the following steps:
2.1st step calculates PValue；
2.2nd step predicts log stream to be measured based on statistical learning.
2. intranet security according to claim 1 threatens intelligent analysis method, which is characterized in that the 1.1st step includes:
1.1.1, for log stream set, it is handled using log analytical algorithm f, obtains log template set T；
The input that 1.1.2, log parse: original log adfluxion X, log analytical algorithm set G:
1. original log adfluxion X: including n log stream x_{j}, j ∈ 1,2 ..., and n }, X={ x_{1},...,x_{n}}；
2. log analytical algorithm set G: including m log analytical algorithm f_{k}, k ∈ 1,2 ..., and m }, G={ f_{1},...,f_{m}}；
The output that 1.1.3, log parse: including m log template set T_{k}, k ∈ 1,2 ..., and m }, T={ T_{1},...,
T_{m}}；Wherein each log template set T_{k}Include q log template t_{kb}, b ∈ { 1,2 ..., q }, T_{k}={ t_{k1},...,t_{kb}}。
3. intranet security according to claim 1 threatens intelligent analysis method, which is characterized in that the 1.2nd step includes:
The log analytical algorithm of 1.2.1, each isomery, to log stream y to be measured_{i}, can be according to log template t_{kb}, utilization is different
Cause property metric function g, calculates inconsistency score α；Do not have between the inconsistency score that isomery model provides comparable
Property, the quality of direct contrast model prediction result cannot be carried out according to inconsistency score；
The input of 1.2.2, inconsistency measurement: log template set T, log stream set Y to be measured, inconsistency metric function
G:
1. log template set T: including m log template set T_{k}, k ∈ 1,2 ..., and m }, T={ T_{1},...,T_{m}}；It is wherein every
A log template set T_{k}Include q log template t_{kb}, b ∈ { 1,2 ..., q }, T_{k}={ t_{k1},...,t_{kb}}；
2. log stream set Y to be measured: including w log y_{i}, i ∈ 1,2 ..., and w }, Y={ y_{1},...,y_{w}}；
3. inconsistency metric function g；Return value is the real number for being referred to as inconsistency score, and the input of the function is day
Will stream and log template t_{kb}, return value is a real number, which shows the inconsistency of log stream to be measured Yu log stream set；
The output of 1.2.3, inconsistency measurement: inconsistency score set；
1.2.4, algorithm flow:
Enable x_{j}∈X；X={ x_{1},...,x_{n}}；t_{kb}∈T_{k}, T_{k}={ t_{k1},...,t_{kb}, T_{k}∈ T, T={ T_{1},...,T_{m}}
4. intranet security according to claim 1 threatens intelligent analysis method, which is characterized in that the 2.1st step includes:
2.1.1, to log log template t_{kb}For, to original log stream x_{j}Carry out inconsistency measurement, obtain it is corresponding not
Consistency score set { a_{kb_1},a_{kb_2},...,a_{kb_j}}；
2.1.2, by log stream y to be measured_{i}Inconsistency score a_{kb_i}It is put into the inconsistency score set of class, it is such
PValue value is greater than or equal to log stream y to be measured_{i}Inconsistency score a_{kb_i}Log stream quantity and log stream sum
Ratio；
The bigger explanation log stream y to be measured of 2.1.3, PValue value_{i}Significance in such is higher；
2.1.4, input: the inconsistency score set of log stream；
2.1.5, output: log stream y to be measured_{i}PValue value；
2.1.6, algorithm flow:
5. intranet security according to claim 1 threatens intelligent analysis method, which is characterized in that the 2.2nd step includes:
2.2.1, all PValue value sets obtained for upper step are wherein choosing the P for being greater than maximum error probability ε
Value value, obtains the corresponding template class set of these PValue values, and the log stream y to be measured is then predicted in null set if it exists_{i}For
Otherwise abnormal log predicts the log stream y to be measured_{i}For normal log；
2.2.2, input: log stream y to be measured_{i}PValue value set；Maximum acceptable error probability ε, is provided, table by user
The acceptable maximum error probability of bright user；
2.2.3, output: prediction result；
2.2.4, algorithm flow:
Priority Applications (1)
Application Number  Priority Date  Filing Date  Title 

CN201910219705.5A CN110011990B (en)  20190322  20190322  Intelligent analysis method for intranet security threats 
Applications Claiming Priority (1)
Application Number  Priority Date  Filing Date  Title 

CN201910219705.5A CN110011990B (en)  20190322  20190322  Intelligent analysis method for intranet security threats 
Publications (2)
Publication Number  Publication Date 

CN110011990A true CN110011990A (en)  20190712 
CN110011990B CN110011990B (en)  20220304 
Family
ID=67167748
Family Applications (1)
Application Number  Title  Priority Date  Filing Date 

CN201910219705.5A Active CN110011990B (en)  20190322  20190322  Intelligent analysis method for intranet security threats 
Country Status (1)
Country  Link 

CN (1)  CN110011990B (en) 
Cited By (4)
Publication number  Priority date  Publication date  Assignee  Title 

CN110351301A (en) *  20190726  20191018  长沙市智为信息技术有限公司  A kind of doubledeck progressive method for detecting abnormality of HTTP request 
CN111565192A (en) *  20200508  20200821  南开大学  Credibilitybased multimodel cooperative defense method for internal network security threats 
CN113420777A (en) *  20210514  20210921  中国民航大学  Abnormal log detection method, device storage medium and equipment 
US11483154B2 (en)  20200219  20221025  International Business Machines Corporation  Artificial intelligence certification of factsheets using blockchain 
Citations (5)
Publication number  Priority date  Publication date  Assignee  Title 

CN103514398A (en) *  20131018  20140115  中国科学院信息工程研究所  Realtime online log detection method and system 
JP2014153723A (en) *  20130204  20140825  Nippon Telegr & Teleph Corp <Ntt>  Log origination abnormality detection device and method 
CN106657160A (en) *  20170228  20170510  南开大学  Reliabilitybased network malicious behavior detection method for large flow 
CN106850658A (en) *  20170228  20170613  南开大学  The network malicious act detection method of realtime online study 
CN106878314A (en) *  20170228  20170620  南开大学  Network malicious act detection method based on confidence level 

2019
 20190322 CN CN201910219705.5A patent/CN110011990B/en active Active
Patent Citations (5)
Publication number  Priority date  Publication date  Assignee  Title 

JP2014153723A (en) *  20130204  20140825  Nippon Telegr & Teleph Corp <Ntt>  Log origination abnormality detection device and method 
CN103514398A (en) *  20131018  20140115  中国科学院信息工程研究所  Realtime online log detection method and system 
CN106657160A (en) *  20170228  20170510  南开大学  Reliabilitybased network malicious behavior detection method for large flow 
CN106850658A (en) *  20170228  20170613  南开大学  The network malicious act detection method of realtime online study 
CN106878314A (en) *  20170228  20170620  南开大学  Network malicious act detection method based on confidence level 
Cited By (5)
Publication number  Priority date  Publication date  Assignee  Title 

CN110351301A (en) *  20190726  20191018  长沙市智为信息技术有限公司  A kind of doubledeck progressive method for detecting abnormality of HTTP request 
CN110351301B (en) *  20190726  20210928  长沙市智为信息技术有限公司  HTTP request doublelayer progressive anomaly detection method 
US11483154B2 (en)  20200219  20221025  International Business Machines Corporation  Artificial intelligence certification of factsheets using blockchain 
CN111565192A (en) *  20200508  20200821  南开大学  Credibilitybased multimodel cooperative defense method for internal network security threats 
CN113420777A (en) *  20210514  20210921  中国民航大学  Abnormal log detection method, device storage medium and equipment 
Also Published As
Publication number  Publication date 

CN110011990B (en)  20220304 
Similar Documents
Publication  Publication Date  Title 

CN107992746B (en)  Malicious behavior mining method and device  
CN110011990A (en)  Intranet security threatens intelligent analysis method  
Li et al.  Safety risk monitoring of cyberphysical power systems based on ensemble learning algorithm  
Potluri et al.  Evaluation of hybrid deep learning techniques for ensuring security in networked control systems  
Li et al.  Dctgan: Dilated convolutional transformerbased gan for time series anomaly detection  
CN109670306A (en)  Electric power malicious code detecting method, server and system based on artificial intelligence  
Elsayed et al.  PredictDeep: security analytics as a service for anomaly detection and prediction  
Olmezogullari et al.  Representation of clickstream datasequences for learning user navigational behavior by using embeddings  
Xie et al.  Logm: Log analysis for multiple components of hadoop platform  
CN107111609A (en)  Lexical analyzer for neural language performance identifying system  
Zhu et al.  Tripartite active learning for interactive anomaly discovery  
Jose et al.  Anomaly Detection on System Generated Logs—A Survey Study  
CN114296975A (en)  Distributed system call chain and log fusion anomaly detection method  
Liu et al.  Multistep attack scenarios mining based on neural network and Bayesian network attack graph  
Agrawal et al.  Analyzing and predicting failure in hadoop clusters using distributed hidden markov model  
Tawosi et al.  Investigating the effectiveness of clustering for story point estimation  
Paramkusem et al.  Classifying categories of SCADA attacks in a big data framework  
WO2022053163A1 (en)  Distributed trace anomaly detection with selfattention based deep learning  
Elhebir et al.  A novel ensemble approach to enhance the performance of web server logs classification  
Jiang et al.  Mining extremely small data sets with application to software reuse  
Singh et al.  User behaviour based insider threat detection in critical infrastructures  
JI et al.  Log Anomaly Detection Through GPT Log Anomaly Detection Through GPT2 for Large Scale Systems  
CN106326472B (en)  One kind investigation information integrity verification method  
Xiao et al.  AllInfoLog: Robust Diverse Anomalies Detection Based on All Log Features  
Li et al.  Mining Fluctuation Propagation Graph Among Time Series with Active Learning 
Legal Events
Date  Code  Title  Description 

PB01  Publication  
PB01  Publication  
SE01  Entry into force of request for substantive examination  
SE01  Entry into force of request for substantive examination  
GR01  Patent grant  
GR01  Patent grant 