面向类重叠日志的一致性异常检测模型
CONFORMAL ANOMALY DETECTION MODEL FOR CLASS OVERLAP LOGS
吕宗平 1梁孟孟 2顾兆军 1刘春波 1王志3
作者信息
- 1. 中国民航大学信息安全测评中心 天津 300300
- 2. 中国民航大学信息安全测评中心 天津 300300;中国民航大学计算机科学与技术学院 天津 300300
- 3. 南开大学网络空间安全学院 天津 300350
- 折叠
摘要
在系统日志异常检测中,决策边界出现的类重叠问题将导致传统分类器很难实现正确分类.为避免耗时的预处理技术或依赖特定算法,提出一致性异常检测模型.该模型计算样本与不同类别的隶属度,根据传统分类器的准确率差值选择最佳模糊度分离出类重叠日志;通过集成分类器的不一致性度量函数得到p值,根据预设置信度得到类重叠日志标签.实验结果表明,相比传统分类器,该模型的召回率和F值等平均提高10百分点左右,验证了该模型在处理类重叠问题的有效性.
Abstract
In system log anomaly detection,the class overlap of decision boundaries makes it difficult for traditional classifiers to achieve correct classification.In order to avoid time-consuming preprocessing techniques or dependence on specific algorithms,a conformal anomaly detection model is proposed.The model calculated the membership degree of samples and different categories,and selected the best fuzzy degree to separate the class overlap logs according to the accuracy difference of the traditional classifier.The p value was obtained by integrating the non-conformal measure function of the ensemble learning classifier,and the class overlapping log labels were obtained according to the preset confidence.Experimental results show that compared with the traditional classifiers,the recall rate and F-measure of the proposed model are increased by about 10 percentage points on average,which verifies the effectiveness of the proposed model in dealing with class overlap.
关键词
异常检测/类重叠/一致性检测/模糊度/置信度Key words
Anomaly detection/Class overlap/Conformal detection/Fuzzy degree/Confidence引用本文复制引用
基金项目
国家自然科学基金项目(61872202)
国家自然科学基金项目(61601467)
民航安全能力建设项目(PESA2019073)
民航安全能力建设项目(PESA2019074)
中国科学院重点部署项目(KFZD-SW-440)
天津市自然科学基金项目(19JCYBJC15500)
出版年
2024
国家科技期刊平台
NSTL
万方数据