基于注意力机制的半监督日志异常检测方法*尹春勇,冯梦雪(南京信息工程大学计算机学院、网络空间安全学院,江苏南京210044)摘要:日志记载着系统运行时的重要信息,通过日志异常检测可以快速准确地找出系统故障的原因。然而,日志序列存在数据不稳定和数据之间相互依赖等问题。为此,提出了一种新的半监督日志序列异常检测方法。该方法利用双向编码语义解析BERT模型和多层卷积网络分别提取日志信息,得到日志序列之间的上下文相关信息和日志序列的局部相关性,然后使用基于注意力机制的Bi-GRU网络进行日志序列异常检测。在3个数据集上验证了所提方法的性能。与6个基准方法相比,所提方法拥有最优的F1值,同时获得了最高的AUC值0.9813。实验结果表明,所提方法可以有效处理日志序列的数据不稳定性和数据之间相互依赖的问题。关键词:日志异常检测;双向门控递归单元;多层卷积;双向编码语义解析;注意力机制中图分类号:TP391.41文献标志码:Adoi:10.3969/j.issn.1007-130X.2023.08.009Asemi-supervisedloganomalydetectionmethodbasedonattentionmechanismYINChun-yong,FENGMeng-xue(SchoolofComputerScience,NanjingUniversityofInformationScienceandTechnology,Nanjing210044,China)Abstract:Logsrecordimportantinformationaboutsystemoperation,andloganomalydetectioncanquicklyandaccuratelyidentifythecauseofsystemfailures.However,logsequenceshaveproblemssuchasdatainstabilityandinterdependencebetweendata.Therefore,anewsemi-supervisedlogsequenceanomalydetectionmethodisproposed.ThismethodusestheBidirectionalEncoderRepresentationsfromTransformers(BERT)modelandmulti-layerconvolutionalnetworktoextractloginformation,obtainthecontextualrelevancebetweenlogsequencesandthelocalrelevanceoflogsequences.Finally,theattention-basedBi-GRUnetworkisusedforlogsequenceanomalydetection.Theperformanceofthismodelwasverifiedonthreedatasets.Comparedwithsixbenchmarkmodels,thismodelhasthebestF1valueandthehighestAUCvalue(0.9813),andtheexperimentalresultsshowthatitcaneffec-tivelyhandletheproblemsofdatainstabilityandinterdependencebetweendatainlogsequences.Keywords:loganomalydetection;bidirectionalgaterecurrentunit;multilayerconvolution;bidirec-tionalencoderrepresentationfromtransformers;attentionmechan...
