混合特征平衡图注意力网络日志异常检测模型  被引量：1

作　　者：陈旭 张硕 景永俊[1] 王叔洋[2] CHEN Xu;ZHANG Shuo;JING Yongjun;WANG Shuyang(School of Computer Science and Engineering,North Minzu University,Yinchuan 750000,China;School of Electrical and Information Engineering,North Minzu University,Yinchuan 750000,China)

机构地区：[1]北方民族大学计算机科学与工程学院,银川750000 [2]北方民族大学电气信息工程学院,银川750000

出　　处：《计算机工程与应用》2025年第1期308-320,共13页Computer Engineering and Applications

基　　金：中央高校基本科研业务费专项资金(2022PT_S04);宁夏回族自治区重点研发项目(2023BDE02017)。

摘　　要：针对现有方法忽略了日志异常数据不平衡和日志特征间的关联性,导致异常检测准确率低的问题。提出一种基于混合特征平衡图注意力网络的日志异常检测模型(HBGATLog)。构建混合日志图构建模块,通过混合特征提取模块提取日志数据的语义信息、日志序列和时间结构,增强日志特征间的关联性,并采用日志图构建模块构建日志图,有效保留空间结构特征。设计平衡日志图生成模块,解决不平衡的日志数据导致检测结果偏向多数类问题。采用图日志异常检测模块进行异常检测。使用BGL、Thunderbird和HDFS三个公共数据集对HBGATLog进行验证,实验结果表明,F1 score分别达到了99.0%、98.7%和98.1%。证明HBGATLog不但能够解决日志数据不平衡问题,充分考虑日志数据特征的关联性,而且有效降低了漏检率。The existing methods neglect the imbalance in log abnormal data and the correlation between log features,leading to the problem of low accuracy in anomaly detection.This paper proposes a log anomaly detection model based on a hybrid graph attention network with balanced features(HBGATLog).Firstly,the hybrid log graph construction module is established,it extracts the semantic information,log sequence and time structure of log data through a hybrid feature extraction module,which enhances the correlation between log features.In addition,a log graph construction module is employed to build a log graph,which can effectively preserve spatial structural features.Secondly,a balanced log graph generation module is designed to solve the problem that unbalanced log data leads to detection results biased towards the majority classes.Thirdly,the graph log anomaly detection module is used for anomaly detection.Finally,three public datasets,BGL,Thunderbird and HDFS,are used to validate HBGATLog,and the experimental results show that the F1 score reaches 99.0%,98.7%and 98.1%,respectively.It is proved that HBGATLog can not only solve the problem of log data imbalance,fully consider the correlation of log data features,but also effectively reduce the missing rate.

关 键 词：日志异常检测 日志分析 图神经网络 混合特征提取 数据不平衡 

分 类 号：TP181[自动化与计算机技术—控制理论与控制工程]