CN110011990A - Intranet security threatens intelligent analysis method - Google Patents

Intranet security threatens intelligent analysis method Download PDF

Info

Publication number
CN110011990A
CN110011990A CN201910219705.5A CN201910219705A CN110011990A CN 110011990 A CN110011990 A CN 110011990A CN 201910219705 A CN201910219705 A CN 201910219705A CN 110011990 A CN110011990 A CN 110011990A
Authority
CN
China
Prior art keywords
log
stream
inconsistency
value
measured
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910219705.5A
Other languages
Chinese (zh)
Other versions
CN110011990B (en
Inventor
王志
肖旭航
谢学说
李涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nankai University
Original Assignee
Nankai University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nankai University filed Critical Nankai University
Priority to CN201910219705.5A priority Critical patent/CN110011990B/en
Publication of CN110011990A publication Critical patent/CN110011990A/en
Application granted granted Critical
Publication of CN110011990B publication Critical patent/CN110011990B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/18Complex mathematical operations for evaluating statistical data, e.g. average values, frequency distributions, probability functions, regression analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Abstract

The invention proposes a kind of intranet securities to threaten intelligent analysis method, is applied to network safety filed.It is accomplished by the following way: the 1st, calculating of multi-model inconsistency score, comprising: the 1.1st step generates log template set;1.2nd step calculates inconsistency score;2nd, intranet security threatens intelligent analysis method, comprising: the 2.1st step calculates P-Value;2.2nd step predicts log stream to be measured based on statistical learning.The present invention utilizes artificial intelligence analysis rather than Manual analysis, realizes the analysis to log;Change log and be stored in local storage mode, then block chain is used to carry out secure storage, and realizes that the merging of the log generated to Intranet distinct device uses;This method supports a variety of log analytic modell analytical models, realizes multi-model collaboration;Using statistical learning method, the detectivity to abnormal log is improved.

Description

Intranet security threatens intelligent analysis method
Technical field
The invention belongs to computer network security fields.
Background technique
With the development of network, the amount that equipment generates log is increasing, it is difficult to Manual analysis;Due to the development of technology, Originally being stored in local log faces the huge risk being tampered;Currently, in Intranet, what equipment cannot encounter oneself Attack notice is the same as the other equipment in net;Single model will appear degeneration at any time, lead to not obtain comprehensive and accurate Testing result.Log is analyzed so needing to construct one and can use artificial intelligence, can use block chain to day Will is more safely stored, can play Intranet advantage go detection abnormal log, and can be cooperateed with by multi-model into The model of row defence, to find to threaten.
Summary of the invention
The invention aims to solve in the case where Intranet generates a large amount of logs, these logs are easily tampered, cannot The problem of being merged use and model will appear degeneration, prediction is caused to be unable to get comprehensive and accurate result, provides one kind Intranet security based on statistical learning threatens intelligent analysis method.This method utilizes artificial intelligence analysis rather than Manual analysis, Realize the analysis to log;Change log and be stored in local storage mode, then uses block chain to carry out secure storage, and real The merging of the log now generated to Intranet distinct device uses;This method supports a variety of log analytic modell analytical models, realizes multi-model association Together;The recognition capability to abnormal log is improved using statistical learning algorithm.
Technical solution of the present invention
Intranet security threatens intelligent analysis method, includes the following steps:
Basic conception:
(1) log: the text of valuable application and system operation information is recorded, content includes timestamp etc.;
(2) log stream: the log with reference format can be used as the input of log analytical algorithm, the difference with log exists There can only be a log stream in every row, but there can be multirow log;
(3) log template: being only made of the constant in log stream, can represent one group of log stream;
(4) inconsistency metric function: being that log stream to be measured and known log stream set similitude are evaluated by score Function;
The similitude of log stream known to one log stream and one group is described, input is a log template and a day to be measured Will stream, output are a numerical value, also referred to as inconsistency score, and score is higher, illustrate that log stream to be measured is got over this group of log stream It is similar;Score is lower, illustrates that log stream to be measured and this group of log stream are more dissimilar;
(5) P-Value: being the statistic for measuring log stream significance in known log stream set to be measured, is used for multimode The comparison of type prediction result confidence level;
1st, the calculating of multi-model inconsistency score, includes the following steps:
1.1st step generates log template set
1.1.1, for log stream set, it is handled using log analytical algorithm f, obtains log template set T;
The input that 1.1.2, log parse: original log adfluxion X, log analytical algorithm set G:
1. original log adfluxion X: including n log stream xj, j ∈ 1,2 ..., and n }, X={ x1,...,xn};
2. log analytical algorithm set G: including m log analytical algorithm fk, k ∈ 1,2 ..., and m }, G={ f1,..., fm};
The output that 1.1.3, log parse: including m log template set Tk, k ∈ 1,2 ..., and m }, T= {T1,...,Tm};Wherein each log template set TkInclude q log template tkb, b ∈ { 1,2 ..., q }, Tk= {tk1,...,tkb}。
1.2nd step calculates inconsistency score
The log analytical algorithm of 1.2.1, each isomery, to log stream y to be measuredi, can be according to log template tkb, utilize Inconsistency metric function g calculates inconsistency score α;Not having between the inconsistency score that isomery model provides can It is comparative, the quality of direct contrast model prediction result cannot be carried out according to inconsistency score;
The input of 1.2.2, inconsistency measurement: log template set T, log stream set Y to be measured, inconsistency measurement Function g:
1. log template set T: including m log template set Tk, k ∈ 1,2 ..., and m }, T={ T1,...,
Tm};Wherein each log template set TkInclude q log template tkb, b ∈ 1,2 ...,
q},Tk={ tk1,...,tkb};
2. log stream set Y to be measured: including w log yi, i ∈ 1,2 ..., and w }, Y={ y1,...,yw};
3. inconsistency metric function g;Return value is the real number for being referred to as inconsistency score, the input of the function For log stream and log template tkb, return value is a real number, which shows the different of log stream to be measured and log stream set Cause property;
The output of 1.2.3, inconsistency measurement: inconsistency score set;
1.2.4, algorithm flow:
2nd, intranet security threatens intelligent analysis method, and this method comprises the following steps:
2.1st step calculates P-Value
2.1.1, to log log template tkbFor, to original log stream xjInconsistency measurement is carried out, is corresponded to Inconsistency score set { akb_1,akb_2,...,akb_j};
2.1.2, by log stream y to be measurediInconsistency score akb_iIt is put into the inconsistency score set of class, this The P-Value value of class is greater than or equal to log stream y to be measurediInconsistency score akb_iLog stream quantity and log stream it is total Several ratio;
The bigger explanation log stream y to be measured of 2.1.3, P-Value valueiSignificance in such is higher;
2.1.4, input: the inconsistency score set of log stream;
2.1.5, output: log stream y to be measurediP-Value value;
2.1.6, algorithm flow:
2.2nd step predicts log stream to be measured based on statistical learning
2.2.1, all P-Value value sets obtained for upper step are greater than maximum error probability ε's wherein choosing P-Value value, obtains the corresponding template class set of these P-Value values, and the log stream y to be measured is then predicted in null set if it existsi For abnormal log, the log stream y to be measured is otherwise predictediFor normal log;
2.2.2, input: log stream y to be measurediP-Value value set;Maximum acceptable error probability ε, is mentioned by user For showing the acceptable maximum error probability of user;
2.2.3, output: prediction result;
2.2.4, algorithm flow:
The advantages and positive effects of the present invention:
The present invention proposes that the intranet security based on statistical learning threatens intelligent analysis method.This method utilizes artificial intelligence point Analysis rather than Manual analysis, realize analysis to log, improve analysis efficiency;This method changes log and is stored in local deposit Storage mode, then block chain is used to carry out secure storage, improve safety;The method achieve generate to Intranet distinct device The merging of log use, improve the abnormal efficiency of detection;This method supports a variety of isomery log analytic modell analytical models, utilizes statistics Method realizes multi-model composite defense.
Detailed description of the invention
Fig. 1 is that the intranet security based on statistical learning threatens intelligent analysis method flow chart.
Fig. 2 is the part of industry control log stream set.
Fig. 3 is the log template set that industry control log is obtained using IPLoM algorithm.
Fig. 4 is the log template set that industry control log is obtained using Drain algorithm.
Fig. 5 is the log template set that industry control log is obtained using LogSig algorithm.
Fig. 6 is the P-Value value set that industry control log is obtained using IPLoM algorithm.
Fig. 7 is the P-Value value set that industry control log is obtained using Drain algorithm.
Specific embodiment
The present invention is specifically described for detecting abnormal log, any to close to obtain day by inputting original log adfluxion The log analytical algorithm of will template set can be used in this method, method flow such as Fig. 1, in present embodiment with IPLoM, Tetra- kinds of log analytical algorithms of Drain, DrainV1 and LogSig are for example, be specifically described as follows:
IPLoM is a kind of log analytical algorithm.This algorithm is divided into four steps when parsing log, and most starting will All log inputs are entered.All original logs are divided into different groups according to length by the first step;Second step is to log length Original log in identical group continues to be grouped.All words of the same position of all log recordings are counted, are looked for To the position for possessing minimum unique words, classified according to these unique words.The original log for possessing identical unique words is assigned to one In group.Third step will operate each group obtained in the previous step.According to the corresponding relationship between word, by its original log point At different groups.The group that 4th step each finally obtains upper step is handled.Word in same position is if it is different, then use wildcard Symbol substitution, identical word are just directly write down, and log template is obtained.
Drain is a kind of log analytical algorithm.This algorithm is divided into three steps when parsing log, and inputs one every time Log.The purpose of the first step is that the identical original log of length is grouped into a group;The purpose of second step is identical for that will have The identical log of the length of token is referred to a group, and the token in the method may be first word of log, it is also possible to It is the last one word of log, it is also possible to asterisk wildcard;The purpose of third step is by length is identical and token identical original day Similar log in will gathers the log template for obtaining to represent this set together.
DrainV1 is a kind of log analytical algorithm.This algorithm is divided into three steps when parsing log, and inputs every time One log.The purpose of the first step is that the identical original log of length is grouped into a group;The purpose of second step is will have phase With the length of token, identical log is referred to a group, and the token in the method may be first word of log, can also It can be asterisk wildcard;The purpose of third step be by length is identical and the identical original log of token in similar log gather one It rises, obtains the log template that can represent this set.
LogSig is a kind of log analytical algorithm.This algorithm is divided into three steps when parsing log, and most starts to want All logs input is entered.Every log stream is cut into multiple words pair by the first step, forms word to group;Second step is first All logs are randomly divided into the group of fixed number, every log is then transferred to suitable group;Third step purpose is needle To each group obtained in the previous step, suitable log template is obtained.
Each log analytical algorithm can be handled original log collection, obtain the mould that can represent log collection Plate collection Tk.To log y to be measuredi, can be according to obtained log template set Tk, using inconsistency metric function g, calculate not Consistency score.Do not have comparability between the inconsistency score that isomery model provides, it cannot be according to inconsistency score Carry out the quality of direct contrast model prediction result, therefore also needs after each isomery model obtains inconsistency score based on statistics The step of habit prediction log to be measured, present embodiment, is as follows.
1. pre-processing original log
Original log set is become log stream set by this embodiment.Using automatized script to different-format The original log of textual is handled, and is allowed to become suitable for as the input of log analytical algorithm, the day with reference format Will adfluxion is closed.The industry control log stream set obtained after pretreatment is as shown in Figure 2.
2. storage and shared log stream
This embodiment realizes the safe and effective day stored and generate to plurality of devices to log stream using block chain The merging of will stream uses.Each block of block chain is made of block head and block body.Block and Hash are one by one It is corresponding.When being encrypted using block chain, the cryptographic Hash of current block is encrypted with the content of current block head, and is worked as The content of proparea build includes the Hash of a upper block and the Hash of current block body again.This is ensured that can using block chain To realize the secure storage to log stream;When having data that block chain is written, all nodes require synchrodata, this is just It can guarantee the log that interior online every equipment can use all devices to generate, realize the conjunction of the log stream generated to plurality of devices And it uses.
3. obtaining log template set
This embodiment uses tetra- kinds of log analytical algorithm processing 2,000 of IPLoM, Drain, DrainV1 and LogSig Log stream, obtains log template set.The log stream set being stored on block chain is inputted, output is log template.Benefit Log event template is generated with the constant in log stream in unstructured content.IPLoM algorithm combination log length, word mark Position and word mark between mapping relations go generate log event template, as shown in Figure 3.Drain algorithm utilizes can be certainly The dynamic acyclic figure of orientation for generating and updating goes to generate logging time template, is used primarily in online and distributed system, such as Fig. 4 It is shown.LogSig algorithm first by every log be converted into it is multiple include two words and between them position word pair, so Operation is grouped to them afterwards, finally obtains log event template, as shown in Figure 5.
4. calculating inconsistency score
In this embodiment, the log template set obtained using upper step, according to inconsistency metric function to log Adfluxion is total to calculate inconsistency score, each log analytical algorithm obtain each log template set can obtain one it is inconsistent Property score set.For each log analytical algorithm, we can finally obtain identical with log template number inconsistent Property score set.
Then, the template obtained using IPLoM, Drain, DrainV1 and LogSig these four log analytical algorithms is right Log stream x to be measured carries out inconsistency measurement, the corresponding inconsistency score of each template.IPLoM,Drain,DrainV1, Do not have comparability between the inconsistency score that provides of LogSig these four log analytical algorithms, it cannot be according to inconsistent Property score, come direct contrast model prediction result quality.
5. calculating P-Value
In this embodiment, with one of template tkbFor, remember that its corresponding inconsistency score collection is combined into {akb_1, akb_2,...,akb_j, log stream y to be measurediThe inconsistency score of this corresponding template is denoted as akb_i.By log stream to be measured yiInconsistency score akb_iIt is put into the corresponding inconsistency score set { a of templatekb_1,akb_2,...,akb_jIn, this template Corresponding P-Value value is set { akb_1,akb_2,...,akb_jIn inconsistency score be greater than or equal to akb_iNumber with The ratio of sum.Identical calculations are carried out to all templates that same log analytical algorithm obtains, can be obtained and each log solution Analyse the corresponding P-Value value set of algorithm.The corresponding P-Value value of both log analytical algorithms of IPLoM and Drain is used herein Set citing, such as Fig. 6 and Fig. 7.
6. detecting log stream based on statistical learning
For all P-Value value sets that upper step obtains, the P-Value for being greater than maximum error probability ε is wherein being chosen Value, maximum error probability ε are provided by user, obtain the corresponding template class set of these P-Value values.Null set if it exists, then Predict the log stream y to be measurediFor abnormal log, the log stream y to be measured is otherwise predictediFor normal log.
7. overall algorithm process
(1) input: log stream set X, log Y to be measured, log analytical algorithm set G, inconsistency metric function g, can Receive maximum error probability ε:
1. original log adfluxion X: including n log stream xj, j ∈ 1,2 ..., and n }, X={ x1,...,xn};
2. log stream set Y to be measured: including w log yi, i ∈ 1,2 ..., and w }, Y={ y1,...,yw};
3. log analytical algorithm set G: including m log analytical algorithm fk, k ∈ 1,2 ..., and m }, G={ f1,..., fm};
4. inconsistency metric function g;Return value is the real number for being referred to as inconsistency score, the input of the function For log stream and log template tkb, return value is a real number, which shows the different of log stream to be measured and log stream set Cause property;
5. maximum acceptable error probability ε, is provided by user, show the acceptable maximum error probability of user.
(2) it exports:
Prediction result, i.e., log y to be measurediIt is normal or abnormal.
(3) algorithm flow:

Claims (5)

1. intranet security threatens intelligent analysis method characterized by comprising
1st, the calculating of multi-model inconsistency score, includes the following steps:
1.1st step generates log template set;
1.2nd step calculates inconsistency score;
2nd, intranet security threatens intelligent analysis method, includes the following steps:
2.1st step calculates P-Value;
2.2nd step predicts log stream to be measured based on statistical learning.
2. intranet security according to claim 1 threatens intelligent analysis method, which is characterized in that the 1.1st step includes:
1.1.1, for log stream set, it is handled using log analytical algorithm f, obtains log template set T;
The input that 1.1.2, log parse: original log adfluxion X, log analytical algorithm set G:
1. original log adfluxion X: including n log stream xj, j ∈ 1,2 ..., and n }, X={ x1,...,xn};
2. log analytical algorithm set G: including m log analytical algorithm fk, k ∈ 1,2 ..., and m }, G={ f1,...,fm};
The output that 1.1.3, log parse: including m log template set Tk, k ∈ 1,2 ..., and m }, T={ T1,..., Tm};Wherein each log template set TkInclude q log template tkb, b ∈ { 1,2 ..., q }, Tk={ tk1,...,tkb}。
3. intranet security according to claim 1 threatens intelligent analysis method, which is characterized in that the 1.2nd step includes:
The log analytical algorithm of 1.2.1, each isomery, to log stream y to be measuredi, can be according to log template tkb, utilization is different Cause property metric function g, calculates inconsistency score α;Do not have between the inconsistency score that isomery model provides comparable Property, the quality of direct contrast model prediction result cannot be carried out according to inconsistency score;
The input of 1.2.2, inconsistency measurement: log template set T, log stream set Y to be measured, inconsistency metric function G:
1. log template set T: including m log template set Tk, k ∈ 1,2 ..., and m }, T={ T1,...,Tm};It is wherein every A log template set TkInclude q log template tkb, b ∈ { 1,2 ..., q }, Tk={ tk1,...,tkb};
2. log stream set Y to be measured: including w log yi, i ∈ 1,2 ..., and w }, Y={ y1,...,yw};
3. inconsistency metric function g;Return value is the real number for being referred to as inconsistency score, and the input of the function is day Will stream and log template tkb, return value is a real number, which shows the inconsistency of log stream to be measured Yu log stream set;
The output of 1.2.3, inconsistency measurement: inconsistency score set;
1.2.4, algorithm flow:
Enable xj∈X;X={ x1,...,xn};tkb∈Tk, Tk={ tk1,...,tkb, Tk∈ T, T={ T1,...,Tm}
4. intranet security according to claim 1 threatens intelligent analysis method, which is characterized in that the 2.1st step includes:
2.1.1, to log log template tkbFor, to original log stream xjCarry out inconsistency measurement, obtain it is corresponding not Consistency score set { akb_1,akb_2,...,akb_j};
2.1.2, by log stream y to be measurediInconsistency score akb_iIt is put into the inconsistency score set of class, it is such P-Value value is greater than or equal to log stream y to be measurediInconsistency score akb_iLog stream quantity and log stream sum Ratio;
The bigger explanation log stream y to be measured of 2.1.3, P-Value valueiSignificance in such is higher;
2.1.4, input: the inconsistency score set of log stream;
2.1.5, output: log stream y to be measurediP-Value value;
2.1.6, algorithm flow:
5. intranet security according to claim 1 threatens intelligent analysis method, which is characterized in that the 2.2nd step includes:
2.2.1, all P-Value value sets obtained for upper step are wherein choosing the P- for being greater than maximum error probability ε Value value, obtains the corresponding template class set of these P-Value values, and the log stream y to be measured is then predicted in null set if it existsiFor Otherwise abnormal log predicts the log stream y to be measurediFor normal log;
2.2.2, input: log stream y to be measurediP-Value value set;Maximum acceptable error probability ε, is provided, table by user The acceptable maximum error probability of bright user;
2.2.3, output: prediction result;
2.2.4, algorithm flow:
CN201910219705.5A 2019-03-22 2019-03-22 Intelligent analysis method for intranet security threats Active CN110011990B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910219705.5A CN110011990B (en) 2019-03-22 2019-03-22 Intelligent analysis method for intranet security threats

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910219705.5A CN110011990B (en) 2019-03-22 2019-03-22 Intelligent analysis method for intranet security threats

Publications (2)

Publication Number Publication Date
CN110011990A true CN110011990A (en) 2019-07-12
CN110011990B CN110011990B (en) 2022-03-04

Family

ID=67167748

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910219705.5A Active CN110011990B (en) 2019-03-22 2019-03-22 Intelligent analysis method for intranet security threats

Country Status (1)

Country Link
CN (1) CN110011990B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110351301A (en) * 2019-07-26 2019-10-18 长沙市智为信息技术有限公司 A kind of double-deck progressive method for detecting abnormality of HTTP request
CN111565192A (en) * 2020-05-08 2020-08-21 南开大学 Credibility-based multi-model cooperative defense method for internal network security threats
CN113420777A (en) * 2021-05-14 2021-09-21 中国民航大学 Abnormal log detection method, device storage medium and equipment
US11483154B2 (en) 2020-02-19 2022-10-25 International Business Machines Corporation Artificial intelligence certification of factsheets using blockchain

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103514398A (en) * 2013-10-18 2014-01-15 中国科学院信息工程研究所 Real-time online log detection method and system
JP2014153723A (en) * 2013-02-04 2014-08-25 Nippon Telegr & Teleph Corp <Ntt> Log origination abnormality detection device and method
CN106657160A (en) * 2017-02-28 2017-05-10 南开大学 Reliability-based network malicious behavior detection method for large flow
CN106850658A (en) * 2017-02-28 2017-06-13 南开大学 The network malicious act detection method of real-time online study
CN106878314A (en) * 2017-02-28 2017-06-20 南开大学 Network malicious act detection method based on confidence level

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2014153723A (en) * 2013-02-04 2014-08-25 Nippon Telegr & Teleph Corp <Ntt> Log origination abnormality detection device and method
CN103514398A (en) * 2013-10-18 2014-01-15 中国科学院信息工程研究所 Real-time online log detection method and system
CN106657160A (en) * 2017-02-28 2017-05-10 南开大学 Reliability-based network malicious behavior detection method for large flow
CN106850658A (en) * 2017-02-28 2017-06-13 南开大学 The network malicious act detection method of real-time online study
CN106878314A (en) * 2017-02-28 2017-06-20 南开大学 Network malicious act detection method based on confidence level

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110351301A (en) * 2019-07-26 2019-10-18 长沙市智为信息技术有限公司 A kind of double-deck progressive method for detecting abnormality of HTTP request
CN110351301B (en) * 2019-07-26 2021-09-28 长沙市智为信息技术有限公司 HTTP request double-layer progressive anomaly detection method
US11483154B2 (en) 2020-02-19 2022-10-25 International Business Machines Corporation Artificial intelligence certification of factsheets using blockchain
CN111565192A (en) * 2020-05-08 2020-08-21 南开大学 Credibility-based multi-model cooperative defense method for internal network security threats
CN113420777A (en) * 2021-05-14 2021-09-21 中国民航大学 Abnormal log detection method, device storage medium and equipment

Also Published As

Publication number Publication date
CN110011990B (en) 2022-03-04

Similar Documents

Publication Publication Date Title
CN107992746B (en) Malicious behavior mining method and device
CN110011990A (en) Intranet security threatens intelligent analysis method
Li et al. Safety risk monitoring of cyber-physical power systems based on ensemble learning algorithm
Potluri et al. Evaluation of hybrid deep learning techniques for ensuring security in networked control systems
Li et al. Dct-gan: Dilated convolutional transformer-based gan for time series anomaly detection
CN109670306A (en) Electric power malicious code detecting method, server and system based on artificial intelligence
Elsayed et al. PredictDeep: security analytics as a service for anomaly detection and prediction
Olmezogullari et al. Representation of click-stream datasequences for learning user navigational behavior by using embeddings
Xie et al. Logm: Log analysis for multiple components of hadoop platform
CN107111609A (en) Lexical analyzer for neural language performance identifying system
Zhu et al. Tripartite active learning for interactive anomaly discovery
Jose et al. Anomaly Detection on System Generated Logs—A Survey Study
CN114296975A (en) Distributed system call chain and log fusion anomaly detection method
Liu et al. Multi-step attack scenarios mining based on neural network and Bayesian network attack graph
Agrawal et al. Analyzing and predicting failure in hadoop clusters using distributed hidden markov model
Tawosi et al. Investigating the effectiveness of clustering for story point estimation
Paramkusem et al. Classifying categories of SCADA attacks in a big data framework
WO2022053163A1 (en) Distributed trace anomaly detection with self-attention based deep learning
Elhebir et al. A novel ensemble approach to enhance the performance of web server logs classification
Jiang et al. Mining extremely small data sets with application to software reuse
Singh et al. User behaviour based insider threat detection in critical infrastructures
JI et al. Log Anomaly Detection Through GPT Log Anomaly Detection Through GPT-2 for Large Scale Systems
CN106326472B (en) One kind investigation information integrity verification method
Xiao et al. AllInfoLog: Robust Diverse Anomalies Detection Based on All Log Features
Li et al. Mining Fluctuation Propagation Graph Among Time Series with Active Learning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant