CN112000529A - Anomaly detection method and device - Google Patents
Anomaly detection method and device Download PDFInfo
- Publication number
- CN112000529A CN112000529A CN202010730934.6A CN202010730934A CN112000529A CN 112000529 A CN112000529 A CN 112000529A CN 202010730934 A CN202010730934 A CN 202010730934A CN 112000529 A CN112000529 A CN 112000529A
- Authority
- CN
- China
- Prior art keywords
- server
- detected
- feature
- data
- abnormal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/22—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing
- G06F11/2273—Test methods
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/22—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing
- G06F11/2289—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing by configuration test
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides an anomaly detection method and device, wherein the method comprises the following steps: acquiring characteristic data generated by each detection object set for each server to be detected on a date to be detected; acquiring historical feature data which has the same name as the detection object and the same date type as the date to be detected from the acquired historical feature data for each piece of feature data of each detection object set for each server to be detected; when the number of the acquired historical feature data is not less than the set number, processing a feature value of each feature included in the acquired historical feature data based on a boxcar graph analysis method to obtain an abnormal upper limit threshold of the feature; and if the characteristic value of the characteristic is not less than the upper limit threshold of the abnormality, determining that the characteristic of the detection object set for the server to be detected is abnormal. The embodiment of the application can reduce the workload of the inspectors.
Description
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to an anomaly detection method and apparatus.
Background
The server may have a fault due to factors such as a program design problem, abnormal traffic, a hardware problem of the machine itself, and the like during the operation process, thereby directly affecting the user-oriented service, and seriously causing a major safety accident.
In the prior art, in patent application No. 201910043364.0, a server anomaly detection method is provided, and a specific implementation flow is as follows:
acquiring capacity monitoring data of each server in a server set within a preset time period; aiming at any one server in the server set, judging whether the capacity monitoring data corresponding to any one server is in a normal range according to the capacity monitoring data corresponding to other servers in the server set to obtain a judgment result; and if the judgment result shows that the capacity monitoring data of any one server is out of the normal range, determining that any one server is an abnormal server.
It can be seen that in the above implementation flow, although an abnormal server can be detected, a specific abnormal reason is not known, and it takes a long time for the troubleshooting personnel to troubleshoot and process, which further results in a long troubleshooting time and a large workload for the troubleshooting personnel.
Disclosure of Invention
In order to overcome the problems in the related art, the application provides an anomaly detection method and device.
According to a first aspect of embodiments of the present application, there is provided an abnormality detection method, the method including:
acquiring characteristic data generated by each detection object set for each server to be detected on a date to be detected;
acquiring historical feature data which has the same name as the detection object and has the same date type as the date to be detected from the acquired historical feature data of each detection object set for each server to be detected aiming at each piece of acquired feature data of each detection object set for each server to be detected;
when the number of the acquired historical feature data is not less than the set number, processing a feature value of each feature included in the acquired historical feature data based on a boxcar graph analysis method to obtain an abnormal upper limit threshold of the feature;
and if the characteristic value of the characteristic is not less than the upper limit abnormal threshold, determining that the characteristic of the detection object set for the server to be detected is abnormal.
According to a second aspect of embodiments of the present application, there is provided an abnormality detection apparatus, the apparatus including:
the first acquisition module is used for acquiring characteristic data generated by each detection object set for each server to be detected on the date to be detected;
the second acquisition module is used for acquiring historical feature data which is the same as the name of the detection object and has the same date type as the date type of the to-be-detected date from the acquired historical feature data of each detection object which is set aiming at each server to be detected aiming at each piece of feature data of each detection object which is set aiming at each server to be detected;
the processing module is used for processing the characteristic value of each acquired historical characteristic data included in the acquired historical characteristic data based on a boxcar graph analysis method aiming at each characteristic included in the acquired historical characteristic data when the number of the acquired historical characteristic data is not less than the set number, so as to obtain the abnormal upper limit threshold of the characteristic;
and the determining module is used for determining that the characteristic of the detection object set for the server to be detected is abnormal if the characteristic value of the characteristic is not less than the abnormal upper limit threshold.
The technical scheme provided by the embodiment of the application can have the following beneficial effects:
in the embodiment of the application, some detection objects are set for the server to be detected, and each piece of feature data of each detection object is detected one by one subsequently, so that abnormal features are found in time. The detection mode can detect which server is abnormal and which characteristic of which detection object of which server is abnormal, so that the troubleshooting personnel can quickly troubleshoot and process the abnormal server, the troubleshooting time is shortened, and the workload of the troubleshooting personnel is reduced.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic flowchart of an anomaly detection method according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of an abnormality detection apparatus according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
Next, examples of the present application will be described in detail.
An embodiment of the present application provides an anomaly detection method, as shown in fig. 1, the method may include the following steps:
and S11, acquiring characteristic data generated by each detection object set for each server to be detected on the date to be detected.
And S12, acquiring historical feature data which has the same name as the detection object and the same date type as the date to be detected from the acquired historical feature data of each detection object set for each server to be detected for each piece of feature data of each detection object set for each server to be detected.
And S13, when the number of the acquired historical feature data is not less than the set number, processing the feature value of each feature included in the acquired historical feature data based on a box chart analysis method for each feature included in the feature data to obtain the abnormal upper limit threshold of the feature.
And S14, if the characteristic value of the characteristic is not less than the upper limit threshold value of the abnormality, determining that the characteristic of the detection object set for the server to be detected is abnormal.
It should be noted that the main body of the above-mentioned abnormality detection method may be a network device or the like dedicated to detecting server abnormality.
In the embodiment of the application, in order to facilitate a researcher to quickly troubleshoot and process an abnormal server, a plurality of detection objects are set for the server to be detected in advance, for example, the detection objects may be a server, a port of the server, a user accessing the server, application software of the server, and the like; by detecting the feature data of each detection object, the feature of occurrence of an abnormality is further detected.
Specifically, in step S11 described above, the feature data generated on the date to be detected for each detection object set for each server to be detected may be acquired by:
acquiring log data generated by each server on a date to be detected;
screening log data with a target Internet Protocol (IP) address as an IP address of each server to be detected from the acquired log data;
grouping the screened log data according to the IP addresses of the servers to be detected;
and respectively acquiring characteristic data of each detection object set by the server to be detected corresponding to the group of log data from each group of log data.
In the scenario to which the present application is applied, each server may collect log data by date. In the specific collection, each server may collect data by means of a probe or the like.
In the acquisition flow, each server to be detected is designated in advance, and may be all servers or a part of servers.
For any group of grouped log data, when specifically acquiring the feature data of each detection object set for the server to be detected corresponding to the group of log data, the corresponding feature data can be acquired according to the name of each detection object.
For example, when the detection object is a server, the corresponding name may be presented in the form of an IP address of the server, and the obtained corresponding feature data may include features such as the number of users, the number of sessions, uplink traffic, downlink traffic, and the like.
When the detection object is a port of the server, the corresponding name may be presented in the form of an IP address _ port identifier of the server, and the obtained corresponding feature data may include features such as the number of users, the number of sessions, port traffic, and port traffic ratio.
When the detection object is a user accessing the server, the corresponding name may be presented in the form of an IP address of the server — an IP address of the user equipment, and the obtained corresponding feature data may include features such as the number of ports of the server, the total traffic (i.e., the sum of the uplink traffic and the downlink traffic), the number of invalid sessions, and the like.
When the detection object is application software of the server, the corresponding name may be presented by the IP address _ application software name of the server, and the acquired corresponding feature data may include features such as the number of users, uplink traffic, downlink traffic, and the like.
Specifically, in the above step S12, when acquiring the history feature data of each detection object set for each server to be detected, regardless of the date on which each server generates log data, the other processing procedures are similar to the acquisition flow of acquiring the feature data generated on the date to be detected for each detection object set for each server to be detected, and will not be described in detail here.
In the embodiment of the application, in consideration of a large difference between log data generated by a server on a working day and log data generated by a server on a non-working day, in order to improve the detection accuracy, the types of the dates to be detected are distinguished and divided into the working day and the non-working day.
Therefore, in the step S12, when the corresponding historical feature data is acquired, the historical feature data having the same date type as the date type of the date to be detected is acquired, so as to improve the detection accuracy.
Specifically, in the above step S13, when the number of pieces of acquired historical feature data is not less than the set number (which may be set according to an actual empirical value), the abnormality upper limit threshold value of the feature may be obtained by: sorting the characteristic values of the characteristics in the acquired historical characteristic data according to the sequence from small to large;
processing the sorted characteristic values based on a box diagram analysis method to obtain a lower quartile Q1 and an upper quartile Q3;
calculating the abnormal upper limit threshold value X of the characteristic according to the following formula I:
the formula I is as follows: x ═ Q3+1.5 × (Q3-Q1).
For example, it is assumed that the detection object of a certain server to be detected is a feature of the number of users included in feature data of the server, a feature value of the feature is 351, and feature values of the number of users included in the acquired historical feature data of the number of users are 222, 224, 260, 224, 320, 262, 268, 210, 195, 201, 211, 284, 285, 211, respectively.
First, these feature values are sorted 195, 201, 210, 211, 211, 222, 224, 224, 260, 262, 268, 284, 285, 320; then, processing the sorted characteristic values based on a box chart analysis method to obtain a lower quartile (Q1-211) and an upper quartile (Q3-266.5); finally, an upper threshold for the anomaly (349.75) is calculated according to the formula one.
Because the characteristic value of the number of users included in the characteristic data of which the detection object of the server to be detected is the server is greater than the upper limit threshold of the abnormality, the characteristic that the detection object of the server to be detected is the number of the users of the server is determined to be abnormal.
In the embodiment of the present application, since it is considered that the behavior of the detection object set in the server cannot be expressed when the number of the acquired historical feature data is smaller than the set number, the detection object is not detected and the next detection object is continuously detected when the number of the acquired historical feature data is smaller than the set number.
Further, in this embodiment of the application, after determining that the feature of the detection object set for the server to be detected is abnormal, the feature name and the feature value of the feature may be added to an abnormal feature list; and after detecting the feature data of all the detection objects set for all the servers to be detected, outputting a current abnormal feature list.
Of course, the current abnormal feature list may also be output after the feature data of all the detection objects set by one server to be detected is detected, and the output time is not specifically limited in the present application.
Further, in this embodiment of the present application, in order to facilitate analysis by the investigators, before outputting the current abnormal feature list, feature names and feature values in each set of data in the current abnormal feature list may be respectively converted into an abnormal cause character string of a corresponding detection object, and displayed to the investigators in a more spoken manner.
For example, a piece of data in the current abnormal feature list is shown as follows: 10.165.104.150 — 10.113.26.15 total flow was 2238462904 with 99.98172% probability of being abnormal. When the inspector sees this data, the inspector can know that an abnormality occurs in the total traffic of the user (the IP address of the corresponding user device is 10.113.26.15) who accesses the server having the IP address of 10.165.104.150.
According to the technical scheme, in the embodiment of the application, the detection objects are arranged for the server to be detected, and each piece of characteristic data of each detection object is detected one by one subsequently, so that abnormal characteristics are found in time. The detection mode can detect which server is abnormal and which characteristic of which detection object of which server is abnormal, so that the troubleshooting personnel can quickly troubleshoot and process the abnormal server, the troubleshooting time is shortened, and the workload of the troubleshooting personnel is reduced.
Based on the same inventive concept, the present application further provides an anomaly detection device, a schematic structural diagram of which is shown in fig. 2, and the anomaly detection device specifically includes:
the first obtaining module 21 is configured to obtain feature data generated on a to-be-detected date of each detected object set for each to-be-detected server;
a second obtaining module 22, configured to obtain, for each piece of obtained feature data of each detection object set for each server to be detected, historical feature data that is the same as the name of the detection object and has the same date type as the date type of the date to be detected, from the obtained historical feature data of each detection object set for each server to be detected;
the processing module 23 is configured to, when the number of the acquired historical feature data is not less than the set number, process, based on a boxcar graph analysis method, a feature value of each feature included in the acquired historical feature data to obtain an abnormal upper limit threshold of the feature, for each feature included in the feature data;
the determining module 24 is configured to determine that the feature of the detection object set for the server to be detected is abnormal if the feature value of the feature is not smaller than the upper limit abnormal threshold.
Preferably, the first obtaining module 21 is specifically configured to:
acquiring log data generated by each server on the date to be detected;
screening log data with destination IP addresses as IP addresses of all servers to be detected from the acquired log data;
grouping the screened log data according to each IP address of each server to be detected;
and respectively acquiring characteristic data of each detection object set by the server to be detected corresponding to the group of log data from each group of log data.
Preferably, the apparatus further comprises:
an output module (not shown in fig. 2) configured to, after the determining module determines that the feature of the detection object set for the server to be detected is abnormal, add the feature name and the feature value of the feature to an abnormal feature list; and
and after detecting the feature data of all the detection objects set for all the servers to be detected, outputting a current abnormal feature list.
Preferably, the apparatus further comprises:
a conversion module (not shown in fig. 2) configured to convert the feature names and the feature values in each set of data in the current abnormal feature list into corresponding abnormal cause character strings of the detection object before the output module outputs the current abnormal feature list.
Preferably, each detection object set for each server to be detected is a server, a port of the server, a user accessing the server, and application software of the server.
According to the technical scheme, in the embodiment of the application, the detection objects are arranged for the server to be detected, and each piece of characteristic data of each detection object is detected one by one subsequently, so that abnormal characteristics are found in time. The detection mode can detect which server is abnormal and which characteristic of which detection object of which server is abnormal, so that the troubleshooting personnel can quickly troubleshoot and process the abnormal server, the troubleshooting time is shortened, and the workload of the troubleshooting personnel is reduced.
An electronic device is further provided in the embodiments of the present application, as shown in fig. 3, including a processor 31 and a machine-readable storage medium 32, where the machine-readable storage medium 32 stores machine-executable instructions that can be executed by the processor 31, and the processor 31 is caused by the machine-executable instructions to: and implementing the steps of the anomaly detection method.
The machine-readable storage medium may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Alternatively, the machine-readable storage medium may be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
In yet another embodiment provided by the present application, a computer-readable storage medium is further provided, in which a computer program is stored, and the computer program, when executed by a processor, implements the steps of the above-mentioned anomaly detection method.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.
Claims (10)
1. An anomaly detection method, characterized in that it comprises:
acquiring characteristic data generated by each detection object set for each server to be detected on a date to be detected;
acquiring historical feature data which has the same name as the detection object and has the same date type as the date to be detected from the acquired historical feature data of each detection object set for each server to be detected aiming at each piece of acquired feature data of each detection object set for each server to be detected;
when the number of the acquired historical feature data is not less than the set number, processing a feature value of each feature included in the acquired historical feature data based on a boxcar graph analysis method to obtain an abnormal upper limit threshold of the feature;
and if the characteristic value of the characteristic is not less than the upper limit abnormal threshold, determining that the characteristic of the detection object set for the server to be detected is abnormal.
2. The method according to claim 1, characterized in that the characteristic data generated on the date to be detected for each detected object set for each server to be detected is acquired by:
acquiring log data generated by each server on the date to be detected;
screening log data with destination IP addresses as IP addresses of all servers to be detected from the acquired log data;
grouping the screened log data according to each IP address of each server to be detected;
and respectively acquiring characteristic data of each detection object set by the server to be detected corresponding to the group of log data from each group of log data.
3. The method of claim 1, further comprising:
after determining that the feature of the detection object set for the server to be detected is abnormal, adding a feature name and a feature value of the feature into an abnormal feature list;
and after detecting the feature data of all the detection objects set for all the servers to be detected, outputting a current abnormal feature list.
4. The method of claim 1, further comprising:
before outputting the current abnormal feature list, respectively converting feature names and feature values in each group of data in the current abnormal feature list into corresponding abnormal reason character strings of the detection object.
5. The method according to claim 1, wherein the detection objects set for each server to be detected are the server, a port of the server, a user accessing the server, and application software of the server.
6. An abnormality detection apparatus, characterized in that the apparatus comprises:
the first acquisition module is used for acquiring characteristic data generated by each detection object set for each server to be detected on the date to be detected;
the second acquisition module is used for acquiring historical feature data which is the same as the name of the detection object and has the same date type as the date type of the to-be-detected date from the acquired historical feature data of each detection object which is set aiming at each server to be detected aiming at each piece of feature data of each detection object which is set aiming at each server to be detected;
the processing module is used for processing the characteristic value of each acquired historical characteristic data included in the acquired historical characteristic data based on a boxcar graph analysis method aiming at each characteristic included in the acquired historical characteristic data when the number of the acquired historical characteristic data is not less than the set number, so as to obtain the abnormal upper limit threshold of the characteristic;
and the determining module is used for determining that the characteristic of the detection object set for the server to be detected is abnormal if the characteristic value of the characteristic is not less than the abnormal upper limit threshold.
7. The apparatus of claim 6, wherein the first obtaining module is specifically configured to:
acquiring log data generated by each server on the date to be detected;
screening log data with destination IP addresses as IP addresses of all servers to be detected from the acquired log data;
grouping the screened log data according to each IP address of each server to be detected;
and respectively acquiring characteristic data of each detection object set by the server to be detected corresponding to the group of log data from each group of log data.
8. The apparatus of claim 6, further comprising:
the output module is used for adding the feature name and the feature value of the feature into an abnormal feature list after the determining module determines that the feature of the detection object set for the server to be detected is abnormal; and
and after detecting the feature data of all the detection objects set for all the servers to be detected, outputting a current abnormal feature list.
9. The apparatus of claim 6, further comprising:
and the conversion module is used for respectively converting the feature names and the feature values in each group of data in the current abnormal feature list into the corresponding abnormal reason character strings of the detection object before the output module outputs the current abnormal feature list.
10. The device according to claim 6, wherein the detection objects set for each server to be detected are the server, the port of the server, the user accessing the server, and the application software of the server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010730934.6A CN112000529A (en) | 2020-07-27 | 2020-07-27 | Anomaly detection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010730934.6A CN112000529A (en) | 2020-07-27 | 2020-07-27 | Anomaly detection method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112000529A true CN112000529A (en) | 2020-11-27 |
Family
ID=73466552
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010730934.6A Pending CN112000529A (en) | 2020-07-27 | 2020-07-27 | Anomaly detection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112000529A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109936475A (en) * | 2019-02-25 | 2019-06-25 | 北京奇艺世纪科技有限公司 | A kind of method for detecting abnormality and device |
| CN110032480A (en) * | 2019-01-17 | 2019-07-19 | 阿里巴巴集团控股有限公司 | A kind of server exception detection method, device and equipment |
| CN110134558A (en) * | 2019-05-17 | 2019-08-16 | 网易(杭州)网络有限公司 | A kind of detection method and device of server |
| US20190304849A1 (en) * | 2018-03-27 | 2019-10-03 | Streammosaic, Inc. | Selective inclusion/exclusion of semiconductor chips in accelerated failure tests |
-
2020
- 2020-07-27 CN CN202010730934.6A patent/CN112000529A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190304849A1 (en) * | 2018-03-27 | 2019-10-03 | Streammosaic, Inc. | Selective inclusion/exclusion of semiconductor chips in accelerated failure tests |
| CN110032480A (en) * | 2019-01-17 | 2019-07-19 | 阿里巴巴集团控股有限公司 | A kind of server exception detection method, device and equipment |
| CN109936475A (en) * | 2019-02-25 | 2019-06-25 | 北京奇艺世纪科技有限公司 | A kind of method for detecting abnormality and device |
| CN110134558A (en) * | 2019-05-17 | 2019-08-16 | 网易(杭州)网络有限公司 | A kind of detection method and device of server |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110191094B (en) | Abnormal data monitoring method and device, storage medium and terminal | |
| EP3557819A1 (en) | Server failure detection method and system | |
| CN110362473B (en) | Test environment optimization method and device, storage medium and terminal | |
| CN114996090A (en) | Server abnormity detection method and device, electronic equipment and storage medium | |
| CN110929896A (en) | Security analysis method and device for system equipment | |
| CN108933693A (en) | A kind of Domain Name Service System fault handling method and system | |
| CN116614287A (en) | Network security event evaluation processing method, device, equipment and medium | |
| CN113419890A (en) | Abnormal type detection method, device, server and medium | |
| CN116414717A (en) | Automatic testing method, device, equipment, medium and product based on flow playback | |
| CN111881185A (en) | Data monitoring method, device, equipment and storage medium | |
| WO2015182629A1 (en) | Monitoring system, monitoring device, and monitoring program | |
| CN113392000B (en) | Test case execution result analysis method, device, equipment and storage medium | |
| CN112491622B (en) | Method and system for locating fault root cause of service system | |
| CN112000529A (en) | Anomaly detection method and device | |
| CN111585833B (en) | Method and device for detecting public network quality of CDN node and computer equipment | |
| CN110609761B (en) | Method and device for determining fault source, storage medium and electronic equipment | |
| CN111314110B (en) | Fault early warning method for distributed system | |
| CN110990223A (en) | Monitoring alarm method and device based on system log | |
| CN114884849B (en) | CAN bus abnormality detection method and system based on Adaboost | |
| CN105721233B (en) | Website survival detection method, device and system | |
| CN113791897B (en) | Method and system for displaying server baseline detection report of rural telecommunication system | |
| CN112787883B (en) | Method, device and equipment for detecting NAT (network Address translation) fault of equipment | |
| CN106708638B (en) | System error detection method and device | |
| CN114416467A (en) | Anomaly detection method and device | |
| CN109995547B (en) | Fault diagnosis method and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |