基于Drain3与Loganomaly的网络安全日志分析与事件响应
Network security log analysis and incident response based on Drain3 and Loganomaly
苏哲 1赖明珠 2段志鸣 2刘素艳1
作者信息
- 1. 石家庄铁道大学电气与电子工程学院,石家庄 050043
- 2. 海南师范大学数学与统计学院,海口 571158
- 折叠
摘要
随着信息技术的发展,网络安全问题日益凸显,为了保障网络系统的稳定运行,对HDFS-vl日志进行研究.首先,利用Drain3算法对日志进行解析,有效避免了构造深度较大、不平衡的树,实验结果显示其精确率、召回率、F1度量及准确度均高达100%;其次,基于Loganomaly算法进行异常检测,训练结果训练集、验证集损失值分别为0.21、0.18,预测结果精确度为96.889%,召回率为93.604%,F1度量为95.218%;接着,再用Drain3算法对异常日志分类;最后,通过远程控制实现异常事件响应,发送报警邮件,确保在HDFS发生紧急情况时能够快速、有效地处理故障,保障大数据处理任务的稳定进行.
Abstract
As network security issues become increasingly critical with the development of information tech-nology,this study focuses on analyzing the logs of HDFS-v1 to ensure the stable operation of network sys-tems.Firstly,the log is parsed by using Drain3 algorithm,which effectively avoids constructing a very deep and unbalanced tree.Experiment results show that its precision,recall,F1 score and accuracy are as high as 100%.Then,anomaly detection is carried out based on Loganomaly algorithm.The loss value of train-ing set and validation set of training results is 0.21 and 0.18,respectively.The accuracy of prediction re-sults is 96.889%,the recall rate is 93.604%,and the F1 metric is 95.218%.After that,the system uses the Drain3 algorithm to classify anomaly logs.Finally,the system uses remote control to implement rapid response to abnormal events and sends alarm emails to ensure rapid and effective fault handling in case of HDFS emergencies,ensuring the stable progress of big data processing tasks.
关键词
网络安全/Drain3/Loganomaly/事件响应Key words
network security/Drain3/Loganomaly/incident response引用本文复制引用
基金项目
海南省自然科学基金高层次人才项目(622RC672)
出版年
2024
NETL
NSTL
万方数据