CN114169415A - System fault mode identification method and system - Google Patents
System fault mode identification method and system Download PDFInfo
- Publication number
- CN114169415A CN114169415A CN202111431560.9A CN202111431560A CN114169415A CN 114169415 A CN114169415 A CN 114169415A CN 202111431560 A CN202111431560 A CN 202111431560A CN 114169415 A CN114169415 A CN 114169415A
- Authority
- CN
- China
- Prior art keywords
- user behavior
- data stream
- fault
- fault information
- mode
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 239000013598 vector Substances 0.000 claims abstract description 24
- 238000001228 spectrum Methods 0.000 claims abstract description 15
- 238000001914 filtration Methods 0.000 claims abstract description 9
- 238000013507 mapping Methods 0.000 claims abstract description 6
- 230000006399 behavior Effects 0.000 claims description 56
- 238000013527 convolutional neural network Methods 0.000 claims description 6
- 238000012544 monitoring process Methods 0.000 claims description 3
- 238000003062 neural network model Methods 0.000 claims description 3
- 230000003287 optical effect Effects 0.000 description 2
- 238000007405 data analysis Methods 0.000 description 1
- 238000003909 pattern recognition Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
Landscapes
- Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Theoretical Computer Science (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Artificial Intelligence (AREA)
- Evolutionary Biology (AREA)
- Evolutionary Computation (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method and a system for identifying system failure modes, which are characterized in that a data stream signal is subjected to spectrum filtering and convolution operation to obtain a data stream without noise interference, the data stream is matched with a failure sample mode set to separate a characteristic vector which is identified as matching, a second data stream is recombined and recovered, a user behavior model is shunted and input, user behavior fields respectively contained in the user behavior model are detected, the mapping relation between the user behavior fields and the current speed is analyzed, the user behavior mode under the current network environment is comprehensively obtained, whether the user behavior mode is aggressive or not is judged, and whether the system fails or not is finally judged.
Description
Technical Field
The present application relates to the field of network multimedia, and in particular, to a method and a system for identifying a system failure mode.
Background
The data analysis method of pattern recognition is widely applied to various scenes, including the recognition of system faults, and can help technicians in the field to recognize newly-appeared faults by utilizing the existing fault patterns.
However, the existing failure mode identification method still cannot meet the system failure caused by network data flow attack because of the flexibility and the numerous interferences of the data flow itself.
Therefore, a method and system for targeted system failure mode identification is urgently needed.
Disclosure of Invention
The invention aims to provide a system fault mode identification method and a system, which are characterized in that a data stream signal is subjected to frequency spectrum filtering and convolution operation to obtain a data stream without noise interference, the data stream is matched with a fault sample mode set to separate a characteristic vector which is identified as matching, a second data stream is recombined and recovered, a user behavior model is shunted and input, user behavior fields respectively contained in the user behavior model are detected, the mapping relation between the user behavior fields and the current speed is analyzed, the user behavior mode under the current network environment is comprehensively obtained, whether the user behavior mode is aggressive or not is judged, and whether the system has faults or not is finally judged.
In a first aspect, the present application provides a system failure mode identification method, including:
the method comprises the steps that a server collects signals of network data streams, fast Fourier transform is carried out to obtain frequency domain characteristics of the signals, a filtering frequency spectrum window is preset according to the current network environment, the frequency domain characteristics of the signals pass through the filtering frequency spectrum window to obtain filtered frequency spectrums, and the filtered frequency spectrums are input into a convolutional neural network;
extracting a signal output by the convolutional neural network, recombining the signal into a first data stream, extracting a feature vector of the first data stream, and sending the feature vector into a fault sample pattern set for matching, wherein the matching is to perform conjugate operation on each feature vector and a vector value in the fault sample pattern set, judge whether the feature vector is higher than a threshold value according to an obtained operation result, if so, determine matching, otherwise, determine mismatching;
separating the feature vectors which are identified as matching, recombining the feature vectors, inserting redundant signals, recovering a second data stream, monitoring the rate of the second data stream, and shunting according to the high and low rate gears to obtain three data stream sets corresponding to high rate, medium rate and low rate;
respectively and sequentially inputting the three data stream sets into a user behavior model, detecting user behavior fields contained in the three data stream sets, analyzing access objects of the user behavior fields, counting the occurrence frequency of the user behavior fields, and judging whether the user behavior with attack tendency is contained to obtain a first result;
analyzing the mapping relation between the type of the user behavior field and the rate of the new data stream, and judging whether the user behavior corresponding to the user behavior field is reasonable under the current rate to obtain a second result;
and combining the first result and the second result to obtain a user behavior mode under the current network environment, if the user behavior mode is an attack type, judging that the system has a fault, recording the fault information as a new fault mode, and if the user behavior mode is a normal type, judging that the system has no fault.
With reference to the first aspect, in a first possible implementation manner of the first aspect, the deriving the user behavior pattern in the current network environment may further include further analyzing a strength degree of the user behavior pattern, and determining an urgency degree of the user behavior according to the strength degree.
With reference to the first aspect, in a second possible implementation manner of the first aspect, the recording the fault information includes comparing the fault information with historical fault information stored in a server, and if the fault information is the same as the historical fault information, overwriting the fault information, and if the fault information is different from the historical fault information, recording that the fault information is a new fault mode.
With reference to the first aspect, in a third possible implementation manner of the first aspect, the user behavior model uses a neural network model.
In a second aspect, the present application provides a system failure mode identification system, the system comprising a processor and a memory:
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to perform the method of any one of the four possibilities of the first aspect according to instructions in the program code.
In a third aspect, the present application provides a computer readable storage medium for storing program code for performing the method of any one of the four possibilities of the first aspect.
The invention provides a system fault mode identification method and a system, which are characterized in that a data stream signal is subjected to spectrum filtering and convolution operation to obtain a data stream without noise interference, the data stream is matched with a fault sample mode set to separate a characteristic vector which is identified as matching, a second data stream is recombined and recovered, a user behavior model is shunted and input, user behavior fields respectively contained in the data stream are detected, the mapping relation between the user behavior fields and the current speed is analyzed, the user behavior mode under the current network environment is comprehensively obtained, whether the user behavior mode is aggressive or not is judged, and whether the system has faults or not is finally judged.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow chart of the method of the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in detail below with reference to the accompanying drawings so that the advantages and features of the present invention can be more easily understood by those skilled in the art, and the scope of the present invention will be more clearly and clearly defined.
Fig. 1 is a flowchart of a system failure mode identification method provided in the present application, including:
the method comprises the steps that a server collects signals of network data streams, fast Fourier transform is carried out to obtain frequency domain characteristics of the signals, a filtering frequency spectrum window is preset according to the current network environment, the frequency domain characteristics of the signals pass through the filtering frequency spectrum window to obtain filtered frequency spectrums, and the filtered frequency spectrums are input into a convolutional neural network;
extracting a signal output by the convolutional neural network, recombining the signal into a first data stream, extracting a feature vector of the first data stream, and sending the feature vector into a fault sample pattern set for matching, wherein the matching is to perform conjugate operation on each feature vector and a vector value in the fault sample pattern set, judge whether the feature vector is higher than a threshold value according to an obtained operation result, if so, determine matching, otherwise, determine mismatching;
separating the feature vectors which are identified as matching, recombining the feature vectors, inserting redundant signals, recovering a second data stream, monitoring the rate of the second data stream, and shunting according to the high and low rate gears to obtain three data stream sets corresponding to high rate, medium rate and low rate;
respectively and sequentially inputting the three data stream sets into a user behavior model, detecting user behavior fields contained in the three data stream sets, analyzing access objects of the user behavior fields, counting the occurrence frequency of the user behavior fields, and judging whether the user behavior with attack tendency is contained to obtain a first result;
analyzing the mapping relation between the type of the user behavior field and the rate of the new data stream, and judging whether the user behavior corresponding to the user behavior field is reasonable under the current rate to obtain a second result;
and combining the first result and the second result to obtain a user behavior mode under the current network environment, if the user behavior mode is an attack type, judging that the system has a fault, recording the fault information as a new fault mode, and if the user behavior mode is a normal type, judging that the system has no fault.
In some preferred embodiments, the deriving the user behavior pattern in the current network environment may further include further analyzing a strength of the user behavior pattern, and determining an urgency of the user behavior according to the strength.
In some preferred embodiments, the recording the fault information includes comparing with historical fault information stored in the server, if the historical fault information is the same, the comparison is covered, and if the historical fault information is different, the recording of the fault information is a new fault mode.
In some preferred embodiments, the user behavior model uses a neural network model.
The present application provides a system failure mode identification system, the system comprising: the system includes a processor and a memory:
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to perform the method according to any of the embodiments of the first aspect according to instructions in the program code.
The present application provides a computer readable storage medium for storing program code for performing the method of any of the embodiments of the first aspect.
In specific implementation, the present invention further provides a computer storage medium, where the computer storage medium may store a program, and the program may include some or all of the steps in the embodiments of the present invention when executed. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM) or a Random Access Memory (RAM).
Those skilled in the art will readily appreciate that the techniques of the embodiments of the present invention may be implemented as software plus a required general purpose hardware platform. Based on such understanding, the technical solutions in the embodiments of the present invention may be embodied in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments.
The same and similar parts in the various embodiments of the present specification may be referred to each other. In particular, for the embodiments, since they are substantially similar to the method embodiments, the description is simple, and the relevant points can be referred to the description in the method embodiments.
The above-described embodiments of the present invention should not be construed as limiting the scope of the present invention.
Claims (6)
1. A method for identifying a system failure mode, the method comprising:
the method comprises the steps that a server collects signals of network data streams, fast Fourier transform is carried out to obtain frequency domain characteristics of the signals, a filtering frequency spectrum window is preset according to the current network environment, the frequency domain characteristics of the signals pass through the filtering frequency spectrum window to obtain filtered frequency spectrums, and the filtered frequency spectrums are input into a convolutional neural network;
extracting a signal output by the convolutional neural network, recombining the signal into a first data stream, extracting a feature vector of the first data stream, and sending the feature vector into a fault sample pattern set for matching, wherein the matching is to perform conjugate operation on each feature vector and a vector value in the fault sample pattern set, judge whether the feature vector is higher than a threshold value according to an obtained operation result, if so, determine matching, otherwise, determine mismatching;
separating the feature vectors which are identified as matching, recombining the feature vectors, inserting redundant signals, recovering a second data stream, monitoring the rate of the second data stream, and shunting according to the high and low rate gears to obtain three data stream sets corresponding to high rate, medium rate and low rate;
respectively and sequentially inputting the three data stream sets into a user behavior model, detecting user behavior fields contained in the three data stream sets, analyzing access objects of the user behavior fields, counting the occurrence frequency of the user behavior fields, and judging whether the user behavior with attack tendency is contained to obtain a first result;
analyzing the mapping relation between the type of the user behavior field and the rate of the new data stream, and judging whether the user behavior corresponding to the user behavior field is reasonable under the current rate to obtain a second result;
and combining the first result and the second result to obtain a user behavior mode under the current network environment, if the user behavior mode is an attack type, judging that the system has a fault, recording the fault information as a new fault mode, and if the user behavior mode is a normal type, judging that the system has no fault.
2. The method of claim 1, wherein: the obtaining of the user behavior pattern in the current network environment may further include further analyzing a strength degree of the user behavior pattern, and determining an urgency degree of the user behavior according to the strength degree.
3. The method according to any one of claims 1-2, wherein: and the step of recording the fault information comprises the step of comparing the fault information with historical fault information stored by a server, if the fault information is the same as the historical fault information, covering the fault information, and if the fault information is different from the historical fault information, recording the fault information as a new fault mode.
4. A method according to any one of claims 1-3, characterized in that: the user behavior model uses a neural network model.
5. A system failure mode identification system, the system comprising a processor and a memory:
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to perform the method according to instructions in the program code to implement any of claims 1-4.
6. A computer-readable storage medium, characterized in that the computer-readable storage medium is configured to store a program code for performing implementing the method of any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111431560.9A CN114169415B (en) | 2021-11-29 | 2021-11-29 | System fault mode identification method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111431560.9A CN114169415B (en) | 2021-11-29 | 2021-11-29 | System fault mode identification method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114169415A true CN114169415A (en) | 2022-03-11 |
| CN114169415B CN114169415B (en) | 2024-06-18 |
Family
ID=80481412
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111431560.9A Active CN114169415B (en) | 2021-11-29 | 2021-11-29 | System fault mode identification method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114169415B (en) |
Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5210704A (en) * | 1990-10-02 | 1993-05-11 | Technology International Incorporated | System for prognosis and diagnostics of failure and wearout monitoring and for prediction of life expectancy of helicopter gearboxes and other rotating equipment |
| JP2001282570A (en) * | 1999-12-30 | 2001-10-12 | Sony Corp | Diagnostic system, diagnostic device and diagnostic method |
| CN101562534A (en) * | 2009-05-26 | 2009-10-21 | 中山大学 | Network behavior analytic system |
| US20110214157A1 (en) * | 2000-09-25 | 2011-09-01 | Yevgeny Korsunsky | Securing a network with data flow processing |
| WO2017035717A1 (en) * | 2015-08-29 | 2017-03-09 | 华为技术有限公司 | Distributed denial of service attack detection method and associated device |
| CN108259462A (en) * | 2017-11-29 | 2018-07-06 | 国网吉林省电力有限公司信息通信公司 | Big data Safety Analysis System based on mass network monitoring data |
| US20180276911A1 (en) * | 2016-12-31 | 2018-09-27 | Intel Corporation | Crowdsourced failure mode prediction |
| US20190058715A1 (en) * | 2017-08-21 | 2019-02-21 | General Electric Company | Multi-class decision system for categorizing industrial asset attack and fault types |
| US20190065787A1 (en) * | 2017-08-24 | 2019-02-28 | Infineon Technologies Ag | Security device with extended reliability |
| US20190116091A1 (en) * | 2017-10-16 | 2019-04-18 | International Business Machines Corporation | Latency management by edge analytics in industrial production environments |
| US20190220583A1 (en) * | 2016-10-03 | 2019-07-18 | Bioconnect Inc. | Biometric identification platform |
| US20200112573A1 (en) * | 2018-10-03 | 2020-04-09 | United Technologies Corporation | Cyber monitor segmented processing for control systems |
| CN111427767A (en) * | 2020-02-26 | 2020-07-17 | 平安科技(深圳)有限公司 | Attack testing method and device for application system, computer equipment and storage medium |
| US20210167851A1 (en) * | 2018-08-16 | 2021-06-03 | Huawei Technologies Co.,Ltd. | Optical link fault identification method, apparatus and system |
| US11080157B1 (en) * | 2019-03-22 | 2021-08-03 | Amazon Technologies, Inc. | Automated resiliency analysis in distributed systems |
| CN113225316A (en) * | 2021-04-09 | 2021-08-06 | 国网电力科学研究院有限公司 | Network security defense method and system for security and stability control system |
-
2021
- 2021-11-29 CN CN202111431560.9A patent/CN114169415B/en active Active
Patent Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5210704A (en) * | 1990-10-02 | 1993-05-11 | Technology International Incorporated | System for prognosis and diagnostics of failure and wearout monitoring and for prediction of life expectancy of helicopter gearboxes and other rotating equipment |
| JP2001282570A (en) * | 1999-12-30 | 2001-10-12 | Sony Corp | Diagnostic system, diagnostic device and diagnostic method |
| US20110214157A1 (en) * | 2000-09-25 | 2011-09-01 | Yevgeny Korsunsky | Securing a network with data flow processing |
| CN101562534A (en) * | 2009-05-26 | 2009-10-21 | 中山大学 | Network behavior analytic system |
| WO2017035717A1 (en) * | 2015-08-29 | 2017-03-09 | 华为技术有限公司 | Distributed denial of service attack detection method and associated device |
| CN108028828A (en) * | 2015-08-29 | 2018-05-11 | 华为技术有限公司 | A kind of distributed denial of service ddos attack detection method and relevant device |
| US20190220583A1 (en) * | 2016-10-03 | 2019-07-18 | Bioconnect Inc. | Biometric identification platform |
| US20180276911A1 (en) * | 2016-12-31 | 2018-09-27 | Intel Corporation | Crowdsourced failure mode prediction |
| US20190058715A1 (en) * | 2017-08-21 | 2019-02-21 | General Electric Company | Multi-class decision system for categorizing industrial asset attack and fault types |
| US20190065787A1 (en) * | 2017-08-24 | 2019-02-28 | Infineon Technologies Ag | Security device with extended reliability |
| US20190116091A1 (en) * | 2017-10-16 | 2019-04-18 | International Business Machines Corporation | Latency management by edge analytics in industrial production environments |
| CN108259462A (en) * | 2017-11-29 | 2018-07-06 | 国网吉林省电力有限公司信息通信公司 | Big data Safety Analysis System based on mass network monitoring data |
| US20210167851A1 (en) * | 2018-08-16 | 2021-06-03 | Huawei Technologies Co.,Ltd. | Optical link fault identification method, apparatus and system |
| US20200112573A1 (en) * | 2018-10-03 | 2020-04-09 | United Technologies Corporation | Cyber monitor segmented processing for control systems |
| US11080157B1 (en) * | 2019-03-22 | 2021-08-03 | Amazon Technologies, Inc. | Automated resiliency analysis in distributed systems |
| CN111427767A (en) * | 2020-02-26 | 2020-07-17 | 平安科技(深圳)有限公司 | Attack testing method and device for application system, computer equipment and storage medium |
| CN113225316A (en) * | 2021-04-09 | 2021-08-06 | 国网电力科学研究院有限公司 | Network security defense method and system for security and stability control system |
Non-Patent Citations (2)
| Title |
|---|
| GAO, PENG, ET AL: "{SAQL}: A stream-based query system for {Real-Time} abnormal system behavior detection", 27TH USENIX SECURITY SYMPOSIUM (USENIX SECURITY 18), 17 August 2018 (2018-08-17), pages 639 - 656, XP055757346 * |
| 张珣: "基于流量检测的用户异常行为识别机制", 北京邮电大学, 15 August 2019 (2019-08-15), pages 1 - 70 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114169415B (en) | 2024-06-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110839016B (en) | Abnormal flow monitoring method, device, equipment and storage medium | |
| US6957172B2 (en) | Complex signal decomposition and modeling | |
| CN107301119B (en) | Method and device for analyzing IT fault root cause by utilizing time sequence correlation | |
| KR101969504B1 (en) | Sound event detection method using deep neural network and device using the method | |
| CN108268777B (en) | Similarity detection method for carrying out unknown vulnerability discovery by using patch information | |
| CA2931624A1 (en) | Systems and methods for event detection and diagnosis | |
| CN107305774A (en) | Speech detection method and device | |
| JP6811791B2 (en) | Methods and equipment for monitoring telecommunications networks | |
| US20100030418A1 (en) | Online health monitoring via multidimensional temporal data mining | |
| CN112763848A (en) | Method and device for determining power system fault | |
| CN113610156A (en) | Artificial intelligence model machine learning method and server for big data analysis | |
| CN110162973A (en) | A kind of Webshell file test method and device | |
| CN114169415B (en) | System fault mode identification method and system | |
| CN112033656A (en) | Mechanical system fault detection method based on broadband spectrum processing | |
| CN114168788A (en) | Audio audit processing method, device, equipment and storage medium | |
| CN115514620B (en) | Anomaly detection method and cloud network platform | |
| WO2023053024A1 (en) | Method for identifying and characterizing, by using artificial intelligence, noises generated by a vehicle braking system | |
| CN112116917B (en) | Phase jump degree-based method for separating acoustic signals of reactor body and fan | |
| US20170303014A1 (en) | System for providing functionality based on sensor data | |
| KR102386782B1 (en) | Arc Signal Detection Method Using Logistic Regression | |
| CN114172705A (en) | Network big data analysis method and system based on pattern recognition | |
| CN114221794B (en) | User behavior analysis method, system and medium based on improved pattern recognition algorithm | |
| CN112104340A (en) | HMM model and Kalman filtering technology-based switching value input module BIT false alarm reduction method | |
| CN114327978A (en) | System fault mode identification method and system based on moment variable | |
| KR102418118B1 (en) | Apparatus and method of deep learning-based facility diagnosis using frequency synthesis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 607a, 6 / F, No. 31, Fuchengmenwai street, Xicheng District, Beijing 100037 Applicant after: Beijing Guorui Digital Intelligence Technology Co.,Ltd. Address before: 607a, 6 / F, No. 31, Fuchengmenwai street, Xicheng District, Beijing 100037 Applicant before: Beijing Zhimei Internet Technology Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant |