CN116028450A - Log detection method, device and equipment - Google Patents
Log detection method, device and equipment Download PDFInfo
- Publication number
- CN116028450A CN116028450A CN202111231811.9A CN202111231811A CN116028450A CN 116028450 A CN116028450 A CN 116028450A CN 202111231811 A CN202111231811 A CN 202111231811A CN 116028450 A CN116028450 A CN 116028450A
- Authority
- CN
- China
- Prior art keywords
- log
- prediction probability
- reverse
- obtaining
- index information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a log detection method, a device and equipment, wherein the log detection method comprises the following steps: acquiring index information of a reference log corresponding to a current log to be tested; inputting the index information into a forward model to obtain forward prediction probability; inputting the index information into a reverse model to obtain reverse prediction probability; obtaining a final prediction probability according to the forward prediction probability and the reverse prediction probability; obtaining a detection result of whether the current log to be detected is abnormal or not according to the final prediction probability; the forward model is trained by using first sample data, and the reverse model is trained by using second sample data, wherein the second sample data is reverse order data of the first sample data. The problem of the log detection scheme low accuracy among the prior art has been fine solved to this scheme.
Description
Technical Field
The present invention relates to the field of detection technologies, and in particular, to a log detection method, device and equipment.
Background
Software systems are becoming larger in scale, reliability of which is important, and abnormal behavior of these software may greatly affect the user experience and cause significant economic loss. Therefore, it is becoming increasingly important to detect anomalies that occur during operation of the system in time. The log is an important information resource for on-line monitoring and anomaly detection. Programs are typically executed in a fixed workflow, journaling sequences of execution operations, and an exception is considered to occur when the journaling sequences deviate from the normal mode of execution of the workflow.
At present, the method for detecting log abnormality mainly comprises the following aspects:
the first is a keyword matching or rule based method.
The second is a machine learning based approach.
The third method is to fully utilize the semantic information of the log event to monitor the abnormality.
However, the existing log anomaly detection method has the following disadvantages:
1. rule-based methods are generally used in specific fields, and require expert knowledge of the specific fields, which is difficult to obtain, so that the rule-based methods are difficult to play in practical applications;
2. the supervised method in machine learning requires labels, millions of logs are generated in the cloud or other systems every day, and the labeling data consumes human resources, so that the supervised method is difficult to acquire a large amount of effective training data;
3. the correlation exists among different log templates, and the prior art does not consider the correlation, so that the accuracy of the model is affected.
From the above, the log detection scheme in the prior art has the problems of inconvenient use, low accuracy and the like.
Disclosure of Invention
The invention aims to provide a log detection method, device and equipment, which are used for solving the problem of low accuracy of a log detection scheme in the prior art.
In order to solve the above technical problems, an embodiment of the present invention provides a log detection method, including:
acquiring index information of a reference log corresponding to a current log to be tested;
inputting the index information into a forward model to obtain forward prediction probability; inputting the index information into a reverse model to obtain reverse prediction probability;
obtaining a final prediction probability according to the forward prediction probability and the reverse prediction probability;
obtaining a detection result of whether the current log to be detected is abnormal or not according to the final prediction probability;
the forward model is trained by using first sample data, and the reverse model is trained by using second sample data, wherein the second sample data is reverse order data of the first sample data.
Optionally, the inputting the index information into a forward model to obtain a forward prediction probability includes:
obtaining a first prediction probability according to the index information by using a forward model; obtaining forward prediction probability according to the first weight coefficient, the first prediction probability and the corresponding first transition probability; the first transition probability is the transition probability between the log template corresponding to the first log and other log templates; the first log is a previous log adjacent to the log to be detected in the first sample data;
And/or, inputting the index information into a reverse model to obtain a reverse prediction probability, including:
obtaining a second prediction probability according to the index information by using a reverse model; obtaining reverse prediction probability according to a second weight coefficient, the second prediction probability and the corresponding second transition probability;
the transition probability is the transition probability between the log template corresponding to the second log and other log templates; the second log is the previous log adjacent to the log to be measured in the second sample data.
Optionally, the obtaining, by using a forward model, a first prediction probability according to the index information includes:
mapping the index information into word embedding information, paragraph embedding information and position embedding information by using a forward model; obtaining a first vector corresponding to the index information according to the word embedding information, paragraph embedding information and position embedding information; obtaining a first prediction probability according to the first vector;
and/or, the obtaining, by using a reverse model, a second prediction probability according to the index information includes:
mapping the index information into word embedding information, paragraph embedding information and position embedding information by using a reverse model; obtaining a second vector corresponding to the index information according to the word embedding information, paragraph embedding information and position embedding information; and obtaining a second prediction probability according to the second vector.
Optionally, the inputting the index information into a forward model to obtain a forward prediction probability includes:
adjusting the index information to first input data; inputting the first input data into a forward model to obtain forward prediction probability; the first input data comprise a first identifier corresponding to the current log to be tested;
and/or, inputting the index information into a reverse model to obtain a reverse prediction probability, including:
adjusting the index information to second input data; inputting the second input data into a reverse model to obtain reverse prediction probability; the second input data comprises a second identifier corresponding to the current log to be tested.
Optionally, the obtaining a final prediction probability according to the forward prediction probability and the reverse prediction probability includes:
obtaining a final prediction probability according to the forward prediction probability and the corresponding first coefficient, and the reverse prediction probability and the corresponding second coefficient;
wherein the sum of the first coefficient and the second coefficient is 1.
Optionally, the number of the final prediction probabilities is at least two, and the obtaining, according to the final prediction probabilities, a detection result of whether the current log to be detected is abnormal includes:
Ordering at least two final prediction probabilities in the order from big to small;
acquiring final prediction probability of the N bits ranked in front;
matching the current log to be detected with the log corresponding to the final prediction probability of the first N bits respectively;
obtaining a detection result of whether the current log to be detected is abnormal or not according to the matching result;
wherein N is an integer greater than 0.
The embodiment of the invention also provides a log detection device, which comprises:
the first acquisition module is used for acquiring index information of a reference log corresponding to the current log to be detected;
the first processing module is used for inputting the index information into a forward model to obtain forward prediction probability; inputting the index information into a reverse model to obtain reverse prediction probability;
the second processing module is used for obtaining a final prediction probability according to the forward prediction probability and the reverse prediction probability;
the third processing module is used for obtaining a detection result of whether the current log to be detected is abnormal or not according to the final prediction probability;
the forward model is trained by using first sample data, and the reverse model is trained by using second sample data, wherein the second sample data is reverse order data of the first sample data.
Optionally, the inputting the index information into a forward model to obtain a forward prediction probability includes:
obtaining a first prediction probability according to the index information by using a forward model; obtaining forward prediction probability according to the first weight coefficient, the first prediction probability and the corresponding first transition probability; the first transition probability is the transition probability between the log template corresponding to the first log and other log templates; the first log is a previous log adjacent to the log to be detected in the first sample data;
and/or, inputting the index information into a reverse model to obtain a reverse prediction probability, including:
obtaining a second prediction probability according to the index information by using a reverse model; obtaining reverse prediction probability according to a second weight coefficient, the second prediction probability and the corresponding second transition probability;
the transition probability is the transition probability between the log template corresponding to the second log and other log templates; the second log is the previous log adjacent to the log to be measured in the second sample data.
Optionally, the obtaining, by using a forward model, a first prediction probability according to the index information includes:
Mapping the index information into word embedding information, paragraph embedding information and position embedding information by using a forward model; obtaining a first vector corresponding to the index information according to the word embedding information, paragraph embedding information and position embedding information; obtaining a first prediction probability according to the first vector;
and/or, the obtaining, by using a reverse model, a second prediction probability according to the index information includes:
mapping the index information into word embedding information, paragraph embedding information and position embedding information by using a reverse model; obtaining a second vector corresponding to the index information according to the word embedding information, paragraph embedding information and position embedding information; and obtaining a second prediction probability according to the second vector.
Optionally, the inputting the index information into a forward model to obtain a forward prediction probability includes:
adjusting the index information to first input data; inputting the first input data into a forward model to obtain forward prediction probability; the first input data comprise a first identifier corresponding to the current log to be tested;
and/or, inputting the index information into a reverse model to obtain a reverse prediction probability, including:
Adjusting the index information to second input data; inputting the second input data into a reverse model to obtain reverse prediction probability; the second input data comprises a second identifier corresponding to the current log to be tested.
Optionally, the obtaining a final prediction probability according to the forward prediction probability and the reverse prediction probability includes:
obtaining a final prediction probability according to the forward prediction probability and the corresponding first coefficient, and the reverse prediction probability and the corresponding second coefficient;
wherein the sum of the first coefficient and the second coefficient is 1.
Optionally, the number of the final prediction probabilities is at least two, and the obtaining, according to the final prediction probabilities, a detection result of whether the current log to be detected is abnormal includes:
ordering at least two final prediction probabilities in the order from big to small;
acquiring final prediction probability of the N bits ranked in front;
matching the current log to be detected with the log corresponding to the final prediction probability of the first N bits respectively;
obtaining a detection result of whether the current log to be detected is abnormal or not according to the matching result;
wherein N is an integer greater than 0.
The embodiment of the invention also provides log detection equipment, which comprises the following steps: a processor and a transceiver;
the processor is used for acquiring index information of a reference log corresponding to the current log to be tested;
inputting the index information into a forward model to obtain forward prediction probability; inputting the index information into a reverse model to obtain reverse prediction probability;
obtaining a final prediction probability according to the forward prediction probability and the reverse prediction probability;
obtaining a detection result of whether the current log to be detected is abnormal or not according to the final prediction probability;
the forward model is trained by using first sample data, and the reverse model is trained by using second sample data, wherein the second sample data is reverse order data of the first sample data.
Optionally, the inputting the index information into a forward model to obtain a forward prediction probability includes:
obtaining a first prediction probability according to the index information by using a forward model; obtaining forward prediction probability according to the first weight coefficient, the first prediction probability and the corresponding first transition probability; the first transition probability is the transition probability between the log template corresponding to the first log and other log templates; the first log is a previous log adjacent to the log to be detected in the first sample data;
And/or, inputting the index information into a reverse model to obtain a reverse prediction probability, including:
obtaining a second prediction probability according to the index information by using a reverse model; obtaining reverse prediction probability according to a second weight coefficient, the second prediction probability and the corresponding second transition probability;
the transition probability is the transition probability between the log template corresponding to the second log and other log templates; the second log is the previous log adjacent to the log to be measured in the second sample data.
Optionally, the obtaining, by using a forward model, a first prediction probability according to the index information includes:
mapping the index information into word embedding information, paragraph embedding information and position embedding information by using a forward model; obtaining a first vector corresponding to the index information according to the word embedding information, paragraph embedding information and position embedding information; obtaining a first prediction probability according to the first vector;
and/or, the obtaining, by using a reverse model, a second prediction probability according to the index information includes:
mapping the index information into word embedding information, paragraph embedding information and position embedding information by using a reverse model; obtaining a second vector corresponding to the index information according to the word embedding information, paragraph embedding information and position embedding information; and obtaining a second prediction probability according to the second vector.
Optionally, the inputting the index information into a forward model to obtain a forward prediction probability includes:
adjusting the index information to first input data; inputting the first input data into a forward model to obtain forward prediction probability; the first input data comprise a first identifier corresponding to the current log to be tested;
and/or, inputting the index information into a reverse model to obtain a reverse prediction probability, including:
adjusting the index information to second input data; inputting the second input data into a reverse model to obtain reverse prediction probability; the second input data comprises a second identifier corresponding to the current log to be tested.
Optionally, the obtaining a final prediction probability according to the forward prediction probability and the reverse prediction probability includes:
obtaining a final prediction probability according to the forward prediction probability and the corresponding first coefficient, and the reverse prediction probability and the corresponding second coefficient;
wherein the sum of the first coefficient and the second coefficient is 1.
Optionally, the number of the final prediction probabilities is at least two, and the obtaining, according to the final prediction probabilities, a detection result of whether the current log to be detected is abnormal includes:
Ordering at least two final prediction probabilities in the order from big to small;
acquiring final prediction probability of the N bits ranked in front;
matching the current log to be detected with the log corresponding to the final prediction probability of the first N bits respectively;
obtaining a detection result of whether the current log to be detected is abnormal or not according to the matching result;
wherein N is an integer greater than 0.
The embodiment of the invention also provides log detection equipment, which comprises a memory, a processor and a program which is stored in the memory and can run on the processor; the processor implements the log detection method described above when executing the program.
The embodiment of the invention also provides a readable storage medium, on which a program is stored, which when executed by a processor, implements the steps in the log detection method described above.
The technical scheme of the invention has the following beneficial effects:
in the above scheme, the log detection method obtains index information of a reference log corresponding to the current log to be detected; inputting the index information into a forward model to obtain forward prediction probability; inputting the index information into a reverse model to obtain reverse prediction probability; obtaining a final prediction probability according to the forward prediction probability and the reverse prediction probability; obtaining a detection result of whether the current log to be detected is abnormal or not according to the final prediction probability; the forward model is trained by using first sample data, and the reverse model is trained by using second sample data, wherein the second sample data is reverse data of the first sample data; the method can realize the common reasoning of whether the current log to be detected is abnormal or not by using the forward model and the reverse model, achieves a better result than the unidirectional model, improves the prediction accuracy, and well solves the problem of low accuracy of the log detection scheme in the prior art.
Drawings
FIG. 1 is a schematic flow chart of a log detection method according to an embodiment of the invention;
FIG. 2 is a schematic diagram of a specific implementation flow of a log detection method according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a log detection device according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a log detection device according to an embodiment of the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantages to be solved more apparent, the following detailed description will be given with reference to the accompanying drawings and specific embodiments.
The invention provides a log detection method, which aims at the problem of low accuracy of a log detection scheme in the prior art, and as shown in fig. 1, comprises the following steps:
step 11: acquiring index information of a reference log corresponding to a current log to be tested;
step 12: inputting the index information into a forward model to obtain forward prediction probability; inputting the index information into a reverse model to obtain reverse prediction probability;
step 13: obtaining a final prediction probability according to the forward prediction probability and the reverse prediction probability;
step 14: obtaining a detection result of whether the current log to be detected is abnormal or not according to the final prediction probability; the forward model is trained by using first sample data, and the reverse model is trained by using second sample data, wherein the second sample data is reverse order data of the first sample data.
The generation time of the reference log is earlier than the generation time of the current log to be tested, and can also be called as a history log. The number of reference logs is adapted to the sliding window referred to below.
The log detection method provided by the embodiment of the invention is characterized by obtaining index information of a reference log corresponding to the current log to be detected; inputting the index information into a forward model to obtain forward prediction probability; inputting the index information into a reverse model to obtain reverse prediction probability; obtaining a final prediction probability according to the forward prediction probability and the reverse prediction probability; obtaining a detection result of whether the current log to be detected is abnormal or not according to the final prediction probability; the forward model is trained by using first sample data, and the reverse model is trained by using second sample data, wherein the second sample data is reverse data of the first sample data; the method can realize the common reasoning of whether the current log to be detected is abnormal or not by using the forward model and the reverse model, achieves a better result than the unidirectional model, improves the prediction accuracy, and well solves the problem of low accuracy of the log detection scheme in the prior art.
The step of inputting the index information into a forward model to obtain forward prediction probability comprises the following steps: obtaining a first prediction probability according to the index information by using a forward model; obtaining forward prediction probability according to the first weight coefficient, the first prediction probability and the corresponding first transition probability; the first transition probability is the transition probability between the log template corresponding to the first log and other log templates; the first log is a previous log adjacent to the log to be detected in the first sample data; and/or, inputting the index information into a reverse model to obtain a reverse prediction probability, including: obtaining a second prediction probability according to the index information by using a reverse model; obtaining reverse prediction probability according to a second weight coefficient, the second prediction probability and the corresponding second transition probability; the transition probability is the transition probability between the log template corresponding to the second log and other log templates; the second log is the previous log adjacent to the log to be measured in the second sample data.
This may enable the addition of log event adjacency matrix transfer relationships, which may specifically be: considering that the log events have association, firstly mining the topological relation among the events from the original log, and restraining the log prediction result by an adjacency matrix for representing the topological relation; the association relation between the events can be learned by the model more quickly and accurately, and experiments show that the addition of the topological relation can help to improve the abnormality detection accuracy.
In the embodiment of the present invention, the obtaining, by using the forward model, the first prediction probability according to the index information includes: mapping the index information into word embedding information, paragraph embedding information and position embedding information by using a forward model; obtaining a first vector corresponding to the index information according to the word embedding information, paragraph embedding information and position embedding information; obtaining a first prediction probability according to the first vector; and/or, the obtaining, by using a reverse model, a second prediction probability according to the index information includes: mapping the index information into word embedding information, paragraph embedding information and position embedding information by using a reverse model; obtaining a second vector corresponding to the index information according to the word embedding information, paragraph embedding information and position embedding information; and obtaining a second prediction probability according to the second vector.
Thus, a prediction scheme based on deep learning can be realized, and the adoption of expert experience which is difficult to acquire is avoided.
The "obtaining the first vector corresponding to the index information according to the word embedding information, paragraph embedding information, and position embedding information" may specifically include: obtaining a first vector corresponding to the index information according to the word embedding information, paragraph embedding information and position embedding information by using a double-layer encoder; similarly, regarding "obtaining the second vector corresponding to the index information from the word embedding information, paragraph embedding information, and position embedding information", the specific method may also include: and obtaining a second vector corresponding to the index information according to the word embedding information, the paragraph embedding information and the position embedding information by using a double-layer encoder.
The step of inputting the index information into a forward model to obtain forward prediction probability comprises the following steps: adjusting the index information to first input data; inputting the first input data into a forward model to obtain forward prediction probability; the first input data comprise a first identifier corresponding to the current log to be tested; and/or, inputting the index information into a reverse model to obtain a reverse prediction probability, including: adjusting the index information to second input data; inputting the second input data into a reverse model to obtain reverse prediction probability; the second input data comprises a second identifier corresponding to the current log to be tested.
The "adjusting the index information to the first input data" may specifically include: carrying out format processing on the index information; wherein the location of the log event to be predicted may be marked with an identification MASK (hidden).
The first and second identifiers described above may be identical.
In the embodiment of the present invention, the obtaining a final prediction probability according to the forward prediction probability and the reverse prediction probability includes: obtaining a final prediction probability according to the forward prediction probability and the corresponding first coefficient, and the reverse prediction probability and the corresponding second coefficient; wherein the sum of the first coefficient and the second coefficient is 1.
The number of the final prediction probabilities is at least two, and the obtaining, according to the final prediction probabilities, a detection result of whether the current log to be detected is abnormal includes: ordering at least two final prediction probabilities in the order from big to small; acquiring final prediction probability of the N bits ranked in front; matching the current log to be detected with the log corresponding to the final prediction probability of the first N bits respectively; obtaining a detection result of whether the current log to be detected is abnormal or not according to the matching result; wherein N is an integer greater than 0.
With respect to "ranking at least two of said final prediction probabilities", it may in particular comprise: ordering all final prediction probabilities, namely ordering the final prediction probabilities of the at least two; but is not limited thereto.
The "obtaining the detection result of whether the current log to be detected is abnormal according to the matching result" specifically may include: the existing matching is consistent, and the current log to be tested is normal; otherwise, the current log to be tested is abnormal.
The log detection method provided by the embodiment of the invention is illustrated below.
Aiming at the technical problems, the embodiment of the invention provides a log detection method, which can be realized as a log anomaly detection method based on deep learning, and mainly relates to the following steps:
1. the present approach uses a deep learning-based approach, by training a model (corresponding to the section "2" below) embedded with the emmbedding feature "using a large amount of data, the method avoids the adoption of expert experience which is difficult to acquire, and experiments prove that the effect is obviously improved by adopting a method based on deep learning compared with a method based on rule or keyword matching;
2. according to the scheme, a model is trained in a self-supervision mode, a large number of logs are generated in a system every day, a rule of a log sequence (corresponding to the content of a prediction log related to the following) can be learned without marking data in the self-supervision mode, data in a normal mode are used in training data, after the model is trained, once a deviation from the normal sequence mode of the log is found in a test data set, an abnormality is found, and the accuracy of abnormality detection is improved;
3. based on the model of the fully-connected neural network, when a large-scale data set is processed, the scheme can pay attention to log events which greatly contribute to the current detection log (corresponding to the current log to be detected) by adopting an attention method, and the training performance and effect are improved by adopting a multi-head mode. According to historical log data (corresponding to the related sample data), predicting the next log in a sliding window mode, training a forward model and a reverse model, learning the next log event by the forward model according to the original sequence sliding window mode of the log sequence, reversing the original log sequence by the reverse model, learning the log sequence from back to front, and finally fusing the forward model result and the reverse model result to achieve a better result than the unidirectional model;
4. The method increases the adjacency matrix (corresponding to the transition probability) among the log templates, specifically, considering the association among the log events, the topological relation among the events can be firstly mined from the original log, and the adjacency matrix (used for constraining the log prediction result) for representing the topological relation; the association relation between the events can be learned by the model more quickly and accurately, and experiments show that the addition of the topological relation can help to improve the abnormality detection accuracy.
Specifically, the exception detection can be performed based on the log sequence, and the implementation flow can be as shown in fig. 2, which relates to the following four parts:
part 1. Log template acquisition (mapping into index corresponding to original log);
the log can be used for recording system operation, so that operation and maintenance personnel can conveniently locate system abnormality; the method for detecting the abnormality of the log comprises the following steps: extracting a log template, and mapping the template into index (specifically, the existing means can be adopted); taking the logs in the workflow as a time sequence, training a model (also called a pre-training model and a model based on a full neural network) by using log sequence data (namely indexes, also called sample data) in a normal mode; after model training is completed, the log generated on the line may be tested (specifically, converted into an index to be tested, where the index may correspond to the index information described above). When the log sequence is in a state that is contrary to the normal mode, the system is considered to be abnormal (i.e., the log of the test is abnormal).
Specifically, the log event includes a log template and parameters in the log, and by summarizing the positions where the parameters appear, for example, the parameters generally appear after the parameters are equal to the numbers, the log template with the parameters removed is extracted by a regular expression, and then the index sequence corresponding to the log template is obtained after duplication removal.
Part 2, training a forward model;
1) Inputting;
after the sample passes through part 1 to obtain a sequence of log templates (i.e., index sequence), the data (i.e., sequence) is processed into a format suitable for input by the model (i.e., the model obtained in part 1). Then, the present solution processes the sequence according to a sliding window mode by the normal mode of the encoder learning sequence, and specifically, a suitable sliding window 50 may be selected, that is, 50 log events are used to predict the next log event. In order to keep pace with the format of the training data in the pre-training model, the locations of the log events to be predicted (corresponding to the above log to be measured) may be marked with an identification [ MASK (hidden) ] and the remaining log events are used as features to predict the classification results of the [ MASK ] locations (corresponding to p1, p2 and p3 etc. in fig. 2, i.e. the first prediction probability). When training the model, the true value corresponding to the [ MASK ] position is the right-most column of values in fig. 2 (i.e., the right-hand value of the [ MASK ] position): 241. 240 (V) 242 · 84; when training a model, the format of a processing sequence is shown in fig. 2, then the processing is performed to obtain a classification probability (namely the classification result), and then the K1 processing is performed to obtain a final prediction probability; the final prediction probability is compared to a corresponding true value, such as 241, and model parameters (i.e., training models) are adjusted by back-propagation.
When the model prediction log is used later, the log to be detected can be processed into a format suitable for model input to obtain first input data (corresponding to the adjustment of the index information into the first input data); specifically, the log to be tested may be identified using [ MASK ] (corresponding to the first identification described above).
With respect to the "sliding window mode" may specifically be an overlapping sliding window, for example, the sliding window is 2, and the sliding window mode may be: journal 1 and journal 2, journal 2 and journal 3, journal 3 and journal 4, etc.; but is not limited thereto.
2) Embedding an embedding feature;
the remaining log events in log events (i.e., 1), when predicted, may be replaced with the reference log described above) are first mapped into three email, namely word embedded token email, paragraph embedded segment embedding, and location embedded position embedding, where token email is a vector representation of each token, segment embedding is email for distinguishing different sentences, position embedding is location information for each token in a learned sentence. The three above are added to obtain the final emmbedding, which passes through the encoder, and outputs a vector representation of the entire sequence (corresponding to the first vector described above) at the last layer of the encoder. To improve the performance and speed of log sequence learning, the present scheme selects a two-layer encoder, and therefore, the output of the second layer, i.e., the vector representation of the log sequence. After passing through the full connection layer (in the full neural network), the classification result (corresponding to p1, p2, p3, etc. in fig. 2, i.e., the first prediction probability) of the current log sequence is output.
3) Increasing log event adjacency matrix transfer relationships (corresponding to the first transfer probabilities described above);
because the log events are not unconnected, the topological relation between the log templates can be obtained through analysis of past log data, and the topological relation between the log templates is represented by an adjacency matrix; in addition, considering that the final classification result (corresponding to the forward prediction probability in the forward model) has a larger relationship with the last log in the sliding window sequence, the present scheme merges the final classification result (i.e., the last log) with the classification result of the log sequence through the parameter K1 (corresponding to the first weight coefficient), specifically, the classification result (i.e., the final classification result, which may include multiple probabilities) finally output by the model is: the log sequence (i.e. log to be measured) has a classification probability of each log template+k1×the transition probability between the last template of the log sequence (corresponding) and the other log templates; as p1+k1×a1, p2+k1×a2, etc. in fig. 2, p represents a classification probability, and an represents a transition probability; wherein K1 is a learnable parameter. In the scheme, the topology relation is taken into consideration, so that the abnormal detection result is improved, and finally, probability distribution (namely forward prediction probability, including P1, P2, P3, P4 and the like) of all logs is output to wait for fusion with probability distribution (namely reverse prediction probability) output by a reverse model.
Part 3, training a reverse model;
in order to detect whether the current log is abnormal or not, the method uses a log sequence (corresponding to the first sample data and used for training a forward model) before the current log and a log sequence (corresponding to the second sample data and used for training a reverse model) after the current log to jointly infer whether the current log is abnormal or not from the logs in the positive direction and the negative direction. Specifically, the reverse model training operation is substantially the same as the training of the forward model, except that the forward data needs to be completely inverted to generate reverse training data (e.g., the values to the right of the [ MASK ] position in fig. 2: 81, 243 243···240), and when integrated with the topological relationship (i.e., transition probabilities with other log templates), the learnable parameter is K2.
Part 4. Bidirectional model result fusion (corresponding to fusing forward and reverse model results in proportion A and B);
after the forward and reverse models are trained, outputting a prediction result (comprising a forward prediction probability obtained by the forward model and a reverse prediction probability obtained by the reverse model) on test data, multiplying the prediction result of the forward and reverse models by parameters a (corresponding to the first coefficient) and B (corresponding to the second coefficient) respectively, and fusing the prediction result (see a fusing mode in fig. 2, such as fusing P1 in the forward model and P1 in the reverse model, specifically), wherein a+b=1; and then, finding out the top20 (such as P1 to P20 reserved in FIG. 2) from the final fused result (corresponding to the final prediction probability), if the real log event (i.e. the log event to be detected or the current log event) is in the predicted top20 log event, indicating that the current log event appears to conform to the normal log mode, and if no abnormality occurs, otherwise, considering that the abnormality occurs.
The scheme can replace the workflow of a manual monitoring system, realizes automatic detection of abnormal operation of the server, and reduces operation and maintenance cost.
From the above, this scheme relates to: using deep learning technology to learn the normal mode of the log sequence, and when the newly appeared log violates the normal mode, considering that the abnormality is detected; in addition, in order to improve the prediction accuracy, it is proposed that a forward model and a reverse model are used for jointly reasoning whether the current log is abnormal or not, and the topological relation among log events is added, so that the prediction accuracy is further improved.
Specifically, the scheme extracts a log template based on original log information, and learns and infers whether the log is abnormal or not from the forward direction and the reverse direction together (specifically, the method can be understood that a forward log sequence and a backward log sequence of the log event to be detected are taken as model features, and whether the event to be detected is abnormal or not is inferred together). In order to further improve the accuracy of log anomaly detection, the topological relation between log events is fused with the model prediction result, so that the model learns the association relation between the events more quickly and accurately. The scheme can more accurately locate the abnormality and save the labor operation and maintenance cost.
In addition, the scheme uses an encoder part of a transformer, particularly a two-layer encoder, so as to prevent the phenomenon of over fitting.
In summary, this scheme has provided a log anomaly detection method based on deep learning, compares in current technical scheme, and this scheme has following advantage:
1. when the log anomaly detection is carried out, using a converter, predicting the next log in a sliding window mode according to historical log data, training a forward model and a reverse model, learning the next log event by the forward model according to the original sequence sliding window mode of the log sequence, reversing the original log sequence by the reverse model, learning the log sequence from back to front, and finally fusing the forward model result and the reverse model result to achieve a better result than the unidirectional model;
2. considering that the log events have association, firstly mining the topological relation among the events from the original log, and restraining the log prediction result by the adjacency matrix for representing the topological relation to help to improve the abnormality detection accuracy. The model pays more attention to the log events which interact more with the current learned log events, so that the model learns the association relation between the events more quickly and accurately.
The embodiment of the invention also provides a log detection device, as shown in fig. 3, comprising:
the first obtaining module 31 is configured to obtain index information of a reference log corresponding to a current log to be tested;
a first processing module 32, configured to input the index information into a forward model to obtain a forward prediction probability; inputting the index information into a reverse model to obtain reverse prediction probability;
a second processing module 33, configured to obtain a final prediction probability according to the forward prediction probability and the reverse prediction probability;
a third processing module 34, configured to obtain a detection result of whether the current log to be tested is abnormal according to the final prediction probability;
the forward model is trained by using first sample data, and the reverse model is trained by using second sample data, wherein the second sample data is reverse order data of the first sample data.
The log detection device provided by the embodiment of the invention obtains the index information of the reference log corresponding to the current log to be detected; inputting the index information into a forward model to obtain forward prediction probability; inputting the index information into a reverse model to obtain reverse prediction probability; obtaining a final prediction probability according to the forward prediction probability and the reverse prediction probability; obtaining a detection result of whether the current log to be detected is abnormal or not according to the final prediction probability; the forward model is trained by using first sample data, and the reverse model is trained by using second sample data, wherein the second sample data is reverse data of the first sample data; the method can realize the common reasoning of whether the current log to be detected is abnormal or not by using the forward model and the reverse model, achieves a better result than the unidirectional model, improves the prediction accuracy, and well solves the problem of low accuracy of the log detection scheme in the prior art.
The step of inputting the index information into a forward model to obtain forward prediction probability comprises the following steps: obtaining a first prediction probability according to the index information by using a forward model; obtaining forward prediction probability according to the first weight coefficient, the first prediction probability and the corresponding first transition probability; the first transition probability is the transition probability between the log template corresponding to the first log and other log templates; the first log is a previous log adjacent to the log to be detected in the first sample data; and/or, inputting the index information into a reverse model to obtain a reverse prediction probability, including: obtaining a second prediction probability according to the index information by using a reverse model; obtaining reverse prediction probability according to a second weight coefficient, the second prediction probability and the corresponding second transition probability; the transition probability is the transition probability between the log template corresponding to the second log and other log templates; the second log is the previous log adjacent to the log to be measured in the second sample data.
In the embodiment of the present invention, the obtaining, by using the forward model, the first prediction probability according to the index information includes: mapping the index information into word embedding information, paragraph embedding information and position embedding information by using a forward model; obtaining a first vector corresponding to the index information according to the word embedding information, paragraph embedding information and position embedding information; obtaining a first prediction probability according to the first vector; and/or, the obtaining, by using a reverse model, a second prediction probability according to the index information includes: mapping the index information into word embedding information, paragraph embedding information and position embedding information by using a reverse model; obtaining a second vector corresponding to the index information according to the word embedding information, paragraph embedding information and position embedding information; and obtaining a second prediction probability according to the second vector.
The step of inputting the index information into a forward model to obtain forward prediction probability comprises the following steps: adjusting the index information to first input data; inputting the first input data into a forward model to obtain forward prediction probability; the first input data comprise a first identifier corresponding to the current log to be tested; and/or, inputting the index information into a reverse model to obtain a reverse prediction probability, including: adjusting the index information to second input data; inputting the second input data into a reverse model to obtain reverse prediction probability; the second input data comprises a second identifier corresponding to the current log to be tested.
In the embodiment of the present invention, the obtaining a final prediction probability according to the forward prediction probability and the reverse prediction probability includes: obtaining a final prediction probability according to the forward prediction probability and the corresponding first coefficient, and the reverse prediction probability and the corresponding second coefficient; wherein the sum of the first coefficient and the second coefficient is 1.
In the embodiment of the present invention, the number of the final prediction probabilities is at least two, and the obtaining, according to the final prediction probabilities, a detection result of whether the current log to be detected is abnormal includes: ordering at least two final prediction probabilities in the order from big to small; acquiring final prediction probability of the N bits ranked in front; matching the current log to be detected with the log corresponding to the final prediction probability of the first N bits respectively; obtaining a detection result of whether the current log to be detected is abnormal or not according to the matching result; wherein N is an integer greater than 0.
The embodiments of the log detection method are applicable to the embodiments of the log detection device, and the same technical effects can be achieved.
The embodiment of the invention also provides log detection equipment, as shown in fig. 4, comprising: a processor 41 and a transceiver 42 (capable of communicating with the processor 41);
the processor 42 is configured to obtain index information of a reference log corresponding to a current log to be tested;
inputting the index information into a forward model to obtain forward prediction probability; inputting the index information into a reverse model to obtain reverse prediction probability;
obtaining a final prediction probability according to the forward prediction probability and the reverse prediction probability;
obtaining a detection result of whether the current log to be detected is abnormal or not according to the final prediction probability;
the forward model is trained by using first sample data, and the reverse model is trained by using second sample data, wherein the second sample data is reverse order data of the first sample data.
The log detection equipment provided by the embodiment of the invention acquires the index information of the reference log corresponding to the current log to be detected; inputting the index information into a forward model to obtain forward prediction probability; inputting the index information into a reverse model to obtain reverse prediction probability; obtaining a final prediction probability according to the forward prediction probability and the reverse prediction probability; obtaining a detection result of whether the current log to be detected is abnormal or not according to the final prediction probability; the forward model is trained by using first sample data, and the reverse model is trained by using second sample data, wherein the second sample data is reverse data of the first sample data; the method can realize the common reasoning of whether the current log to be detected is abnormal or not by using the forward model and the reverse model, achieves a better result than the unidirectional model, improves the prediction accuracy, and well solves the problem of low accuracy of the log detection scheme in the prior art.
The step of inputting the index information into a forward model to obtain forward prediction probability comprises the following steps: obtaining a first prediction probability according to the index information by using a forward model; obtaining forward prediction probability according to the first weight coefficient, the first prediction probability and the corresponding first transition probability; the first transition probability is the transition probability between the log template corresponding to the first log and other log templates; the first log is a previous log adjacent to the log to be detected in the first sample data; and/or, inputting the index information into a reverse model to obtain a reverse prediction probability, including: obtaining a second prediction probability according to the index information by using a reverse model; obtaining reverse prediction probability according to a second weight coefficient, the second prediction probability and the corresponding second transition probability; the transition probability is the transition probability between the log template corresponding to the second log and other log templates; the second log is the previous log adjacent to the log to be measured in the second sample data.
In the embodiment of the present invention, the obtaining, by using the forward model, the first prediction probability according to the index information includes: mapping the index information into word embedding information, paragraph embedding information and position embedding information by using a forward model; obtaining a first vector corresponding to the index information according to the word embedding information, paragraph embedding information and position embedding information; obtaining a first prediction probability according to the first vector; and/or, the obtaining, by using a reverse model, a second prediction probability according to the index information includes: mapping the index information into word embedding information, paragraph embedding information and position embedding information by using a reverse model; obtaining a second vector corresponding to the index information according to the word embedding information, paragraph embedding information and position embedding information; and obtaining a second prediction probability according to the second vector.
The step of inputting the index information into a forward model to obtain forward prediction probability comprises the following steps: adjusting the index information to first input data; inputting the first input data into a forward model to obtain forward prediction probability; the first input data comprise a first identifier corresponding to the current log to be tested; and/or, inputting the index information into a reverse model to obtain a reverse prediction probability, including: adjusting the index information to second input data; inputting the second input data into a reverse model to obtain reverse prediction probability; the second input data comprises a second identifier corresponding to the current log to be tested.
In the embodiment of the present invention, the obtaining a final prediction probability according to the forward prediction probability and the reverse prediction probability includes: obtaining a final prediction probability according to the forward prediction probability and the corresponding first coefficient, and the reverse prediction probability and the corresponding second coefficient; wherein the sum of the first coefficient and the second coefficient is 1.
In the embodiment of the present invention, the number of the final prediction probabilities is at least two, and the obtaining, according to the final prediction probabilities, a detection result of whether the current log to be detected is abnormal includes: ordering at least two final prediction probabilities in the order from big to small; acquiring final prediction probability of the N bits ranked in front; matching the current log to be detected with the log corresponding to the final prediction probability of the first N bits respectively; obtaining a detection result of whether the current log to be detected is abnormal or not according to the matching result; wherein N is an integer greater than 0.
The implementation embodiments of the log detection method are applicable to the embodiment of the log detection device, and the same technical effects can be achieved.
The embodiment of the invention also provides log detection equipment, which comprises a memory, a processor and a program which is stored in the memory and can run on the processor; the processor implements the log detection method described above when executing the program.
The implementation embodiments of the log detection method are applicable to the embodiment of the log detection device, and the same technical effects can be achieved.
The embodiment of the invention also provides a readable storage medium, on which a program is stored, which when executed by a processor, implements the steps in the log detection method described above.
The embodiments of the log detection method are applicable to the embodiment of the readable storage medium, and the same technical effects can be achieved.
It should be noted that many of the functional components described in this specification have been referred to as modules, in order to more particularly emphasize their implementation independence.
In an embodiment of the invention, the modules may be implemented in software for execution by various types of processors. An identified module of executable code may, for instance, comprise one or more physical or logical blocks of computer instructions which may, for instance, be organized as an object, procedure, or function. Nevertheless, the executables of an identified module need not be physically located together, but may comprise disparate instructions stored in different bits which, when joined logically together, comprise the module and achieve the stated purpose for the module.
Indeed, a module of executable code may be a single instruction, or many instructions, and may even be distributed over several different code segments, among different programs, and across several memory devices. Likewise, operational data may be identified within modules and may be embodied in any suitable form and organized within any suitable type of data structure. The operational data may be collected as a single data set, or may be distributed over different locations including over different storage devices.
Where a module may be implemented in software, taking into account the level of existing hardware technology, a module may be implemented in software, and one skilled in the art may, without regard to cost, build corresponding hardware circuitry, including conventional Very Large Scale Integration (VLSI) circuits or gate arrays, and existing semiconductors such as logic chips, transistors, or other discrete components, to achieve the corresponding functions. A module may also be implemented in programmable hardware devices such as field programmable gate arrays, programmable array logic, programmable logic devices or the like.
While the foregoing is directed to the preferred embodiments of the present invention, it will be appreciated by those skilled in the art that various modifications and changes can be made without departing from the principles of the present invention, and such modifications and changes should also be considered as being within the scope of the present invention.
Claims (15)
1. A log detection method, comprising:
acquiring index information of a reference log corresponding to a current log to be tested;
inputting the index information into a forward model to obtain forward prediction probability; inputting the index information into a reverse model to obtain reverse prediction probability;
obtaining a final prediction probability according to the forward prediction probability and the reverse prediction probability;
obtaining a detection result of whether the current log to be detected is abnormal or not according to the final prediction probability;
the forward model is trained by using first sample data, and the reverse model is trained by using second sample data, wherein the second sample data is reverse order data of the first sample data.
2. The log detection method according to claim 1, wherein the inputting the index information into a forward model to obtain a forward prediction probability includes:
Obtaining a first prediction probability according to the index information by using a forward model; obtaining forward prediction probability according to the first weight coefficient, the first prediction probability and the corresponding first transition probability; the first transition probability is the transition probability between the log template corresponding to the first log and other log templates; the first log is a previous log adjacent to the log to be detected in the first sample data;
and/or, inputting the index information into a reverse model to obtain a reverse prediction probability, including:
obtaining a second prediction probability according to the index information by using a reverse model; obtaining reverse prediction probability according to a second weight coefficient, the second prediction probability and the corresponding second transition probability;
the transition probability is the transition probability between the log template corresponding to the second log and other log templates; the second log is the previous log adjacent to the log to be measured in the second sample data.
3. The method of claim 2, wherein the obtaining the first prediction probability according to the index information using the forward model includes:
Mapping the index information into word embedding information, paragraph embedding information and position embedding information by using a forward model; obtaining a first vector corresponding to the index information according to the word embedding information, paragraph embedding information and position embedding information; obtaining a first prediction probability according to the first vector;
and/or, the obtaining, by using a reverse model, a second prediction probability according to the index information includes:
mapping the index information into word embedding information, paragraph embedding information and position embedding information by using a reverse model; obtaining a second vector corresponding to the index information according to the word embedding information, paragraph embedding information and position embedding information; and obtaining a second prediction probability according to the second vector.
4. The log detection method according to claim 1, wherein the inputting the index information into a forward model to obtain a forward prediction probability includes:
adjusting the index information to first input data; inputting the first input data into a forward model to obtain forward prediction probability; the first input data comprise a first identifier corresponding to the current log to be tested;
And/or, inputting the index information into a reverse model to obtain a reverse prediction probability, including:
adjusting the index information to second input data; inputting the second input data into a reverse model to obtain reverse prediction probability; the second input data comprises a second identifier corresponding to the current log to be tested.
5. The log detection method according to claim 1, wherein the obtaining a final prediction probability according to the forward prediction probability and the reverse prediction probability includes:
obtaining a final prediction probability according to the forward prediction probability and the corresponding first coefficient, and the reverse prediction probability and the corresponding second coefficient;
wherein the sum of the first coefficient and the second coefficient is 1.
6. The log detection method according to claim 1, wherein the number of the final prediction probabilities is at least two, and the obtaining, according to the final prediction probabilities, a detection result of whether the current log to be detected is abnormal includes:
ordering at least two final prediction probabilities in the order from big to small;
acquiring final prediction probability of the N bits ranked in front;
Matching the current log to be detected with the log corresponding to the final prediction probability of the first N bits respectively;
obtaining a detection result of whether the current log to be detected is abnormal or not according to the matching result;
wherein N is an integer greater than 0.
7. A log detection device, characterized by comprising:
the first acquisition module is used for acquiring index information of a reference log corresponding to the current log to be detected;
the first processing module is used for inputting the index information into a forward model to obtain forward prediction probability; inputting the index information into a reverse model to obtain reverse prediction probability;
the second processing module is used for obtaining a final prediction probability according to the forward prediction probability and the reverse prediction probability;
the third processing module is used for obtaining a detection result of whether the current log to be detected is abnormal or not according to the final prediction probability;
the forward model is trained by using first sample data, and the reverse model is trained by using second sample data, wherein the second sample data is reverse order data of the first sample data.
8. The log detection device according to claim 7, wherein the inputting the index information into a forward model to obtain a forward prediction probability comprises:
Obtaining a first prediction probability according to the index information by using a forward model; obtaining forward prediction probability according to the first weight coefficient, the first prediction probability and the corresponding first transition probability; the first transition probability is the transition probability between the log template corresponding to the first log and other log templates; the first log is a previous log adjacent to the log to be detected in the first sample data;
and/or, inputting the index information into a reverse model to obtain a reverse prediction probability, including:
obtaining a second prediction probability according to the index information by using a reverse model; obtaining reverse prediction probability according to a second weight coefficient, the second prediction probability and the corresponding second transition probability;
the transition probability is the transition probability between the log template corresponding to the second log and other log templates; the second log is the previous log adjacent to the log to be measured in the second sample data.
9. The log detection device according to claim 8, wherein the obtaining the first prediction probability according to the index information using the forward model includes:
Mapping the index information into word embedding information, paragraph embedding information and position embedding information by using a forward model; obtaining a first vector corresponding to the index information according to the word embedding information, paragraph embedding information and position embedding information; obtaining a first prediction probability according to the first vector;
and/or, the obtaining, by using a reverse model, a second prediction probability according to the index information includes:
mapping the index information into word embedding information, paragraph embedding information and position embedding information by using a reverse model; obtaining a second vector corresponding to the index information according to the word embedding information, paragraph embedding information and position embedding information; and obtaining a second prediction probability according to the second vector.
10. The log detection device according to claim 7, wherein the inputting the index information into a forward model to obtain a forward prediction probability comprises:
adjusting the index information to first input data; inputting the first input data into a forward model to obtain forward prediction probability; the first input data comprise a first identifier corresponding to the current log to be tested;
And/or, inputting the index information into a reverse model to obtain a reverse prediction probability, including:
adjusting the index information to second input data; inputting the second input data into a reverse model to obtain reverse prediction probability; the second input data comprises a second identifier corresponding to the current log to be tested.
11. The log detection device according to claim 7, wherein the obtaining the final prediction probability according to the forward prediction probability and the reverse prediction probability includes:
obtaining a final prediction probability according to the forward prediction probability and the corresponding first coefficient, and the reverse prediction probability and the corresponding second coefficient;
wherein the sum of the first coefficient and the second coefficient is 1.
12. The log detection device according to claim 7, wherein the number of final prediction probabilities is at least two, and the obtaining, according to the final prediction probabilities, a detection result of whether the current log to be detected is abnormal includes:
ordering at least two final prediction probabilities in the order from big to small;
acquiring final prediction probability of the N bits ranked in front;
Matching the current log to be detected with the log corresponding to the final prediction probability of the first N bits respectively;
obtaining a detection result of whether the current log to be detected is abnormal or not according to the matching result;
wherein N is an integer greater than 0.
13. A log detection apparatus, characterized by comprising: a processor and a transceiver;
the processor is used for acquiring index information of a reference log corresponding to the current log to be tested;
inputting the index information into a forward model to obtain forward prediction probability; inputting the index information into a reverse model to obtain reverse prediction probability;
obtaining a final prediction probability according to the forward prediction probability and the reverse prediction probability;
obtaining a detection result of whether the current log to be detected is abnormal or not according to the final prediction probability;
the forward model is trained by using first sample data, and the reverse model is trained by using second sample data, wherein the second sample data is reverse order data of the first sample data.
14. A log detection device comprising a memory, a processor, and a program stored on the memory and executable on the processor; the log detection method according to any one of claims 1 to 6 is realized when the processor executes the program.
15. A readable storage medium having stored thereon a program, wherein the program, when executed by a processor, implements the steps in the log detection method as claimed in any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111231811.9A CN116028450A (en) | 2021-10-22 | 2021-10-22 | Log detection method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111231811.9A CN116028450A (en) | 2021-10-22 | 2021-10-22 | Log detection method, device and equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116028450A true CN116028450A (en) | 2023-04-28 |
Family
ID=86074596
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111231811.9A Pending CN116028450A (en) | 2021-10-22 | 2021-10-22 | Log detection method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116028450A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117168802A (en) * | 2023-08-14 | 2023-12-05 | 苏州长木传动科技有限公司 | Method for detecting performance life of harmonic speed reducer |
-
2021
- 2021-10-22 CN CN202111231811.9A patent/CN116028450A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117168802A (en) * | 2023-08-14 | 2023-12-05 | 苏州长木传动科技有限公司 | Method for detecting performance life of harmonic speed reducer |
| CN117168802B (en) * | 2023-08-14 | 2024-06-18 | 苏州长木传动科技有限公司 | Method for detecting performance life of harmonic speed reducer |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103580960B (en) | Online pipe network anomaly detection system based on machine learning | |
| Li et al. | Fault diagnosis expert system of semiconductor manufacturing equipment using a Bayesian network | |
| JP6875179B2 (en) | System analyzer and system analysis method | |
| Ploennigs et al. | Adapting semantic sensor networks for smart building diagnosis | |
| Sun et al. | Explaining image classifiers using statistical fault localization | |
| Roth et al. | Fault detection and isolation in manufacturing systems with an identified discrete event model | |
| Gibadullin et al. | Analysis of industrial network parameters using neural network processing | |
| CN113516174B (en) | Call chain abnormality detection method, computer device, and readable storage medium | |
| CN115511118A (en) | Artificial intelligence-based heat supply system fault auxiliary decision-making method and system | |
| CN115017513A (en) | Intelligent contract vulnerability detection method based on artificial intelligence | |
| CN116467674A (en) | Intelligent fault processing fusion updating system and method for power distribution network | |
| CN117743909A (en) | Heating system fault analysis method and device based on artificial intelligence | |
| Ding et al. | Model-based error detection for industrial automation systems using lstm networks | |
| CN114139589A (en) | Fault diagnosis method, device, equipment and computer readable storage medium | |
| CN115456107A (en) | Time series abnormity detection system and method | |
| CN116795977A (en) | Data processing method, apparatus, device and computer readable storage medium | |
| CN116028450A (en) | Log detection method, device and equipment | |
| Strasser et al. | Graph-based ontology-guided data mining for D-matrix model maturation | |
| CN112579777B (en) | Semi-supervised classification method for unlabeled text | |
| Zhang et al. | Predicting change consistency in a clone group | |
| CN117591913A (en) | Statement level software defect prediction method based on improved R-transducer | |
| CN109889258B (en) | Optical network fault checking method and equipment | |
| CN112147974B (en) | Alarm root cause diagnosis method based on chemical process knowledge automation | |
| CN115545169A (en) | GRU-AE network-based multi-view service flow anomaly detection method, system and equipment | |
| CN116635843A (en) | Apparatus, computing platform and method for analyzing log files of industrial plants |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |