CN117851945A - Method, device and medium for detecting abnormality of application log of banking system - Google Patents
Method, device and medium for detecting abnormality of application log of banking system Download PDFInfo
- Publication number
- CN117851945A CN117851945A CN202311726133.2A CN202311726133A CN117851945A CN 117851945 A CN117851945 A CN 117851945A CN 202311726133 A CN202311726133 A CN 202311726133A CN 117851945 A CN117851945 A CN 117851945A
- Authority
- CN
- China
- Prior art keywords
- log
- banking system
- abnormality
- detecting
- application log
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 230000005856 abnormality Effects 0.000 title claims abstract description 47
- 238000001514 detection method Methods 0.000 claims abstract description 69
- 230000002159 abnormal effect Effects 0.000 claims abstract description 33
- 238000013145 classification model Methods 0.000 claims abstract description 14
- 239000013598 vector Substances 0.000 claims description 18
- 238000004590 computer program Methods 0.000 claims description 10
- 230000004931 aggregating effect Effects 0.000 claims description 2
- 230000006872 improvement Effects 0.000 abstract description 9
- 230000009286 beneficial effect Effects 0.000 abstract description 6
- 238000013135 deep learning Methods 0.000 description 7
- 238000004458 analytical method Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 3
- 230000002547 anomalous effect Effects 0.000 description 2
- 238000013136 deep learning model Methods 0.000 description 2
- 238000000605 extraction Methods 0.000 description 2
- 238000012300 Sequence Analysis Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000013075 data extraction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000013179 statistical model Methods 0.000 description 1
- 238000012731 temporal analysis Methods 0.000 description 1
- 238000000700 time series analysis Methods 0.000 description 1
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention provides a method, a device and a medium for detecting abnormality of an application log of a banking system. The method comprises the following steps of a historical data learning stage, wherein logs of distributed multi-equipment are summarized, aggregated and feature extracted based on a call chain, and abnormal detection training of application logs is carried out by using an isolated forest algorithm to obtain an abnormal classification Model; and in the real-time prediction stage, a time window with set duration is configured, and a detection result is predicted and output through an abnormal classification Model according to real-time log data acquired in the time window. The method can effectively reduce the calculated amount, save the resources and the cost, improve the accuracy and the instantaneity of anomaly detection, and better cope with complex data scenes and the characteristics of a distributed system of a bank core system. In addition, the method can also find abnormal conditions in time and carry out alarm notification, thereby being beneficial to the improvement of the stability and reliability of a bank core system.
Description
Technical Field
The present invention relates to the technical field of financial science and technology, and in particular, to a method, an apparatus, and a medium for detecting abnormality of an application log in a banking system.
Background
In banking systems, anomaly detection of application logs is critical to the stability and reliability of the system. The existing application log anomaly detection method mainly comprises anomaly detection based on statistics, anomaly detection based on time series, anomaly detection based on clustering and anomaly detection based on deep learning. However, these methods have some objective drawbacks in processing the application logs of banking systems.
First, conventional anomaly detection methods typically make decisions based on fixed thresholds or rules, but these thresholds or rules may not be applicable to complex data scenarios of banking systems. Because of the high complexity and variability of the service request and call links of the banking system, the conventional anomaly detection method has difficulty in accurately identifying the logs of anomalies.
Secondly, the anomaly detection method based on time series generally requires that the data have strong time series property, but the log data of the banking system is complex in distribution, and the length of the calling link and the processing time of the service request have large variation ranges. This makes it difficult to accurately identify anomalies associated with the call links, which makes the time series analysis poorly applicable in banking systems.
In addition, the cluster-based anomaly detection method has some problems in processing the application log of the banking system. Because of the high diversity and complexity of the business request and call links of banks, clustering algorithms may not accurately cluster together similar log data points, resulting in anomalous logs that are difficult to discover.
Finally, the anomaly detection method based on deep learning can learn the normal mode of log data, but requires a lot of computing resources and time. Because banking is frequently and journaled, employing deep learning schemes can bring significant resource consumption and cost pressures, and deep learning models often require annotated supervision schemes, which may not be optimal in banking system applications.
Therefore, in view of the objective drawbacks in the related art, there is a need for an improved method for detecting anomalies in application logs of banking systems, so as to improve the accuracy and efficiency of anomaly detection, while reducing the consumption of computing resources and costs.
Disclosure of Invention
In order to overcome the defects of the application log abnormality detection method, the invention provides the application log abnormality detection method of the bank system based on the call chain, which can rapidly detect, reduce cost, increase efficiency and accurately detect.
The invention relates to an application log abnormality detection method of a banking system, which aims to solve the technical problems, and comprises the following steps:
history data learning: collecting, aggregating and extracting characteristics of logs of the distributed multi-equipment based on a call chain, and performing abnormal detection training of application logs by using an isolated forest algorithm to obtain an abnormal classification Model;
and (3) real-time prediction: and configuring a time window with set duration, and predicting and outputting a detection result through an anomaly classification Model according to the real-time log data acquired in the time window.
As an improvement of the application log abnormality detection method of the banking system, the history data learning step includes the steps of:
collecting a complete service log in a set time period;
grouping the collected log data according to a service call link to obtain a link group;
extracting the number of Exception types in the log of the link packet;
merging and counting all the Exception types to form a list X containing all Exception types;
any specific service calling link is selected, and a feature vector containing the characteristic of the service calling link in abnormal aspects is configured based on the list X;
and inputting the obtained feature vector as training data into an isolated forest algorithm Model for training to obtain an abnormal classification Model.
As an improvement of the application log abnormality detection method of the banking system, the set time period is one month to the current time.
As an improvement of the method for detecting abnormal application log of the banking system, the step of grouping the collected log data according to the service call link specifically comprises the following steps:
and grouping the collected log data according to the traceID of the call chain.
As an improvement of the method for detecting abnormality of application log in banking system, the step of configuring feature vector containing characteristics of the service call link in abnormality based on the list X includes:
extracting the number of different excursions in the list X, and setting the number to 0 if the log does not contain a numerical value of a certain excursion, so as to obtain a list containing n numerical values;
and adding the number of the excursions not included in the log to the list of n values to obtain a list of n+1 values, wherein the list of n+1 values is used as a data feature vector of n+1 dimensions.
As an improvement of the application log abnormality detection method of the banking system, the duration of the time window is configured to be one minute.
As an improvement of the application log anomaly detection method of the banking system, the real-time prediction step includes the steps of:
counting application logs in the time window closest to the current time, and grouping based on the traceID of the call chain;
extracting feature vectors of all links in the time window time period based on the list X;
and inputting the extracted characteristic vector of the link into an abnormal classification Model for prediction output.
As an improvement of the application log anomaly detection method of the banking system, the anomaly classification Model is configured to be retrained and iteratively updated at set time intervals.
Compared with the related art, the bank system application log detection method based on the call chain has low requirement on training speed, so that the calculated amount can be effectively reduced, the resources and the cost are saved, and the accuracy of anomaly detection is improved.
The logs of the bank system are more related to the service requests, the logs of the distributed multi-device can be summarized and aggregated based on the call chain, and the problem of the service request can be solved by predicting that the abnormal call link logs can be positioned more quickly. By summarizing and extracting the log data and the characteristics based on the call chain and using the isolated forest algorithm for anomaly detection, complex data scenes and distributed system characteristics of the banking system can be better dealt with.
In addition, in the real-time control time window of the calling chain-based bank system application log detection method, each prediction can output the abnormality occurring in the latest time window, the abnormality can be found out in time to carry out alarm notification, the real-time performance is strong, and meanwhile the stability and reliability of the bank system are improved.
In another aspect, the present invention provides an application log abnormality detection apparatus of a banking system, the application log abnormality detection apparatus of a banking system including: the method comprises the steps of a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the computer program is executed by the processor to realize the method for detecting the abnormality of the application log of the banking system.
Compared with the related art, the application log abnormality detection device of the banking system realizes the flow of the application log abnormality detection method of the banking system, has the beneficial effects the same as those of the application log abnormality detection method of the banking system, and is not described in detail herein.
In another aspect, the present invention provides a computer storage medium having a computer program stored thereon, the computer program when executed by a processor implementing the steps of the method for detecting an abnormality in an application log of a banking system described above.
Compared with the related art, the computer storage medium provided by the invention realizes the flow of the method for detecting the abnormality of the application log of the banking system, and has the beneficial effects the same as those of the method for detecting the abnormality of the application log of the banking system, and the description is omitted herein.
Drawings
FIG. 1 is a flow chart of an application log anomaly detection method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram illustrating a history log training phase of a log anomaly detection method according to an embodiment of the present invention;
FIG. 3 is a flowchart of a history log training phase to which a log anomaly detection method is applied according to an embodiment of the present invention;
FIG. 4 is a schematic diagram illustrating a real-time prediction phase of a log anomaly detection method according to an embodiment of the present invention;
fig. 5 is a flowchart of a real-time prediction phase of an application log anomaly detection method according to an embodiment of the present invention.
Detailed Description
In order to further describe the technical means and effects adopted by the present invention for achieving the intended purpose, the following detailed description of the present invention is given with reference to the accompanying drawings and preferred embodiments.
The steps of the method flow described in the specification and the flow chart shown in the drawings of the specification are not necessarily strictly executed according to step numbers, and the execution order of the steps of the method may be changed. Moreover, some steps may be omitted, multiple steps may be combined into one step to be performed, and/or one step may be decomposed into multiple steps to be performed.
In the related art, the current mainstream application log anomaly detection schemes include:
1. statistical-based anomaly detection: such methods use statistical models to detect anomalies. For example, some statistical indicators (e.g., mean, median, variance, etc.) may be calculated, and then outliers identified based on these indicators.
2. Anomaly detection based on time series: such methods use time series models to detect anomalies. These models typically learn a normal log sequence pattern and use the pattern to identify data points that deviate significantly from the pattern, which may be anomalies.
3. Cluster-based anomaly detection: such methods use a clustering algorithm to bring together similar log data points and then detect anomalies based on the results of the clustering. If a data point is very different from the cluster in which it is located, then the data point may be anomalous.
4. Anomaly detection based on deep learning: such methods use deep learning models (e.g., self-encoder or generation of a countermeasure network) to learn the normal pattern of log data and use these models to detect data points that deviate greatly from the normal pattern.
Objective shortcoming analysis of related art:
1. traditional scheme and clustering scheme: the method can not deal with complex data scenes in the financial field, the application logs in the financial field are very long and very short in calling links of the interface due to the complexity of the service, log data are complex in distribution, and abnormal logs are difficult to accurately screen.
2. Scheme based on time series: because the time sequence is based on the time sequence, the time sequence requirement on the log data is high, the banking system service is complex, the banking system service has the characteristics of both distributed and micro services, the log can be subjected to time sequence analysis uniformly after being aggregated on a plurality of devices, the analysis dimension of each service request is weakened, and the abnormal errors on the calling link are not easy to find.
3. Deep learning-based scheme: because of frequent banking business and huge log quantity, the scheme of deep learning consumes huge computing resources and time, and the scheme of deep learning needs a marked supervision scheme to a great extent, the scheme is not optimal in terms of resource consumption, equipment cost, labor cost, instantaneity and other requirements.
According to the analysis, under the condition of the business log of the banking system in the financial field, the scheme can not meet the requirements of rapid detection, cost reduction, synergy, accurate detection and the like, and the embodiment of the invention provides an improved scheme based on calling link dimension, which can not only meet the requirements, but also be suitable for the environment of the distributed system and the business log characteristics of the banking system.
Referring to fig. 1, fig. 1 is a flowchart of an application log anomaly detection method according to an embodiment of the present invention, and as shown in fig. 1, an application log detection method of a banking system is shown, where the application log detection method performs summary analysis on logs included in a call link of a once determined service, extracts features, inputs the features into a classifier to perform anomaly judgment, and outputs a result. The application log detection method of the banking system comprises an S100 historical data learning stage and an S200 online real-time prediction stage.
S100, a history data learning stage, please refer to FIGS. 2-3, FIG. 2 is a schematic diagram of a working process of a history log training stage of an application log anomaly detection method according to an embodiment of the present invention, and FIG. 3 is a flowchart of a history log training stage of an application log anomaly detection method according to an embodiment of the present invention, as shown in FIGS. 2-3, the history data learning stage includes the following steps:
s101, collecting a complete service log in a set time period. A complete service log, one month so far, can be collected in order to obtain enough data to train the model.
S102, grouping the collected log data according to a service call link. All log data of the same link are guaranteed to be together, and subsequent feature extraction and model training are facilitated. Specifically, the data are grouped according to the traceID (link unique identifier) of the call chain, so as to obtain K different traceID link grouping logs.
The call chain refers to that call information (time, interface, hierarchy and result) among services is clicked into a log in the process that the system completes one service call, and then all the clicked data are connected into a tree chain to generate one call chain.
trace refers to the link procedure that is called once, and traceID refers to the ID that is called this time. In a request, a globally unique traceID is generated at the beginning of the network to identify the request.
S103, counting the link grouping logs, and extracting the quantity of various exceptions.
In this step, the Exception refers to the type of Exception that occurs in the service invocation link. These anomalies may include various errors, abnormal conditions, or unexpected behavior, such as a system crash, timeout, connection failure, data error, etc. By extracting the number of various Exceptions, the occurrence condition of various abnormalities in a normal service call link can be known, and a data basis is provided for subsequent feature extraction and model training.
S104, merging and counting the types of the excursions of all the logs to form a list X containing all the abnormal types. That is, the list X of the types of excursions of all logs in step S101, i.e., the full-quantity excursions, is merged and counted, and the length is n, i.e., n excursions.
S105, for a specific service call link, configuring a feature vector containing the characteristic of the service call link in abnormal aspect based on the list X.
Specifically, based on a call link, the number of different Exceptions in the list X is extracted, the value of the log which does not contain any Exception is set to 0, a list of n values is obtained, then the number of the log which does not contain Exception is added, and a list of n+1 values is obtained as the n+1-dimension data feature. Each calling link has a corresponding feature vector, and the vector contains all types of anomalies and quantity information of the anomalies in the link, so that K n+1-dimensional features are obtained.
And S106, inputting the obtained feature vector as training data into an isolated forest algorithm Model for training to obtain an abnormal classification Model.
Among them, isolated Forest (Isolation Forest) is a machine learning algorithm based on anomaly detection, which is used to identify outliers in a dataset. The basic idea is to define outliers as those that are easily isolated, and can be understood as points that are sparsely distributed and are far from the high density population.
And inputting K n+1-dimensional features serving as training data into an isolated forest algorithm Model for training, and finally obtaining an abnormal classification Model. The model may predict call chain log anomalies for a subsequent period of time.
S200, in a real-time prediction stage, please refer to FIGS. 4-5, FIG. 4 is a schematic diagram illustrating a working process of the real-time prediction stage applying the log anomaly detection method according to an embodiment of the present invention; fig. 5 is a flowchart of a real-time prediction phase of an application log anomaly detection method according to an embodiment of the present invention, as shown in fig. 4-5:
the real-time prediction stage fixes a time window of 1 minute, and the following steps are carried out every 1 minute:
s201, counting application logs in a time window of the last 1 minute, and grouping based on the call chain traceID. The real-time log data is also grouped according to the service call link.
S202, extracting feature vectors of all links in the time period based on the acceptance category list X.
This step is similar to step S105, and the (n+1) -dimensional data features of the plurality of packets are obtained based on the total excursions and the number of logs without excursions. The real-time log data is converted into feature vectors.
S203, inputting all link characteristics in the time period into a Model, and outputting predictions. The step uses the trained model to predict the real-time data, and can obtain the abnormal call chain grouping log.
S204, outputting a result, and displaying an abnormal call chain grouping log. The step displays the predicted result, which is convenient for viewing and analysis.
S205, retraining and iterative updating are carried out on the Model at set time intervals. The real-time performance and the accuracy of the model are maintained, so that the model can adapt to new business scenes and abnormal conditions. For example, the set time interval may be 7 days or longer.
Compared with the related art, the bank system application log detection method provided by the embodiment of the invention has the advantages that the offline training time period is 7 days or longer, and the requirement on the training speed is low, so that the calculated amount can be effectively reduced, the resources and the cost are saved, and the accuracy of anomaly detection is improved.
The logs of the bank system are more related to the service requests, the logs of the distributed multi-device can be summarized and aggregated based on the call chain, and the problem of the service request can be solved by predicting that the abnormal call link logs can be positioned more quickly. By summarizing and extracting the log data and the characteristics based on the call chain and using the isolated forest algorithm for anomaly detection, complex data scenes and distributed system characteristics of the banking system can be better dealt with.
In addition, the real-time performance of the method for detecting the application log of the bank system is controlled within 1 minute, each prediction can output the abnormality occurring in the last 1 minute, the abnormality can be found out immediately to carry out alarm notification, the real-time performance is high, and meanwhile the stability and reliability of the bank system are improved.
The following embodiment further describes a method for detecting the application log of the banking system according to the embodiment of the present invention by implementing the function of detecting abnormality of the intelligent operation log of XX banking.
First, a history data extraction and training phase is performed.
Firstly, collecting service log data of a banking system in the last 1 month for statistics to obtain all types of abnormal excursions in the log data, such as the number n of abnormal types NullPointactException, and then forming a corresponding excursion list X, wherein X comprises n excursions labels and a label 'Noexcursions' of non-excursions, and the sum of the label elements is n+1. The following simple examples:
X:[NullPointerException,BusinessException,...,NoException]
and secondly, still adopting the data of the last month in the last step as a benchmark, grouping based on the calling chain ID in the log data, namely grouping by using the traceID, obtaining K groups of different log groups, then analyzing and counting the log data in each group to obtain the number of each type of excursions (for example, the number of the NullPointExceptions is 3), and the number of normal logs without the excursions in the group, and finally obtaining the corresponding number of all labels in an excursions list X, wherein the number of the excursions labels which exist in the list X and are not contained in the log data of the current traceID group is set to be 0, and the NoException labels represent the number of all normal logs without the excursions in the group. Thus, a numerical list corresponding to each tag in the permission list X and having the same number of elements as n+1 is obtained. Finally, K groups of numerical value lists with the length of n+1 are obtained. The following simple examples:
traceID_1:[3,5,...,11]
traceID_2:[4,0,...,9]
...
traceID_k:[1,2,...,20]
thirdly, inputting k n+1-dimensional numerical value lists into the isolated forest Model for training, and obtaining the Model after training.
This step may be iterated for model updates with a period of 7 days.
The anomaly real-time prediction phase follows.
Firstly, collecting all service logs in the current last minute every one minute, and counting a numerical value list in a corresponding permission list X of each group according to the traceID group.
And secondly, inputting a plurality of numerical value lists in the minute into a Model, judging which group is abnormal according to the output result, and marking the traceID of the group, and judging that the calling link of the transaction service is abnormal and alarming.
According to the practical result: the bank system application log detection method based on the call chain can be used for carrying out transaction business anomaly identification with high accuracy, and compared with the traditional method of adopting keyword matching for XX banks, the method can greatly improve the identification accuracy and reduce the false alarm probability.
The method for detecting the application log of the bank system can effectively reduce the calculated amount, save the resources and the cost, and improve the accuracy and the instantaneity of anomaly detection. By summarizing and extracting the log data and the characteristics based on the call chain and using the isolated forest algorithm for anomaly detection, complex data scenes and distributed system characteristics of the banking system can be better dealt with. In addition, the method can also find abnormal conditions in time and carry out alarm notification, thereby being beneficial to the improvement of the stability and reliability of a banking system.
In another aspect, the present invention provides an application log abnormality detection apparatus of a banking system, the application log abnormality detection apparatus of a banking system including: the method comprises the steps of a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the computer program is executed by the processor to realize the method for detecting the abnormality of the application log of the banking system.
Compared with the related art, the application log abnormality detection device of the banking system realizes the flow of the application log abnormality detection method of the banking system, has the beneficial effects the same as those of the application log abnormality detection method of the banking system, and is not described in detail herein.
In another aspect, the present invention provides a computer storage medium having a computer program stored thereon, the computer program when executed by a processor implementing the steps of the method for detecting an abnormality in an application log of a banking system described above.
Compared with the related art, the computer storage medium provided by the invention realizes the flow of the method for detecting the abnormality of the application log of the banking system, and has the beneficial effects the same as those of the method for detecting the abnormality of the application log of the banking system, and the description is omitted herein.
While the invention has been described in connection with specific embodiments thereof, it is to be understood that these drawings are included in the spirit and scope of the invention, it is not to be limited thereto.
Claims (10)
1. The method for detecting the abnormality of the application log of the banking system is characterized by comprising the following steps:
history data learning: collecting and aggregating the logs of the distributed multi-equipment based on a call chain, and performing abnormal detection training of the application log by using an isolated forest algorithm to obtain an abnormal classification Model;
and (3) real-time prediction: and configuring a time window with set duration, and predicting and outputting a detection result through an anomaly classification Model according to the real-time log data acquired in the time window.
2. The method for detecting an abnormality in an application log of a banking system as claimed in claim 1, wherein,
the history data learning step includes the steps of:
collecting a complete service log in a set time period;
grouping the collected log data according to a service call link to obtain a link group;
extracting the number of Exception types in the log of the link packet;
merging and counting all the Exception types to form a list X containing all Exception types;
any specific service calling link is selected, and a feature vector containing the characteristic of the service calling link in abnormal aspects is configured based on the list X;
and inputting the obtained feature vector as training data into an isolated forest algorithm Model for training to obtain an abnormal classification Model.
3. The method for detecting an abnormality in an application log of a banking system as claimed in claim 2, wherein,
the set time period is one month from the current time.
4. The method for detecting an abnormality in an application log of a banking system as claimed in claim 2, wherein,
the step of grouping the collected log data according to a service call link specifically comprises the following steps:
and grouping the collected log data according to the traceID of the service calling link.
5. The method for detecting an abnormality in an application log of a banking system as claimed in claim 1, wherein,
the configuring the feature vector containing the characteristics of the service call link in abnormal aspects based on the list X comprises the following steps:
extracting the number of different excursions in the list X, and setting the number to 0 if the log does not contain a numerical value of a certain excursion, so as to obtain a list containing n numerical values;
and adding the number of the excursions not included in the log to the list of the n values to obtain a list of n+1 values as a data feature vector of n+1 dimensions.
6. The method for detecting an abnormality in an application log of a banking system as claimed in claim 1, wherein,
the duration of the time window is configured to be one minute.
7. The method for detecting an abnormality in an application log of a banking system as claimed in claim 1, wherein,
the real-time prediction step includes the steps of:
counting application logs in the time window closest to the current time, and grouping based on the traceID of the call chain;
extracting feature vectors of all links in the time window time period based on the list X;
and inputting the extracted characteristic vector of the link into an abnormal classification Model for prediction output.
8. The method for detecting abnormality of application log of banking system as claimed in any one of claims 2 or 7,
the anomaly classification Model is configured to be retrained and iteratively updated at set time intervals.
9. An application log abnormality detection device of a banking system is characterized in that,
the device for detecting abnormality of application log of banking system comprises: a memory, a processor and a computer program stored on the memory and executable on the processor, which when executed by the processor performs the steps of the method for detecting an application log anomaly of a banking system as claimed in any one of claims 1 to 8.
10. A computer storage medium having stored thereon a computer program which when executed by a processor performs the steps of the method for detecting an abnormality in an application log of a banking system as claimed in any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311726133.2A CN117851945A (en) | 2023-12-15 | 2023-12-15 | Method, device and medium for detecting abnormality of application log of banking system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311726133.2A CN117851945A (en) | 2023-12-15 | 2023-12-15 | Method, device and medium for detecting abnormality of application log of banking system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117851945A true CN117851945A (en) | 2024-04-09 |
Family
ID=90535847
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311726133.2A Pending CN117851945A (en) | 2023-12-15 | 2023-12-15 | Method, device and medium for detecting abnormality of application log of banking system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117851945A (en) |
-
2023
- 2023-12-15 CN CN202311726133.2A patent/CN117851945A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111178456B (en) | Abnormal index detection method and device, computer equipment and storage medium | |
| CN111475804B (en) | Alarm prediction method and system | |
| Cao et al. | Titant: Online real-time transaction fraud detection in ant financial | |
| CN113645232B (en) | Intelligent flow monitoring method, system and storage medium for industrial Internet | |
| CN112148772A (en) | Alarm root cause identification method, device, equipment and storage medium | |
| WO2022227388A1 (en) | Log anomaly detection model training method, apparatus and device | |
| CN113037595B (en) | Abnormal device detection method and device, electronic device and storage medium | |
| CN111431819A (en) | Network traffic classification method and device based on serialized protocol flow characteristics | |
| CN111949429A (en) | Server fault monitoring method and system based on density clustering algorithm | |
| CN109753408A (en) | A kind of process predicting abnormality method based on machine learning | |
| CN117041017B (en) | Intelligent operation and maintenance management method and system for data center | |
| CN112883990A (en) | Data classification method and device, computer storage medium and electronic equipment | |
| CN111913824A (en) | Method for determining data link fault reason and related equipment | |
| CN113282920B (en) | Log abnormality detection method, device, computer equipment and storage medium | |
| CN114584377A (en) | Flow anomaly detection method, model training method, device, equipment and medium | |
| CN113282433B (en) | Cluster anomaly detection method, device and related equipment | |
| KR20210011822A (en) | Method of detecting abnormal log based on artificial intelligence and system implementing thereof | |
| CN113723555A (en) | Abnormal data detection method and device, storage medium and terminal | |
| CN116451139B (en) | Live broadcast data rapid analysis method based on artificial intelligence | |
| CN116723157A (en) | Terminal behavior detection model construction method, device, equipment and storage medium | |
| CN116842520A (en) | Anomaly perception method, device, equipment and medium based on detection model | |
| CN117851945A (en) | Method, device and medium for detecting abnormality of application log of banking system | |
| CN115795466A (en) | Malicious software organization identification method and equipment | |
| CN116155541A (en) | Automatic machine learning platform and method for network security application | |
| CN114385472A (en) | Abnormal data detection method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |