基於圖卷積網路及注意力機制進行系統日誌異常偵測

黃欣鈺; Hsin-Yu Huang

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/88408

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	陳建錦	zh_TW
dc.contributor.advisor	Chien-Chin Chen	en
dc.contributor.author	黃欣鈺	zh_TW
dc.contributor.author	Hsin-Yu Huang	en
dc.date.accessioned	2023-08-15T16:09:40Z	-
dc.date.available	2023-11-09	-
dc.date.copyright	2023-08-15	-
dc.date.issued	2023	-
dc.date.submitted	2023-07-27	-
dc.identifier.citation	[1] D. Yu, X. Hou, C. Li, Q. Lv, Y. Wang, and N. Li, "Anomaly Detection in Unstructured Logs Using Attention-based Bi-LSTM Network," in 2021 7th IEEE International Conference on Network Intelligence and Digital Content (IC-NIDC), 2021: IEEE, pp. 403-407. [2] M. Farshchi, J.-G. Schneider, I. Weber, and J. Grundy, "Anomaly detection of cloud application operations using log and cloud metric correlation analysis," 2015: ISSRE. [3] M. Du, F. Li, G. Zheng, and V. Srikumar, "Deeplog: Anomaly detection and diagnosis from system logs through deep learning," in Proceedings of the 2017 ACM SIGSAC conference on computer and communications security, 2017, pp. 1285-1298. [4] W. Xu, L. Huang, A. Fox, D. Patterson, and M. I. Jordan, "Detecting large-scale system problems by mining console logs," in Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles, 2009, pp. 117-132. [5] M. Chen, A. X. Zheng, J. Lloyd, M. I. Jordan, and E. Brewer, "Failure diagnosis using decision trees," in International Conference on Autonomic Computing, 2004. Proceedings., 2004: IEEE, pp. 36-43. [6] Y. Liang, Y. Zhang, H. Xiong, and R. Sahoo, "Failure prediction in ibm bluegene/l event logs," in Seventh IEEE International Conference on Data Mining (ICDM 2007), 2007: IEEE, pp. 583-588. [7] Y. Wan, Y. Liu, D. Wang, and Y. Wen, "Glad-paw: Graph-based log anomaly detection by position aware weighted graph attention network," in Pacific-Asia Conference on Knowledge Discovery and Data Mining, 2021: Springer, pp. 66-77. [8] Y. ShaohanHuang, C. Fung, R. He, Y. Zhao, H. Yang, and Z. Luan, "HitAnomaly: Hierarchical Transformers for Anomaly Detection in System Log." [9] C. Zhang, X. Wang, H. Zhang, H. Zhang, and P. Han, "Log Sequence Anomaly Detection Based on Local Information Extraction and Globally Sparse Transformer Model," IEEE Transactions on Network and Service Management, vol. 18, no. 4, pp. 4119-4133, 2021. [10] W. Meng et al., "LogAnomaly: Unsupervised detection of sequential and quantitative anomalies in unstructured logs," in IJCAI, 2019, vol. 19, no. 7, pp. 4739-4745. [11] R. Vaarandi and M. Pihelgas, "Logcluster-a data clustering and pattern mining algorithm for event logs," in 2015 11th International conference on network and service management (CNSM), 2015: IEEE, pp. 1-7. [12] X. Zhang et al., "Robust log-based anomaly detection on unstable log data," in Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2019, pp. 807-817. [13] L. Yang et al., "Semi-supervised log-based anomaly detection via probabilistic label estimation," in 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE), 2021: IEEE, pp. 1448-1460. [14] X. Li, P. Chen, L. Jing, Z. He, and G. Yu, "SwissLog: Robust Anomaly Detection and Localization for Interleaved Unstructured Logs," IEEE Transactions on Dependable and Secure Computing, 2022. [15] S. Zhang et al., "Syslog processing for switch failure diagnosis and prediction in datacenter networks," in 2017 IEEE/ACM 25th International Symposium on Quality of Service (IWQoS), 2017: IEEE, pp. 1-10. [16] V.-H. Le and H. Zhang, "Log-based anomaly detection with deep learning: How far are we?," in Proceedings of the 44th International Conference on Software Engineering, 2022, pp. 1356-1367. [17] A. Oliner and J. Stearley, "What supercomputers say: A study of five system logs," in 37th annual IEEE/IFIP international conference on dependable systems and networks (DSN'07), 2007: IEEE, pp. 575-584. [18] T. N. Kipf and M. Welling, "Semi-supervised classification with graph convolutional networks," arXiv preprint arXiv:1609.02907, 2016. [19] A. Vaswani et al., "Attention is all you need," Advances in neural information processing systems, vol. 30, 2017. [20] S. He, J. Zhu, P. He, and M. R. Lyu, "Loghub: a large collection of system log datasets towards automated log analytics," arXiv preprint arXiv:2008.06448, 2020. [21] Q. Lin, H. Zhang, J.-G. Lou, Y. Zhang, and X. Chen, "Log clustering based problem identification for online service systems," in Proceedings of the 38th International Conference on Software Engineering Companion, 2016, pp. 102-111. [22] T. Mikolov, K. Chen, G. Corrado, and J. Dean, "Efficient estimation of word representations in vector space," arXiv preprint arXiv:1301.3781, 2013. [23] Y.-L. Zhang et al., "POSTER: A PU learning based system for potential malicious URL detection," in Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017, pp. 2599-2601. [24] Y. Chen, N. Luktarhan, and D. Lv, "LogLS: Research on System Log Anomaly Detection Method Based on Dual LSTM," Symmetry, vol. 14, no. 3, p. 454, 2022. [25] H. Guo, S. Yuan, and X. Wu, "Logbert: Log anomaly detection via bert," in 2021 international joint conference on neural networks (IJCNN), 2021: IEEE, pp. 1-8. [26] Y. Xie, H. Zhang, and M. A. Babar, "LogGD: Detecting Anomalies from System Logs by Graph Neural Networks," arXiv preprint arXiv:2209.07869, 2022. [27] C. Zhang et al., "LayerLog: Log sequence anomaly detection based on hierarchical semantics," Applied Soft Computing, vol. 132, p. 109860, 2023. [28] X. Han and S. Yuan, "Unsupervised cross-system log anomaly detection via domain adaptation," in Proceedings of the 30th ACM International Conference on Information & Knowledge Management, 2021, pp. 3068-3072. [29] Z. Wu, S. Pan, F. Chen, G. Long, C. Zhang, and S. Y. Philip, "A comprehensive survey on graph neural networks," IEEE transactions on neural networks and learning systems, vol. 32, no. 1, pp. 4-24, 2020. [30] M. Gori, G. Monfardini, and F. Scarselli, "A new model for learning in graph domains," in Proceedings. 2005 IEEE international joint conference on neural networks, 2005, vol. 2, no. 2005, pp. 729-734. [31] P. Veličković, G. Cucurull, A. Casanova, A. Romero, P. Lio, and Y. Bengio, "Graph attention networks," arXiv preprint arXiv:1710.10903, 2017. [32] J. Li, D. Cai, and X. He, "Learning graph-level representation for drug discovery," arXiv preprint arXiv:1709.03741, 2017. [33] Z. Song, F. Bai, J. Zhao, and J. Zhang, "Spammer detection using graph-level classification model of graph neural network," in 2021 IEEE 2nd International Conference on Big Data, Artificial Intelligence and Internet of Things Engineering (ICBAIE), 2021: IEEE, pp. 531-538. [34] X. Li, N. C. Dvornek, J. Zhuang, P. Ventola, and J. Duncan, "Graph embedding using Infomax for ASD classification and brain functional difference detection," in Medical Imaging 2020: Biomedical Applications in Molecular, Structural, and Functional Imaging, 2020, vol. 11317: SPIE, p. 1131702. [35] Z. Guo, Y. Zhang, and W. Lu, "Attention guided graph convolutional networks for relation extraction," arXiv preprint arXiv:1906.07510, 2019. [36] F. Chen, S. Pan, J. Jiang, H. Huo, and G. Long, "DAGCN: dual attention graph convolutional networks," in 2019 International Joint Conference on Neural Networks (IJCNN), 2019: IEEE, pp. 1-8. [37] L. Zheng, Z. Li, J. Li, Z. Li, and J. Gao, "AddGraph: Anomaly Detection in Dynamic Graph Using Attention-based Temporal GCN," in IJCAI, 2019, pp. 4419-4425. [38] P. He, J. Zhu, Z. Zheng, and M. R. Lyu, "Drain: An online log parsing approach with fixed depth tree," in 2017 IEEE international conference on web services (ICWS), 2017: IEEE, pp. 33-40. [39] C. Ranjan, S. Ebrahimi, and K. Paynabar, "Sequence graph transform (SGT): a feature embedding function for sequence data mining," Data Mining and Knowledge Discovery, vol. 36, no. 2, pp. 668-708, 2022. [40] G. Salton and C. Buckley, "Term-weighting approaches in automatic text retrieval," Information processing & management, vol. 24, no. 5, pp. 513-523, 1988. [41] M. Henaff, J. Bruna, and Y. LeCun, "Deep convolutional networks on graph-structured data," arXiv preprint arXiv:1506.05163, 2015. [42] K. He, X. Zhang, S. Ren, and J. Sun, "Deep residual learning for image recognition," in Proceedings of the IEEE conference on computer vision and pattern recognition, 2016, pp. 770-778. [43] J.-G. Lou, Q. Fu, S. Yang, Y. Xu, and J. Li, "Mining Invariants from Console Logs for System Problem Detection," in USENIX annual technical conference, 2010, pp. 1-14.	-
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/88408	-
dc.description.abstract	異常偵測是建立安全可靠系統的關鍵步驟之一。目前，許多應用與服務都依賴於電腦系統，一旦發生故障，將對使用者和企業造成重大影響。為了避免造成巨額損失，我們可以透過監控系統日誌來了解系統的狀態，並建立自動異常偵測系統，以即時識別和解決異常情況。然而，有效分析日誌資料面臨著一些挑戰。因為日誌通常非常龐大且複雜，因此需要適當的分析工具和技術進行資料清理和預處理，以提高日誌分析的準確性和效率。過去的研究通常僅依賴於分析局部日誌事件的順序和頻率，忽略了日誌事件之間的結構關係和遠程依賴性，這可能導致潛在的誤報和性能不穩定。為此，本研究提出了一種基於圖的日誌異常偵測方法，首先將日誌進行前處理並分組成日誌序列，之後將日誌序列表示為圖結構，考慮事件之間的轉換關係，並將相關資訊作為有向邊的權重，用來捕捉了事件的發生順序和相互關係，接著通過使用圖卷積神經網絡結合注意機制，考慮到多層圖結構資訊，捕捉可能指示異常的日誌特徵並執行圖級分類。在分散式系統與超級電腦的日誌資料實驗顯示，我們提出的方法性能優於其他現有的基於日誌的異常偵測方法。	zh_TW
dc.description.abstract	Anomaly detection is crucial for a secure and reliable system. Currently, many services rely on computer systems, and any failure can have a significant impact on users and businesses. To avoid substantial losses caused by failures, we can monitor system logs to understand the system's status and build an automated anomaly detection system to identify and resolve abnormal situations in real-time. However, effective analysis of log data faces several challenges. Due to the typically large and complex nature of logs, proper analysis tools and techniques are needed for data cleaning and preprocessing to enhance the accuracy and efficiency of log analysis. Past research often relied solely on analyzing the order and frequency of local log events, overlooking the structural relationships and long-range dependencies between log events, which could lead to potential false positives and performance instability. To address these challenges, this study proposes a graph-based approach for log anomaly detection. Firstly, the logs are preprocessed and grouped into log sequences. Then, the log sequences are represented as a graph structure, considering the transition relationships between events and using the relevant information as weights on directed edges to capture the occurrence order and interrelationships between events. Subsequently, by utilizing graph convolutional neural networks combined with attention mechanisms, the method takes into account the multi-layered graph structure information to capture log features that may indicate anomalies and perform graph-level classification. Experiments on log data from distributed systems and supercomputers demonstrate that our proposed method outperforms other existing log-based anomaly detection methods in terms of performance.	en
dc.description.provenance	Submitted by admin ntu (admin@lib.ntu.edu.tw) on 2023-08-15T16:09:40Z No. of bitstreams: 0	en
dc.description.provenance	Made available in DSpace on 2023-08-15T16:09:40Z (GMT). No. of bitstreams: 0	en
dc.description.tableofcontents	誌謝 i 摘要 ii ABSTRACT iii 圖目錄 vii 表目錄 viii 第一章緒論 1 第二章文獻回顧 5 2.1基於日誌的異常偵測 5 2.2圖級分類 8 2.3注意力機制 10 第三章研究方法 12 3.1問題描述與框架 12 3.2日誌解析模組 14 3.3序列轉圖模組 15 3.4注意力圖卷積模組 18 3.5注意力池模組 20 3.6測試集預測 21 第四章實驗設計和評估 22 4.1資料集 22 4.2實驗設置 23 4.3評估指標 24 4.4分析日誌語義對結果的影響 24 4.5方法比較與實驗結果分析 26 第五章結論 32 參考文獻 33	-
dc.language.iso	zh_TW	-
dc.subject	日誌序列	zh_TW
dc.subject	圖卷積網絡	zh_TW
dc.subject	注意力機制	zh_TW
dc.subject	異常檢測	zh_TW
dc.subject	日誌分析	zh_TW
dc.subject	Log Analysis	en
dc.subject	Log sequence	en
dc.subject	Graph Convolutional Network	en
dc.subject	Anomaly Detection	en
dc.subject	Attention mechanism	en
dc.title	基於圖卷積網路及注意力機制進行系統日誌異常偵測	zh_TW
dc.title	System log anomaly detection based on graph convolutional network and attention mechanism	en
dc.type	Thesis	-
dc.date.schoolyear	111-2	-
dc.description.degree	碩士	-
dc.contributor.oralexamcommittee	陳孟彰;張詠淳	zh_TW
dc.contributor.oralexamcommittee	Meng-Chang Chen;Yung-Chun Chang	en
dc.subject.keyword	異常檢測,日誌分析,日誌序列,圖卷積網絡,注意力機制,	zh_TW
dc.subject.keyword	Anomaly Detection,Log Analysis,Log sequence,Graph Convolutional Network,Attention mechanism,	en
dc.relation.page	36	-
dc.identifier.doi	10.6342/NTU202301942	-
dc.rights.note	未授權	-
dc.date.accepted	2023-07-31	-
dc.contributor.author-college	管理學院	-
dc.contributor.author-dept	資訊管理學系	-
顯示於系所單位：	資訊管理學系

文件中的檔案：

檔案	大小	格式
ntu-111-2.pdf 未授權公開取用	1.94 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。