CN116679890A - Storage device security management system and method thereof - Google Patents
Storage device security management system and method thereof Download PDFInfo
- Publication number
- CN116679890A CN116679890A CN202310963934.4A CN202310963934A CN116679890A CN 116679890 A CN116679890 A CN 116679890A CN 202310963934 A CN202310963934 A CN 202310963934A CN 116679890 A CN116679890 A CN 116679890A
- Authority
- CN
- China
- Prior art keywords
- feature
- matrix
- performance index
- classification
- training
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000003860 storage Methods 0.000 title claims abstract description 105
- 238000000034 method Methods 0.000 title description 32
- 239000011159 matrix material Substances 0.000 claims abstract description 141
- 239000013598 vector Substances 0.000 claims abstract description 106
- 238000007726 management method Methods 0.000 claims abstract description 50
- 238000013527 convolutional neural network Methods 0.000 claims abstract description 35
- 238000012544 monitoring process Methods 0.000 claims abstract description 25
- 238000012549 training Methods 0.000 claims description 63
- 230000007246 mechanism Effects 0.000 claims description 33
- 238000009826 distribution Methods 0.000 claims description 24
- 239000010410 layer Substances 0.000 claims description 21
- 238000000605 extraction Methods 0.000 claims description 15
- 238000005457 optimization Methods 0.000 claims description 15
- 238000012546 transfer Methods 0.000 claims description 15
- 238000012545 processing Methods 0.000 claims description 11
- 238000001514 detection method Methods 0.000 claims description 9
- 230000004913 activation Effects 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims description 5
- 238000011176 pooling Methods 0.000 claims description 4
- 230000003213 activating effect Effects 0.000 claims description 3
- 239000002356 single layer Substances 0.000 claims description 2
- 230000006870 function Effects 0.000 description 27
- 238000004422 calculation algorithm Methods 0.000 description 13
- 230000008569 process Effects 0.000 description 11
- 230000015654 memory Effects 0.000 description 8
- 230000002829 reductive effect Effects 0.000 description 8
- 230000004044 response Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 230000002159 abnormal effect Effects 0.000 description 6
- 238000004364 calculation method Methods 0.000 description 5
- 238000010606 normalization Methods 0.000 description 5
- 238000013528 artificial neural network Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 4
- 239000000306 component Substances 0.000 description 4
- 230000000694 effects Effects 0.000 description 4
- 238000010801 machine learning Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000000306 recurrent effect Effects 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 238000003062 neural network model Methods 0.000 description 3
- 238000007781 pre-processing Methods 0.000 description 3
- 230000003252 repetitive effect Effects 0.000 description 3
- 230000005856 abnormality Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 239000008358 core component Substances 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000002708 enhancing effect Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000007477 logistic regression Methods 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 238000003058 natural language processing Methods 0.000 description 2
- 230000000737 periodic effect Effects 0.000 description 2
- 238000010200 validation analysis Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000003044 adaptive effect Effects 0.000 description 1
- 230000002411 adverse Effects 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000005311 autocorrelation function Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000013145 classification model Methods 0.000 description 1
- 238000004140 cleaning Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005094 computer simulation Methods 0.000 description 1
- 235000014510 cooky Nutrition 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013079 data visualisation Methods 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 230000008034 disappearance Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000000670 limiting effect Effects 0.000 description 1
- 238000012417 linear regression Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000013450 outlier detection Methods 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000012805 post-processing Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 230000011218 segmentation Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000006403 short-term memory Effects 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/3024—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a central processing unit [CPU]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/3037—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a memory, e.g. virtual memory, cache
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0653—Monitoring storage devices or systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/0464—Convolutional networks [CNN, ConvNet]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
- G06N3/084—Backpropagation, e.g. using gradient descent
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Mathematical Physics (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Life Sciences & Earth Sciences (AREA)
- Artificial Intelligence (AREA)
- General Health & Medical Sciences (AREA)
- Human Computer Interaction (AREA)
- Quality & Reliability (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- Software Systems (AREA)
- Molecular Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Evolutionary Biology (AREA)
- Bioinformatics & Computational Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The application relates to the field of intelligent management, in particular to a storage device security management system and a storage device security management method. Firstly, arranging performance indexes of a monitored storage module at a plurality of preset time points within a preset time period as a performance index input matrix, then, passing the performance index input matrix through a convolutional neural network model to obtain a performance index local association feature matrix, then, carrying out feature matrix division on the performance index local association feature matrix, respectively expanding the performance index local association feature matrix into a plurality of performance index local association sub-feature vectors, then, passing the performance index local association sub-feature matrix through a context encoder to obtain a classification feature vector, and finally, passing the classification feature vector through a classifier to obtain a classification result for indicating whether the performance of the monitored storage module is normal. Therefore, the accuracy and the instantaneity of monitoring and alarming can be improved.
Description
Technical Field
The present application relates to the field of intelligent management, and more particularly, to a storage device security management system and method thereof.
Background
Storage device security management refers to effectively protecting and controlling physical and logical security of a storage device to prevent the storage device from being attacked maliciously or accidentally damaged, resulting in data loss or leakage.
The monitoring alarm module for the safety management of the storage equipment is an important component of the safety management of the storage equipment, and has the functions of timely finding and reporting abnormal conditions of the storage equipment, such as faults, attacks, viruses and the like, by monitoring the running state and performance indexes of the storage equipment in real time and taking corresponding emergency measures so as to reduce or avoid the occurrence of the safety risk of the storage equipment.
The existing monitoring alarm module generally realizes the function of monitoring alarm through data of a single dimension, so that the judgment accuracy is lower. Thus, an optimized solution is desired.
Disclosure of Invention
The present application has been made to solve the above-mentioned technical problems. The application provides a storage device security management system and a storage device security management method.
According to one aspect of the present application, there is provided a storage device security management system including:
the system comprises an index acquisition module, a monitoring module and a storage module, wherein the index acquisition module is used for acquiring performance indexes of a plurality of preset time points of the monitored storage module in a preset time period, and the performance indexes comprise CPU (central processing unit) utilization rate, disk space utilization rate and network delay;
the data arrangement module is used for arranging the performance indexes of the plurality of preset time points into a performance index input matrix according to the time dimension and the sample dimension;
The associated feature extraction module is used for inputting the performance index into a matrix to obtain a performance index local associated feature matrix through a convolutional neural network model using a spatial attention mechanism;
the dividing module is used for dividing the characteristic matrix of the performance index local association characteristic matrix to obtain a plurality of performance index local association submatrices;
the global semantic association module is used for respectively expanding the plurality of performance index local association sub-matrixes into a plurality of performance index local association sub-feature vectors and then obtaining classification feature vectors through a context encoder based on a converter; and
and the detection result generation module is used for passing the classification feature vector through a classifier to obtain a classification result, wherein the classification result is used for indicating whether the performance of the monitored storage module is normal or not.
According to another aspect of the present application, there is provided a storage device security management method, including:
acquiring performance indexes of a plurality of preset time points of a monitored storage module in a preset time period, wherein the performance indexes comprise CPU (central processing unit) utilization rate, disk space utilization rate and network delay;
arranging the performance indexes of the plurality of preset time points into a performance index input matrix according to the time dimension and the sample dimension;
Inputting the performance index into a matrix to obtain a performance index local association feature matrix through a convolutional neural network model using a spatial attention mechanism;
performing feature matrix division on the performance index local association feature matrix to obtain a plurality of performance index local association submatrices;
the plurality of performance index local correlation sub-matrixes are respectively unfolded into a plurality of performance index local correlation sub-feature vectors, and then the classified feature vectors are obtained through a context encoder based on a converter; and
and the classification feature vector passes through a classifier to obtain a classification result, wherein the classification result is used for indicating whether the performance of the monitored storage module is normal or not.
Compared with the prior art, the storage equipment safety management system and the method thereof have the beneficial effects that firstly, performance indexes of a monitored storage module at a plurality of preset time points in a preset time period are arranged to be a performance index input matrix, then, the performance index input matrix is subjected to convolutional neural network model to obtain a performance index local association feature matrix, then, the performance index local association feature matrix is subjected to feature matrix division and is respectively unfolded to be a plurality of performance index local association sub-feature vectors, then, the performance index local association sub-feature vectors are subjected to context encoder to obtain classification feature vectors, and finally, the classification feature vectors are subjected to classifier to obtain classification results for indicating whether the performance of the monitored storage module is normal. Therefore, the accuracy and the instantaneity of monitoring and alarming can be improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort to a person of ordinary skill in the art. The following drawings are not intended to be drawn to scale, emphasis instead being placed upon illustrating the principles of the application.
Fig. 1 is an application scenario diagram of a storage device security management system according to an embodiment of the present application.
FIG. 2 is a block diagram of a storage device security management system according to an embodiment of the application.
FIG. 3 is a block diagram of the global semantic association module in a storage device security management system according to an embodiment of the present application.
Fig. 4 is a flowchart of a storage device security management method according to an embodiment of the present application.
Fig. 5 is a schematic diagram of a system architecture of a storage device security management method according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some, but not all embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are also within the scope of the application.
As used in the specification and in the claims, the terms "a," "an," "the," and/or "the" are not specific to a singular, but may include a plurality, unless the context clearly dictates otherwise. In general, the terms "comprises" and "comprising" merely indicate that the steps and elements are explicitly identified, and they do not constitute an exclusive list, as other steps or elements may be included in a method or apparatus.
Although the present application makes various references to certain modules in a system according to embodiments of the present application, any number of different modules may be used and run on a user terminal and/or server. The modules are merely illustrative, and different aspects of the systems and methods may use different modules.
A flowchart is used in the present application to describe the operations performed by a system according to embodiments of the present application. It should be understood that the preceding or following operations are not necessarily performed in order precisely. Rather, the various steps may be processed in reverse order or simultaneously, as desired. Also, other operations may be added to or removed from these processes.
Hereinafter, exemplary embodiments according to the present application will be described in detail with reference to the accompanying drawings. It should be apparent that the described embodiments are only some embodiments of the present application and not all embodiments of the present application, and it should be understood that the present application is not limited by the example embodiments described herein.
Fig. 1 is an application scenario diagram of a storage device security management system according to an embodiment of the present application. As shown in fig. 1, in this application scenario, first, performance indexes (e.g., D illustrated in fig. 1) of a monitored storage module (e.g., N illustrated in fig. 1) at a plurality of predetermined time points including CPU usage, disk space utilization, and network delay within a predetermined period of time are acquired, and then, the performance indexes at the plurality of predetermined time points are input to a server (e.g., S illustrated in fig. 1) where a storage device security management algorithm is deployed, wherein the server can process the performance indexes at the plurality of predetermined time points using the storage device security management algorithm to obtain a classification result for indicating whether the performance of the monitored storage module is normal.
FIG. 2 is a block diagram of a storage device security management system according to an embodiment of the application. As shown in fig. 2, a storage device security management system 100 according to an embodiment of the present application includes: an index acquisition module 110, configured to acquire performance indexes of the monitored storage module at a plurality of predetermined time points within a predetermined time period, where the performance indexes include a CPU utilization rate, a disk space utilization rate, and a network delay; a data arrangement module 120, configured to arrange performance indexes of the plurality of predetermined time points into a performance index input matrix according to a time dimension and a sample dimension; the correlation feature extraction module 130 is configured to input the performance index into a matrix to obtain a performance index local correlation feature matrix through a convolutional neural network model using a spatial attention mechanism; the dividing module 140 is configured to divide the feature matrix of the performance index local association feature matrix to obtain a plurality of performance index local association submatrices; the global semantic association module 150 is configured to obtain classification feature vectors by using a context encoder based on a converter after expanding the plurality of performance index local association sub-matrices into a plurality of performance index local association sub-feature vectors; and a detection result generating module 160, configured to pass the classification feature vector through a classifier to obtain a classification result, where the classification result is used to indicate whether the performance of the monitored storage module is normal.
More specifically, in the embodiment of the present application, the index collection module 110 is configured to obtain performance indexes of the monitored storage module at a plurality of predetermined time points within a predetermined period, where the performance indexes include a CPU usage rate, a disk space utilization rate, and a network delay. CPU utilization, disk space utilization, and network latency are important storage device performance metrics that can reflect the load, resource usage, and communication efficiency of the storage device. By capturing these performance metrics at a plurality of predetermined points in time over a predetermined period of time, dynamic changes and trends of the storage device may be captured therefrom. Specifically, the CPU is one of the core components of a computer system, which is responsible for performing various computing tasks. The CPU utilization rate is monitored to know the calculation load condition of the system, and whether the CPU normally operates or not and whether the overload condition exists or not are judged. High CPU utilization may cause the system to slow down or crash, so timely monitoring and optimizing CPU utilization is critical to ensuring system performance. The magnetic disk is a main device for storing data, and the capacity use condition of the storage module can be known by monitoring the space utilization rate of the magnetic disk. If the disk space utilization is too high, the storage module may not operate normally, or even cannot store new data. By monitoring the disk space utilization, measures such as cleaning unnecessary data or expanding storage capacity can be taken in time to ensure the normal operation of the storage module. Network delay refers to the time required for data to travel through the network. For the memory module, the size of the network delay directly affects the transmission speed and response time of the data. By monitoring the network delay, network faults or bottlenecks can be found in time so as to optimize and adjust, and the efficiency and stability of data transmission are improved. The existing monitoring alarm module generally realizes the function of monitoring alarm through data of a single dimension. For example, using appropriate monitoring tools (e.g., top, htop, etc.) to monitor CPU usage, observing whether CPU usage is continually above a normal level may indicate that a memory module is experiencing performance problems. For another example, the disk space utilization may be checked using an appropriate command (e.g., df command) to see if the disk space utilization is approaching or exceeding the capacity of the storage module, which may indicate that the storage module needs to be cleaned or expanded if the disk space utilization is approaching or exceeding the capacity. For another example, using an appropriate network monitoring tool (e.g., ping, traceroute, etc.) to measure network delay, observing whether network delay continues to be above a normal level, if it continues to be above a normal level, may indicate that there is a problem with the network connection of the memory module.
The monitoring alarm function is realized through the data of a single dimension, and the judgment accuracy is low. Based on the above, the technical concept of the application is to comprehensively utilize the performance indexes (CPU utilization rate, disk space utilization rate and network delay) of the monitored storage module at a plurality of preset time points in a preset time period, and intelligently realize the monitoring alarm function of the safety management of the storage device by combining deep learning and artificial intelligence technology. Therefore, the accuracy and the instantaneity of monitoring and alarming are improved, and the safety risk of the storage equipment is reduced.
Specifically, in one embodiment of the present application, the following method is used to obtain performance indexes of the monitored storage module at a plurality of predetermined time points within a predetermined period of time, including CPU usage, disk space usage, and network delay, including: a system monitoring tool or performance monitoring software is used to obtain the CPU usage. These tools typically provide an API or command line interface through which CPU usage data can be obtained programmatically, where API refers to an application programming interface (Application Programming Interface). It is a set of rules and protocols that define interactions between different software components. Through the API, different software systems, services or libraries can communicate and exchange data with each other, enabling sharing and interoperation of functions. An API can be seen as a bridge between two pieces of software that defines a series of methods, protocols, and tools for requesting and responding to data, accessing and operating functions, and the like. Through the API, developers can utilize already built functions and services without having to know the internal implementation details thereof. The API provides a standardized way that different software systems can be easily integrated and invoked with each other.
System calls or commands provided by the operating system are used to obtain the utilization of disk space. In one sub-embodiment of the application, df commands may be used to obtain disk space utilization information on a Linux system. Here, the df command is a command for displaying the disk space usage of the file system. It may list the file systems in the system, the total capacity of each file system, the space used, the available space, and the mounting points, among other information. df commands are commonly used in Linux and Unix operating systems and can be used to check disk usage, monitor disk space, and identify potential disk space problems.
The network delay is obtained by sending a network request and measuring the response time. May be implemented using a network monitoring tool or a network library provided in a programming language. In one sub-embodiment of the application, in Python, the requests library may be used to send HTTP requests and record the response time of the requests to obtain network delay data. It should be appreciated that HTTP requests are a protocol in which clients send requests to servers. In Web development, clients are often referred to as browsers, while servers are referred to as computers storing Web pages and other resources. With HTTP requests, clients may request specific resources from a server, such as web pages, images, videos, etc. HTTP requests are typically made up of a request line, a request header, and a request body. The request line contains the method of the request (e.g., GET, POST, PUT, etc.), the URL of the request, and the version of the protocol used. The request header contains some additional information such as user agent, cookie, authentication information, etc. The request body contains some optional data, such as form data that is passed in the POST request. After receiving the HTTP request, the server processes the request according to the method and URL of the request, and returns a corresponding response. Common responses include status codes, response heads, and response bodies. Network latency data can be obtained by sending HTTP requests using a request library and recording the response time of the requests.
The CPU utilization is monitored using appropriate monitoring tools (e.g., top, htop, etc.), and whether the CPU utilization is continuously above a normal level is observed, which may indicate that the memory module has performance problems if the CPU utilization is continuously above the normal level.
More specifically, in the embodiment of the present application, the data arrangement module 120 is configured to arrange the performance indexes at the plurality of predetermined time points into a performance index input matrix according to a time dimension and a sample dimension. In order to accurately mine the association relation and the local implicit characteristic information among the performance indexes, in the technical scheme of the application, the performance indexes of the plurality of preset time points are firstly arranged into a performance index input matrix according to a time dimension and a sample dimension so as to facilitate the characteristic extraction of a subsequent model, wherein the time dimension represents different preset time points, and the sample dimension represents different performance index types (namely CPU (Central processing Unit) utilization rate, disk space utilization rate and network delay).
More specifically, in the embodiment of the present application, the correlation feature extraction module 130 is configured to input the performance index into a matrix to obtain a performance index local correlation feature matrix through a convolutional neural network model using a spatial attention mechanism. The convolution neural network model using the spatial attention mechanism can effectively extract local correlation characteristics in the performance index input matrix, namely correlation among performance indexes at different time points in different sample dimensions. These local correlation features may reflect changes in the operating state and performance of the storage device at different points in time, thereby helping to determine whether an abnormal condition exists in the storage device. More specifically, the spatial attention mechanism may adaptively adjust the importance of performance metrics for different sample dimensions and different points in time, thereby enhancing the generalization ability and robustness of the model. In this way, the model can be prevented from being excessively sensitive or insensitive to performance indexes of certain dimensions or time points, and false alarms or missing alarms are avoided.
It should be appreciated that convolutional neural network (Convolutional Neural Network, CNN) is an artificial neural network and has wide application in the fields of image recognition and the like. The convolutional neural network may include an input layer, a hidden layer, and an output layer, where the hidden layer may include a convolutional layer, a pooling layer, an activation layer, a full connection layer, etc., where the previous layer performs a corresponding operation according to input data, outputs an operation result to the next layer, and obtains a final result after the input initial data is subjected to a multi-layer operation.
Accordingly, in one specific example, the associated feature extraction module 130 is configured to: input data are respectively carried out in the forward transmission process of each layer of the convolutional neural network model using the spatial attention mechanism: convolving the input data to generate a convolved feature map; pooling the convolution feature map to generate a pooled feature map; non-linearly activating the pooled feature map to generate an activated feature map; calculating the mean value of each position of the activation feature map along the channel dimension to generate a spatial feature matrix; calculating a Softmax-like function value of each position in the space feature matrix to obtain a space score matrix; calculating the space feature matrix and multiplying the space score matrix according to the position points to obtain a space enhancement feature matrix; the spatial enhancement feature matrix output by the last layer of the convolutional neural network model using a spatial attention mechanism is the performance index local association feature matrix.
More specifically, in the embodiment of the present application, the dividing module 140 is configured to perform feature matrix division on the performance index local association feature matrix to obtain a plurality of performance index local association submatrices. Thus, granularity of characteristic information of the characteristic matrix of the local association of the performance indexes can be thinned, and a plurality of sub-matrixes of the local association of the performance indexes are obtained.
More specifically, in the embodiment of the present application, the global semantic association module 150 is configured to obtain the classification feature vector by using a context encoder based on a converter after expanding the plurality of performance index local association sub-matrices into a plurality of performance index local association sub-feature vectors. The context encoder based on the converter can capture the global dependency relationship between the performance index local associated sub-feature vectors by using a self-attention mechanism. That is, the classification feature vector may be used to represent the overall performance state of the memory module.
It should be appreciated that by the context encoder, the relationship between a certain word segment and other word segments in the vector representation sequence may be analyzed to obtain corresponding feature information. The context encoder aims to mine for hidden patterns between contexts in the word sequence, optionally the encoder comprises: CNN (Convolutional Neural Network ), recurrent NN (RecursiveNeural Network, recurrent neural network), language Model (Language Model), and the like. The CNN-based method has a better extraction effect on local features, but has a poor effect on Long-Term Dependency (Long-Term Dependency) problems in sentences, so Bi-LSTM (Long Short-Term Memory) based encoders are widely used. The repetitive NN processes sentences as a tree structure rather than a sequence, has stronger representation capability in theory, but has the weaknesses of high sample marking difficulty, deep gradient disappearance, difficulty in parallel calculation and the like, so that the repetitive NN is less in practical application. The transducer has a network structure with wide application, has the characteristics of CNN and RNN, has a better extraction effect on global characteristics, and has a certain advantage in parallel calculation compared with RNN (recurrent neural network). Here, it should be appreciated by those skilled in the art that a transducer is a neural network model based on self-attention mechanisms (self-attention mechanism), originally proposed by Vaswani et al in 2017. It has achieved great success in Natural Language Processing (NLP) tasks and is widely used in the fields of machine translation, text summarization, language generation, etc. Conventional neural network models (e.g., recurrent neural networks and convolutional neural networks) have some limitations in dealing with long-range dependencies. The transducer model can better capture the dependency relationship between different positions in the input sequence by introducing a self-attention mechanism, so that the performance of the model is improved. The transducer model consists of an Encoder (Encoder) and a Decoder (Decoder). The encoder is responsible for encoding the input sequence into a series of hidden representations, which the decoder uses to generate the output sequence. The self-attention mechanism is a core component of the transducer model. It allows the model to adaptively focus on different positions of the input sequence during the encoding and decoding stages. By calculating the attention weight for each location, the model can weight the aggregate information according to the importance of the different locations in the input sequence. This mechanism enables the model to take into account global information of the input sequence without depending on a fixed sliding window size. In addition to the self-attention mechanism, the transducer model also introduces techniques such as residual connection and layer normalization to speed up the training process and improve the performance of the model.
Accordingly, in one specific example, as shown in fig. 3, the global semantic association module 150 includes: a matrix expansion unit 151, configured to expand the plurality of performance index local association sub-matrices into the plurality of performance index local association sub-feature vectors, respectively; and a context coding unit 152, configured to perform global context semantic coding on the plurality of performance index local associated sub-feature vectors by using the context encoder based on the converter to obtain the classification feature vector.
Accordingly, in one specific example, the context encoding unit 152 is configured to: performing one-dimensional arrangement on the plurality of performance index local association sub-feature vectors to obtain a global feature vector; calculating the product between the global feature vector and the transpose vector of each performance index local association sub-feature vector in the plurality of performance index local association sub-feature vectors to obtain a plurality of self-attention association matrices; respectively carrying out standardization processing on each self-attention correlation matrix in the plurality of self-attention correlation matrices to obtain a plurality of standardized self-attention correlation matrices; obtaining a plurality of probability values by using a Softmax classification function through each normalized self-attention correlation matrix in the normalized self-attention correlation matrices; and weighting each performance index local association sub-feature vector in the plurality of performance index local association sub-feature vectors by taking each probability value in the plurality of probability values as a weight to obtain the classification feature vector.
More specifically, in the embodiment of the present application, the detection result generating module 160 is configured to pass the classification feature vector through a classifier to obtain a classification result, where the classification result is used to indicate whether the performance of the monitored storage module is normal. Thus, based on the classification result, whether the monitoring alarm signal is generated or not is confirmed, and related personnel or departments can be notified to take corresponding repair measures.
That is, in the technical solution of the present application, the labels of the classifier include a normal performance (first label) of the monitored storage module and an abnormal performance (second label) of the monitored storage module, where the classifier determines to which classification label the classification feature matrix belongs through a soft maximum function. It should be noted that the first tag p1 and the second tag p2 do not include a human-set concept, and in fact, during the training process, the computer model does not have a concept of "whether the performance of the monitored memory module is normal", which is simply that there are two kinds of classification tags and the probability that the output feature is under the two kinds of classification tags, that is, the sum of p1 and p2 is one. Therefore, the classification result of whether the performance of the monitored storage module is normal is actually converted into the classified probability distribution conforming to the classification rule of the natural law through classifying the labels, and the physical meaning of the natural probability distribution of the labels is essentially used instead of the language text meaning of whether the performance of the monitored storage module is normal.
It should be appreciated that the role of the classifier is to learn the classification rules and classifier using a given class, known training data, and then classify (or predict) the unknown data. Logistic regression (logistics), SVM, etc. are commonly used to solve the classification problem, and for multi-classification problems (multi-class classification), logistic regression or SVM can be used as well, but multiple bi-classifications are required to compose multiple classifications, but this is error-prone and inefficient, and the commonly used multi-classification method is the Softmax classification function. It should be appreciated that the Softmax classification function is an activation function commonly used for multi-class classification tasks. It converts a set of real numbers into a vector representing a probability distribution such that each element in the vector is between 0 and 1 and the sum of all elements is 1. The calculation of the Softmax function is split into two steps. First, for each element in the input vector, the value of its exponential function is calculated. The values of all the exponential functions are then added and the value of each exponential function is divided by the sum to give the final Softmax vector. The output of the Softmax function may be interpreted as a probability for each of a plurality of categories. Thus, in a multi-class classification task, the Softmax function is typically used as the last layer of activation function to convert the model's output to a class probability distribution. In the training process, the difference between the prediction probability and the true labels is typically measured using a cross entropy loss function, and the parameters of the model are updated by a back propagation algorithm.
Accordingly, in one specific example, the detection result generating module 160 is configured to: performing full-connection coding on the classification feature vectors by using a plurality of full-connection layers of the classifier to obtain coded classification feature vectors; and passing the coding classification feature vector through a Softmax classification function of the classifier to obtain the classification result.
Accordingly, in one specific example, the detection result generating module 160 is configured to process the classification feature vector with the following formula using the classifier to obtain the classification result;
wherein, the formula is:, wherein ,/>To->Is a weight matrix>To->For the bias vector +.>For the classification feature vector, softmax represents a normalized exponential function.
Further, in order to train convolutional neural network models, converter-based context encoders and classifiers that use spatial attention mechanisms so that they can efficiently analyze and classify performance metrics, the storage device security management system 100 further includes: a training module for training the convolutional neural network model using a spatial attention mechanism, the converter-based context encoder, and the classifier. It should be appreciated that the function of the training module is to train these models using known performance index data and corresponding labels (normal or abnormal). Through training, the model can learn the association relation, the characteristic representation and the classification of the performance indexes. In particular, the training module may use an existing performance index data set to divide it into a training set and a validation set. The training set is used for parameter updating and optimization of the model, while the validation set is used to evaluate the performance of the model and select the best model parameters. During training, the training module provides the performance index input matrix to a convolutional neural network model using a spatial attention mechanism, which is trained based on the context encoder and classifier of the transducer. Through a back propagation algorithm, the model can update model parameters according to the difference between the model and the label, and the performance and accuracy of the model are gradually improved. After training, the models can be classified according to the input performance index data, and whether the performance of the storage device is normal or not is judged. The existence of the training module can help the system to realize automatic performance monitoring and classification, and improves the safety management capability of the storage device.
Wherein, training module includes: the training index acquisition module is used for acquiring training performance indexes of the monitored storage module at a plurality of preset time points in a preset time period; the training data arrangement module is used for arranging the training performance indexes of the plurality of preset time points into a training performance index input matrix according to the time dimension and the sample dimension; the training associated feature extraction module is used for inputting the training performance index into a matrix through the convolutional neural network model using the spatial attention mechanism to obtain a training performance index local associated feature matrix; the training dividing module is used for dividing the feature matrix of the training performance index local association feature matrix to obtain a plurality of training performance index local association submatrices; the training global semantic association module is used for respectively expanding the plurality of training performance index local association sub-matrixes into a plurality of training performance index local association sub-feature vectors and then obtaining training classification feature vectors through the context encoder based on the converter; the classification loss unit is used for passing the training classification feature vector through the classifier to obtain a classification loss function value; and a training unit for training the convolutional neural network model using spatial attention mechanisms, the converter-based context encoder and the classifier based on the classification loss function values and with back propagation of gradient descent, wherein in each iteration of the training, a cross-domain attention transfer optimization of feature distribution is performed on a weight matrix of the classifier.
In the technical scheme of the application, when the performance index input matrix obtains the performance index local correlation feature matrix through a convolutional neural network model using a spatial attention mechanism, the local correlation feature spatial distribution of the performance index local correlation feature matrix is enhanced through the spatial attention mechanism, so that the feature distribution among the plurality of obtained performance index local correlation sub-matrices is large in variability after the performance index local correlation feature matrix is subjected to feature matrix division, and although context correlation coding is performed through a context encoder based on a converter, a significant feature distribution explicit difference still exists among a plurality of context performance index local correlation sub-feature vectors obtained through the context encoder based on the converter, so that the significant distribution transferability difference exists in the classified domain transfer process when the classification is performed through the classifier. Therefore, when classifying the classification feature vector, the classification feature vector needs to be adaptively optimized with respect to the weight matrix of the classifier so as to improve the accuracy of the classification result obtained by the classification feature vector through the classifier. Specifically, the applicant of the present application performs cross-domain attention transfer optimization of feature distribution on the weight matrix M.
Accordingly, in one specific example, performing cross-domain attention transfer optimization of feature distribution on the weight matrix of the classifier includes: performing cross-domain attention transfer optimization of feature distribution on the weight matrix of the classifier by using the following optimization formula to obtain an optimized weight matrix;
the transfer optimization formula is as follows:
wherein ,is the weight matrix,/->Is of the scale +.>,/>、/>To->Is the respective row vector of the weight matrix, is->Representing the two norms of the feature vector, +.>Represents the +.o of the weight matrix>Line->Characteristic value of column>Is a row vector obtained by arranging the sum value of each row vector of the weight matrix,/->Representing the transpose of the matrix>Representing matrix multiplication +.> and />All represent a single layer convolution operation, ">Is the optimized rightAnd (5) a heavy matrix.
Here, the feature distribution-based cross-domain attention transfer optimization is directed to different representations of feature distributions of the classification feature vectors existing in a feature space domain and a classification target domain, based on a cross-domain diversity feature representation of a weight matrix M of the classifier relative to the classification feature vectors to be classified, enhancing transferability of cross-domain gaps of good transfer feature distributions in the diversity feature distribution by giving attention to spatially structured feature distributions of the weight matrix M through convolution operation while suppressing negative transfer (negative transfer) of bad transfer feature distributions, so as to achieve unsupervised domain transfer adaptive optimization of the weight matrix M based on a distribution structure of the weight matrix M itself relative to the classification feature vectors to be classified, thereby improving accuracy of classification results obtained by classification of the classification feature vectors by the classifier.
It should be noted that, in other specific examples of the present application, the feature extraction may be performed on the performance index input matrix in other manners to obtain the classification feature vector. Specifically, feature extraction is performed on the performance index input matrix to obtain a classification feature vector, which includes: first, data preprocessing is performed on the performance index input matrix to obtain a processed performance index input matrix. The data preprocessing comprises outlier removal, missing value processing, data normalization and the like. It should be appreciated that outliers may have adverse effects on data analysis and modeling, and thus, need to be handled. Outliers may be detected and processed using statistical methods or methods based on domain knowledge. In actual data there may be missing values, i.e. some data items are not recorded or collected. Missing values may cause deviations in the analysis results and therefore require missing value processing. Common methods include deleting samples containing missing values, filling the missing values with a mean or median, or estimating the missing values using interpolation or the like. Since different performance metrics may have different dimensions and ranges of values, it is often necessary to normalize the data in order to compare and comprehensively analyze them. Common normalization methods include min-max normalization (scaling the data between 0-1) and normalization (converting the data into a distribution with a mean of 0 and a variance of 1), etc. By performing data preprocessing, the reliability and usability of the data can be improved, the influence of abnormal values and missing values on analysis results can be reduced, and the comparability among different performance indexes can be ensured, so that a more accurate data basis is provided for subsequent analysis and modeling.
Then, an appropriate feature is selected from the processed performance index input matrix. In particular, the most relevant features may be determined based on domain knowledge or using feature selection algorithms. It should be appreciated that the processed performance index input matrix may contain a large number of features, some of which may be redundant or non-influential. The dimension can be reduced by selecting proper characteristics, the calculation complexity is reduced, and the training efficiency of the model is improved. Selecting features that have higher correlation or have a stronger impact on the target variable may improve the performance of the model. By selecting the most relevant features, a more accurate input signal can be provided, thereby improving the prediction accuracy of the model. The selection of features that are both practical and explanatory can understand the results of the model. These features may provide insight and explanation about performance issues, guiding subsequent decisions and optimizations. Selecting the appropriate features may reduce the risk of overfitting. When the model contains too many features, an overfitting situation may occur, i.e., the model performs well on the training set, but has poor generalization ability on new data. By selecting the appropriate features, the risk of model overfitting can be reduced and its generalization ability on new data can be improved.
Next, a suitable feature extraction method is used to extract useful features from the post-processing performance index input matrix. Common feature extraction methods include statistical features (such as mean, variance, maximum, minimum, etc.), frequency domain features, time domain features, and information entropy. It should be appreciated that selecting the appropriate features may help the model better capture key information in the data, thereby improving the predictive performance of the model. By removing extraneous or redundant features, noise and interference can be reduced, focusing the model more on important features. The processed performance index input matrix may contain a large number of features, many of which may be redundant or unrelated. Selecting the appropriate features may reduce the number of features, thereby reducing the dimensionality of the data. The dimension reduction is beneficial to reducing the computational complexity and improving the training efficiency of the model. The selection of appropriate features may make the model easier to interpret. By selecting features that are related to the target variable, the prediction results of the model can be better understood. This is very important to decision makers and domain professionals, as they can interpret the decision basis of the model according to the importance of the feature. Too many features may result in the model overfitting the training data, i.e., performing well on the training data, but performing poorly on the new data. By selecting the appropriate features, the risk of overfitting can be reduced, making the model more generalizable.
The extracted features are then unithermally encoded and converted into a numerical form acceptable to machine learning algorithms. It should be appreciated that since most machine learning algorithms can only process numeric data, it is not straightforward to process classification or text type features. One-hot encoding is a common method of converting classification features into numerical form acceptable to machine learning algorithms. The one-hot encoding expands the value of each classification feature into a new binary feature. For a feature with n different values, the one-hot code converts it into n binary features, each feature representing whether the original feature has a corresponding value. The advantage of the one-time-heat-code is that it converts the relationships between the values of the classification features into relationships between the values, enabling the machine learning algorithm to better understand and utilize these features. Meanwhile, the single-hot coding also solves the problem of disorder between values in the classification features, and avoids the false assumption of the algorithm on the feature values.
Finally, the encoded features are combined into a component feature vector. It should be appreciated that the primary purpose of combining the encoded features into a separate feature vector is to convert the original plurality of features into a feature vector for input into the classification model for training and prediction. Specifically, by combining a plurality of features into one feature vector, the dimensions of the features can be reduced, thereby reducing the complexity of the feature space. This is particularly important for high-dimensional datasets, which typically lead to dimension disaster problems. At the same time, combining the encoded features into a component feature vector can help the model better capture the relationships and interactions between features. This can increase the expressive power of the model and thus the performance of the model.
It should be noted that, in other specific examples of the present application, the CPU usage, the disk space utilization and the network delay of the monitored storage module at a plurality of predetermined time points within the predetermined time period may also be extracted by other methods to determine whether the performance of the monitored storage module is normal. For example, an average of CPU usage, disk space utilization, and network delay over a predetermined period of time is calculated. The variance of CPU usage, disk space utilization, and network latency over a predetermined period of time is calculated to evaluate its volatility. The maximum and minimum values of CPU usage, disk space utilization, and network delay over a predetermined period of time are recorded to evaluate the extremes. The CPU utilization, disk space utilization, and network latency percentiles, e.g., 25th, 50th, and 75th percentiles, over a predetermined period of time are calculated to obtain more detailed distribution information. The change in performance is assessed by calculating the CPU utilization, disk space utilization, and the trend of the network delay over a predetermined period of time, such as the coefficient of slope or linear regression. And analyzing the periodic characteristics of CPU utilization rate, disk space utilization rate and network delay by using methods such as Fourier transformation or autocorrelation function and the like to detect whether periodic performance problems exist. And using an abnormality detection algorithm, such as isolated forest, outlier detection and the like, to identify abnormal conditions in CPU utilization rate, disk space utilization rate and network delay. Here, it is known to those skilled in the art that an isolated Forest (Isolation Forest) is an unsupervised learning algorithm for anomaly detection. It is based on a simple idea: outliers are relatively few in the data, so anomalies can be detected by isolating outliers from normal points. The isolated forest achieves this by constructing a random binary tree. The method comprises the following specific steps: a feature and a segmentation point are randomly selected to divide the data set into two parts. Each subset is recursively partitioned until a stop condition is reached, e.g. the height of the tree reaches a predetermined value or only one sample of the subset. The degree of abnormality is evaluated based on the depth of the sample in the tree. Outliers are typically segmented earlier and therefore have shallower depths in the tree. The outlier score is determined by constructing a plurality of random binary trees and calculating an average depth for each sample. The lower the score, the more likely the representation is an outlier. Advantages of isolated forests include strong processing power for high-dimensional data and large-scale data, and freedom from data distribution. It can also be used for tasks such as feature selection and data visualization. However, an isolated forest may exhibit poor performance in cases where there are a large number of outliers in the processed dataset.
In summary, the storage device security management system 100 according to the embodiment of the present application is illustrated, firstly, performance indexes of a monitored storage module at a plurality of predetermined time points within a predetermined period of time are arranged as a performance index input matrix, then, the performance index input matrix is passed through a convolutional neural network model to obtain a performance index local association feature matrix, then, feature matrix division is performed on the performance index local association feature matrix and is respectively expanded into a plurality of performance index local association sub-feature vectors, and then, the plurality of performance index local association sub-feature vectors are passed through a context encoder to obtain classification feature vectors, and finally, the classification feature vectors are passed through a classifier to obtain classification results for indicating whether the performance of the monitored storage module is normal. Therefore, the accuracy and the instantaneity of monitoring and alarming can be improved.
As described above, the storage device security management system 100 according to the embodiment of the present application may be implemented in various terminal devices, for example, a server or the like having a storage device security management algorithm according to the embodiment of the present application. In one example, the storage device security management system 100 according to an embodiment of the present application may be integrated into a terminal device as a software module and/or a hardware module. For example, the storage device security management system 100 according to the embodiment of the present application may be a software module in the operating system of the terminal device, or may be an application program developed for the terminal device; of course, the storage device security management system 100 according to the embodiment of the present application may also be one of a plurality of hardware modules of the terminal device.
Alternatively, in another example, the storage device security management system 100 according to an embodiment of the present application may be a separate device from the terminal device, and the storage device security management system 100 may be connected to the terminal device through a wired and/or wireless network and transmit interactive information in a contracted data format.
Fig. 4 is a flowchart of a storage device security management method according to an embodiment of the present application. Fig. 5 is a schematic diagram of a system architecture of a storage device security management method according to an embodiment of the present application. As shown in fig. 4 and 5, a storage device security management method according to an embodiment of the present application includes: s110, acquiring performance indexes of the monitored storage module at a plurality of preset time points in a preset time period, wherein the performance indexes comprise CPU (Central processing Unit) utilization rate, disk space utilization rate and network delay; s120, arranging the performance indexes of the plurality of preset time points into a performance index input matrix according to a time dimension and a sample dimension; s130, inputting the performance index into a matrix to obtain a performance index local association feature matrix through a convolutional neural network model using a spatial attention mechanism; s140, performing feature matrix division on the performance index local association feature matrix to obtain a plurality of performance index local association submatrices; s150, respectively expanding the plurality of performance index local correlation sub-matrixes into a plurality of performance index local correlation sub-feature vectors, and then obtaining classification feature vectors through a context encoder based on a converter; and S160, the classification feature vector is passed through a classifier to obtain a classification result, wherein the classification result is used for indicating whether the performance of the monitored storage module is normal or not.
Here, it will be understood by those skilled in the art that the specific operations of the respective steps in the above-described storage device security management method have been described in detail in the above description of the storage device security management system 100 with reference to fig. 1 to 3, and thus, repetitive descriptions thereof will be omitted.
According to another aspect of the present application there is also provided a non-volatile computer readable storage medium having stored thereon computer readable instructions which when executed by a computer can perform a method as described above.
Program portions of the technology may be considered to be "products" or "articles of manufacture" in the form of executable code and/or associated data, embodied or carried out by a computer readable medium. A tangible, persistent storage medium may include any memory or storage used by a computer, processor, or similar device or related module. Such as various semiconductor memories, tape drives, disk drives, or the like, capable of providing storage functionality for software.
The application uses specific words to describe embodiments of the application. Reference to "a first/second embodiment," "an embodiment," and/or "some embodiments" means that a particular feature, structure, or characteristic is associated with at least one embodiment of the application. Thus, it should be emphasized and should be appreciated that two or more references to "an embodiment" or "one embodiment" or "an alternative embodiment" in various positions in this specification are not necessarily referring to the same embodiment. Furthermore, certain features, structures, or characteristics of one or more embodiments of the application may be combined as suitable.
Furthermore, those skilled in the art will appreciate that the various aspects of the application are illustrated and described in the context of a number of patentable categories or circumstances, including any novel and useful procedures, machines, products, or materials, or any novel and useful modifications thereof. Accordingly, aspects of the application may be performed entirely by hardware, entirely by software (including firmware, resident software, micro-code, etc.) or by a combination of hardware and software. The above hardware or software may be referred to as a "data block," module, "" engine, "" unit, "" component, "or" system. Furthermore, aspects of the application may take the form of a computer product, comprising computer-readable program code, embodied in one or more computer-readable media.
Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
The foregoing is illustrative of the present invention and is not to be construed as limiting thereof. Although a few exemplary embodiments of this invention have been described, those skilled in the art will readily appreciate that many modifications are possible in the exemplary embodiments without materially departing from the novel teachings and advantages of this invention. Accordingly, all such modifications are intended to be included within the scope of this invention as defined in the following claims. It is to be understood that the foregoing is illustrative of the present invention and is not to be construed as limited to the specific embodiments disclosed, and that modifications to the disclosed embodiments, as well as other embodiments, are intended to be included within the scope of the appended claims. The invention is defined by the claims and their equivalents.
Claims (10)
1. A storage device security management system, comprising:
the system comprises an index acquisition module, a monitoring module and a storage module, wherein the index acquisition module is used for acquiring performance indexes of a plurality of preset time points of the monitored storage module in a preset time period, and the performance indexes comprise CPU (central processing unit) utilization rate, disk space utilization rate and network delay;
the data arrangement module is used for arranging the performance indexes of the plurality of preset time points into a performance index input matrix according to the time dimension and the sample dimension;
The associated feature extraction module is used for inputting the performance index into a matrix to obtain a performance index local associated feature matrix through a convolutional neural network model using a spatial attention mechanism;
the dividing module is used for dividing the characteristic matrix of the performance index local association characteristic matrix to obtain a plurality of performance index local association sub-matrices;
the global semantic association module is used for respectively expanding the plurality of performance index local association sub-matrixes into a plurality of performance index local association sub-feature vectors and then obtaining classification feature vectors through a context encoder based on a converter; and
and the detection result generation module is used for passing the classification feature vector through a classifier to obtain a classification result, wherein the classification result is used for indicating whether the performance of the monitored storage module is normal or not.
2. The storage device security management system of claim 1, wherein the associated feature extraction module is to:
input data are respectively carried out in the forward transmission process of each layer of the convolutional neural network model using the spatial attention mechanism:
convolving the input data to generate a convolved feature map;
Pooling the convolution feature map to generate a pooled feature map;
non-linearly activating the pooled feature map to generate an activated feature map;
calculating the mean value of each position of the activation feature map along the channel dimension to generate a spatial feature matrix;
calculating a Softmax-like function value of each position in the space feature matrix to obtain a space score matrix; and
calculating the space feature matrix and multiplying the space score matrix according to the position points to obtain a space enhancement feature matrix;
the spatial enhancement feature matrix output by the last layer of the convolutional neural network model using a spatial attention mechanism is the performance index local association feature matrix.
3. The storage device security management system of claim 2, wherein the global semantic association module comprises:
the matrix expansion unit is used for expanding the plurality of performance index local association sub-matrices into the plurality of performance index local association sub-feature vectors respectively; and
and the context coding unit is used for carrying out global context semantic coding on the plurality of performance index local association sub-feature vectors by using the context coder based on the converter so as to obtain the classification feature vector.
4. The storage device security management system of claim 3, wherein the context encoding unit is configured to:
performing one-dimensional arrangement on the plurality of performance index local association sub-feature vectors to obtain a global feature vector;
calculating the product between the global feature vector and the transpose vector of each performance index local association sub-feature vector in the plurality of performance index local association sub-feature vectors to obtain a plurality of self-attention association matrices;
respectively carrying out standardization processing on each self-attention correlation matrix in the plurality of self-attention correlation matrices to obtain a plurality of standardized self-attention correlation matrices;
each normalized self-attention correlation matrix in the normalized self-attention correlation matrices is subjected to a Softmax classification function to obtain a plurality of probability values; and
and weighting each performance index local association sub-feature vector in the plurality of performance index local association sub-feature vectors by taking each probability value in the plurality of probability values as a weight respectively to obtain the classification feature vector.
5. The storage device security management system of claim 4, wherein the detection result generation module is configured to:
Performing full-connection coding on the classification feature vectors by using a plurality of full-connection layers of the classifier to obtain coded classification feature vectors; and
and the coding classification feature vector passes through a Softmax classification function of the classifier to obtain the classification result.
6. The storage device security management system of claim 5, further comprising: a training module for training the convolutional neural network model using a spatial attention mechanism, the converter-based context encoder, and the classifier;
wherein, training module includes:
the training index acquisition module is used for acquiring training performance indexes of the monitored storage module at a plurality of preset time points in a preset time period;
the training data arrangement module is used for arranging the training performance indexes of the plurality of preset time points into a training performance index input matrix according to the time dimension and the sample dimension;
the training associated feature extraction module is used for inputting the training performance index into a matrix through the convolutional neural network model using the spatial attention mechanism so as to obtain a training performance index local associated feature matrix;
The training dividing module is used for dividing the feature matrix of the training performance index local association feature matrix to obtain a plurality of training performance index local association submatrices;
the training global semantic association module is used for respectively expanding the plurality of training performance index local association sub-matrixes into a plurality of training performance index local association sub-feature vectors and obtaining training classification feature vectors through the context encoder based on the converter;
the classification loss unit is used for passing the training classification feature vector through the classifier to obtain a classification loss function value; and
a training unit for training the convolutional neural network model using spatial attention mechanisms, the converter-based context encoder and the classifier based on the classification loss function values and with back propagation of gradient descent, wherein in each iteration of the training, a cross-domain attention transfer optimization of feature distribution is performed on a weight matrix of the classifier.
7. The storage device security management system of claim 6, wherein performing feature-distributed cross-domain attention-diversion optimization on the weight matrix of the classifier comprises: performing cross-domain attention transfer optimization of feature distribution on the weight matrix of the classifier by using the following optimization formula to obtain an optimized weight matrix;
The transfer optimization formula is as follows:
wherein ,is the weight matrix,/->Is of the scale +.>,/> 、/>To->Is the respective row vector of the weight matrix, is->Representing the two norms of the feature vector, +.>Represents the +.o of the weight matrix>Line->The characteristic value of the column,is a row vector obtained by arranging the sum value of each row vector of the weight matrix,/->Representing the transpose of the matrix>Representing matrix multiplication +.> and />All represent a single layer convolution operation, ">Is the optimized weight matrix.
8. A storage device security management method, comprising:
acquiring performance indexes of a plurality of preset time points of a monitored storage module in a preset time period, wherein the performance indexes comprise CPU (central processing unit) utilization rate, disk space utilization rate and network delay;
arranging the performance indexes of the plurality of preset time points into a performance index input matrix according to the time dimension and the sample dimension;
inputting the performance index into a matrix to obtain a performance index local association feature matrix through a convolutional neural network model using a spatial attention mechanism;
performing feature matrix division on the performance index local association feature matrix to obtain a plurality of performance index local association submatrices;
After the plurality of performance index local correlation sub-matrixes are respectively unfolded into a plurality of performance index local correlation sub-feature vectors, a classification feature vector is obtained through a context encoder based on a converter; and
and the classification feature vector passes through a classifier to obtain a classification result, wherein the classification result is used for indicating whether the performance of the monitored storage module is normal or not.
9. The storage device security management method of claim 8, wherein inputting the performance index into a matrix to obtain a performance index local association feature matrix through a convolutional neural network model using a spatial attention mechanism, comprises:
input data are respectively carried out in the forward transmission process of each layer of the convolutional neural network model using the spatial attention mechanism:
convolving the input data to generate a convolved feature map;
pooling the convolution feature map to generate a pooled feature map;
non-linearly activating the pooled feature map to generate an activated feature map;
calculating the mean value of each position of the activation feature map along the channel dimension to generate a spatial feature matrix;
calculating a Softmax-like function value of each position in the space feature matrix to obtain a space score matrix; and
Calculating the space feature matrix and multiplying the space score matrix according to the position points to obtain a space enhancement feature matrix;
the spatial enhancement feature matrix output by the last layer of the convolutional neural network model using a spatial attention mechanism is the performance index local association feature matrix.
10. The storage device security management method of claim 9, wherein the expanding the plurality of performance index local correlation sub-matrices into the performance index local correlation sub-feature vectors, respectively, and then passing through a context encoder based on a converter to obtain the classification feature vectors comprises:
respectively expanding the plurality of performance index local association sub-matrixes into a plurality of performance index local association sub-feature vectors; and
and performing global-based context semantic coding on the plurality of performance index local associated sub-feature vectors by using the context encoder based on the converter to obtain the classification feature vector.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310963934.4A CN116679890B (en) | 2023-08-02 | 2023-08-02 | Storage device security management system and method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310963934.4A CN116679890B (en) | 2023-08-02 | 2023-08-02 | Storage device security management system and method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116679890A true CN116679890A (en) | 2023-09-01 |
| CN116679890B CN116679890B (en) | 2023-09-29 |
Family
ID=87782220
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310963934.4A Active CN116679890B (en) | 2023-08-02 | 2023-08-02 | Storage device security management system and method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116679890B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116777892A (en) * | 2023-07-03 | 2023-09-19 | 东莞市震坤行胶粘剂有限公司 | Method and system for detecting dispensing quality based on visual detection |
| CN116937758A (en) * | 2023-09-19 | 2023-10-24 | 广州德姆达光电科技有限公司 | Household energy storage power supply system and operation method thereof |
| CN117254960A (en) * | 2023-09-25 | 2023-12-19 | 深圳市云钜天成信息技术有限公司 | Detection method for detecting API interface verification risk from flow data |
| CN117375237A (en) * | 2023-10-20 | 2024-01-09 | 浙江日新电气有限公司 | Substation operation and maintenance method and system based on digital twin technology |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6035057A (en) * | 1997-03-10 | 2000-03-07 | Hoffman; Efrem H. | Hierarchical data matrix pattern recognition and identification system |
| US10692004B1 (en) * | 2015-11-15 | 2020-06-23 | ThetaRay Ltd. | System and method for anomaly detection in dynamically evolving data using random neural network decomposition |
| US20210019211A1 (en) * | 2019-07-15 | 2021-01-21 | Bull Sas | Method and device for determining a performance indicator value for predicting anomalies in a computing infrastructure from values of performance indicators |
| CN113051216A (en) * | 2021-04-22 | 2021-06-29 | 南京工业大学 | MobileNet-SSD target detection device and method based on FPGA acceleration |
| US11222217B1 (en) * | 2020-08-14 | 2022-01-11 | Tsinghua University | Detection method using fusion network based on attention mechanism, and terminal device |
| CN115269357A (en) * | 2022-09-23 | 2022-11-01 | 华南理工大学 | Micro-service abnormity detection method based on call chain |
| CN115409262A (en) * | 2022-08-31 | 2022-11-29 | 中南大学 | Railway data center key performance index trend prediction method and abnormity identification method |
| CN116149895A (en) * | 2023-02-24 | 2023-05-23 | 中国工商银行股份有限公司 | Big data cluster performance prediction method and device and computer equipment |
| CN116521495A (en) * | 2023-03-21 | 2023-08-01 | 大连理工大学 | System performance bottleneck detection method based on reinforcement learning |
-
2023
- 2023-08-02 CN CN202310963934.4A patent/CN116679890B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6035057A (en) * | 1997-03-10 | 2000-03-07 | Hoffman; Efrem H. | Hierarchical data matrix pattern recognition and identification system |
| US10692004B1 (en) * | 2015-11-15 | 2020-06-23 | ThetaRay Ltd. | System and method for anomaly detection in dynamically evolving data using random neural network decomposition |
| US20210019211A1 (en) * | 2019-07-15 | 2021-01-21 | Bull Sas | Method and device for determining a performance indicator value for predicting anomalies in a computing infrastructure from values of performance indicators |
| US11222217B1 (en) * | 2020-08-14 | 2022-01-11 | Tsinghua University | Detection method using fusion network based on attention mechanism, and terminal device |
| CN113051216A (en) * | 2021-04-22 | 2021-06-29 | 南京工业大学 | MobileNet-SSD target detection device and method based on FPGA acceleration |
| CN115409262A (en) * | 2022-08-31 | 2022-11-29 | 中南大学 | Railway data center key performance index trend prediction method and abnormity identification method |
| CN115269357A (en) * | 2022-09-23 | 2022-11-01 | 华南理工大学 | Micro-service abnormity detection method based on call chain |
| CN116149895A (en) * | 2023-02-24 | 2023-05-23 | 中国工商银行股份有限公司 | Big data cluster performance prediction method and device and computer equipment |
| CN116521495A (en) * | 2023-03-21 | 2023-08-01 | 大连理工大学 | System performance bottleneck detection method based on reinforcement learning |
Non-Patent Citations (1)
| Title |
|---|
| 熊辉等: "基于OpenStack的自适应异常检测模型的设计与实现", 计算机应用与软件, pages 292 - 298 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116777892A (en) * | 2023-07-03 | 2023-09-19 | 东莞市震坤行胶粘剂有限公司 | Method and system for detecting dispensing quality based on visual detection |
| CN116777892B (en) * | 2023-07-03 | 2024-01-26 | 东莞市震坤行胶粘剂有限公司 | Method and system for detecting dispensing quality based on visual detection |
| CN116937758A (en) * | 2023-09-19 | 2023-10-24 | 广州德姆达光电科技有限公司 | Household energy storage power supply system and operation method thereof |
| CN116937758B (en) * | 2023-09-19 | 2023-12-19 | 广州德姆达光电科技有限公司 | Household energy storage power supply system and operation method thereof |
| CN117254960A (en) * | 2023-09-25 | 2023-12-19 | 深圳市云钜天成信息技术有限公司 | Detection method for detecting API interface verification risk from flow data |
| CN117254960B (en) * | 2023-09-25 | 2024-05-10 | 深圳市云钜天成信息技术有限公司 | Detection method for detecting API interface verification risk from flow data |
| CN117375237A (en) * | 2023-10-20 | 2024-01-09 | 浙江日新电气有限公司 | Substation operation and maintenance method and system based on digital twin technology |
| CN117375237B (en) * | 2023-10-20 | 2024-05-24 | 浙江日新电气有限公司 | Substation operation and maintenance method and system based on digital twin technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116679890B (en) | 2023-09-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN116679890B (en) | Storage device security management system and method thereof | |
| US10600005B2 (en) | System for automatic, simultaneous feature selection and hyperparameter tuning for a machine learning model | |
| US10354204B2 (en) | Machine learning predictive labeling system | |
| US10275690B2 (en) | Machine learning predictive labeling system | |
| US20210089927A9 (en) | Unsupervised outlier detection in time-series data | |
| JP6725700B2 (en) | Method, apparatus, and computer readable medium for detecting abnormal user behavior related application data | |
| US9245235B2 (en) | Integrated approach to model time series dynamics in complex physical systems | |
| US10565528B2 (en) | Analytic system for feature engineering improvement to machine learning models | |
| US20190080253A1 (en) | Analytic system for graphical interpretability of and improvement of machine learning models | |
| Zhao et al. | A novel multivariate time-series anomaly detection approach using an unsupervised deep neural network | |
| US10824694B1 (en) | Distributable feature analysis in model training system | |
| CN117040917A (en) | Intelligent switch with monitoring and early warning functions | |
| US20230316720A1 (en) | Anomaly detection apparatus, anomaly detection method, and program | |
| JP7499360B2 (en) | Obtaining Compact Representations and Time Series Segments with Deep Learning | |
| CN117041017B (en) | Intelligent operation and maintenance management method and system for data center | |
| JP7207540B2 (en) | LEARNING SUPPORT DEVICE, LEARNING SUPPORT METHOD, AND PROGRAM | |
| Shi et al. | Research on the Initial Fault Prediction Method of Rolling Bearings Based on DCAE‐TCN Transfer Learning | |
| CN116451139A (en) | Live broadcast data rapid analysis method based on artificial intelligence | |
| Xiu et al. | Variational disentanglement for rare event modeling | |
| US11195084B1 (en) | Neural network training system | |
| CN117422181B (en) | Fuzzy label-based method and system for early warning loss of issuing clients | |
| Qin et al. | CSCAD: Correlation structure-based collective anomaly detection in complex system | |
| Dangut et al. | Rescaled-LSTM for predicting aircraft component replacement under imbalanced dataset constraint | |
| CN117134958A (en) | Information processing method and system for network technology service | |
| Wang et al. | Chaotic information-geometric support vector machine and its application to fault diagnosis of hydraulic pumps |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |