• 文献检索
  • 文档翻译
  • 深度研究
  • 学术资讯
  • Suppr Zotero 插件Zotero 插件
  • 邀请有礼
  • 套餐&价格
  • 历史记录
应用&插件
Suppr Zotero 插件Zotero 插件浏览器插件Mac 客户端Windows 客户端微信小程序
定价
高级版会员购买积分包购买API积分包
服务
文献检索文档翻译深度研究API 文档MCP 服务
关于我们
关于 Suppr公司介绍联系我们用户协议隐私条款
关注我们

Suppr 超能文献

核心技术专利:CN118964589B侵权必究
粤ICP备2023148730 号-1Suppr @ 2026

文献检索

告别复杂PubMed语法,用中文像聊天一样搜索,搜遍4000万医学文献。AI智能推荐,让科研检索更轻松。

立即免费搜索

文件翻译

保留排版,准确专业,支持PDF/Word/PPT等文件格式,支持 12+语言互译。

免费翻译文档

深度研究

AI帮你快速写综述,25分钟生成高质量综述,智能提取关键信息,辅助科研写作。

立即免费体验

针对无关属性干扰的虚拟机日志异常检测。

Anomaly detection in virtual machine logs against irrelevant attribute interference.

作者信息

Zhang Hao, Zhou Yun, Xu Huahu, Shi Jiangang, Lin Xinhua, Gao Yiqin

机构信息

School of Computer Engineering and Science, Shanghai University, Shanghai, China.

Shanghai KingLong IoT Co., Ltd., Shanghai, China.

出版信息

PLoS One. 2025 Jan 7;20(1):e0315897. doi: 10.1371/journal.pone.0315897. eCollection 2025.

DOI:10.1371/journal.pone.0315897
PMID:39774385
原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC11706483/
Abstract

Virtual machine logs are generated in large quantities. Virtual machine logs may contain some abnormal logs that indicate security risks or system failures of the virtual machine platform. Therefore, using unsupervised anomaly detection methods to identify abnormal logs is a meaningful task. However, collecting accurate anomaly logs in the real world is often challenging, and there is inherent noise in the log information. Parsing logs and anomaly alerts can be time-consuming, making it important to improve their effectiveness and accuracy. To address these challenges, this paper proposes a method called LADSVM(Long Short-Term Memory + Autoencoder-Decoder + SVM). Firstly, the log parsing algorithm is used to parse the logs. Then, the feature extraction algorithm, which combines Long Short-Term Memory and Autoencoder-Decoder, is applied to extract features. Autoencoder-Decoder reduces the dimensionality of the data by mapping the high-dimensional input to a low-dimensional latent space. This helps eliminate redundant information and noise, extract key features, and increase robustness. Finally, the Support Vector Machine is utilized to detect different feature vector signals. Experimental results demonstrate that compared to traditional methods, this approach is capable of learning better features without any prior knowledge, while also exhibiting superior noise robustness and performance. The LADSVM approach excels at detecting anomalies in virtual machine logs characterized by strong sequential patterns and noise. However, its performance may vary when applied to disordered log data. This highlights the necessity of carefully selecting detection methods that align with the specific characteristics of different log data types.

摘要

虚拟机日志大量生成。虚拟机日志可能包含一些表明虚拟机平台存在安全风险或系统故障的异常日志。因此,使用无监督异常检测方法来识别异常日志是一项有意义的任务。然而,在现实世界中收集准确的异常日志往往具有挑战性,并且日志信息中存在固有噪声。解析日志和异常警报可能很耗时,因此提高它们的有效性和准确性很重要。为了应对这些挑战,本文提出了一种名为LADSVM(长短期记忆网络+自动编码器-解码器+支持向量机)的方法。首先,使用日志解析算法来解析日志。然后,应用结合了长短期记忆网络和自动编码器-解码器的特征提取算法来提取特征。自动编码器-解码器通过将高维输入映射到低维潜在空间来降低数据维度。这有助于消除冗余信息和噪声,提取关键特征,并提高鲁棒性。最后,利用支持向量机来检测不同的特征向量信号。实验结果表明,与传统方法相比,该方法能够在没有任何先验知识的情况下学习到更好的特征,同时还表现出卓越的噪声鲁棒性和性能。LADSVM方法擅长检测具有强烈顺序模式和噪声的虚拟机日志中的异常。然而,将其应用于无序日志数据时,其性能可能会有所不同。这凸显了仔细选择与不同日志数据类型的特定特征相匹配的检测方法的必要性。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4e01/11706483/d59dd42a0cdf/pone.0315897.g011.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4e01/11706483/76f77a621db1/pone.0315897.g001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4e01/11706483/4c0adb1739f9/pone.0315897.g002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4e01/11706483/b2ce12155d5d/pone.0315897.g003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4e01/11706483/18057913da78/pone.0315897.g004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4e01/11706483/24aadee8f94c/pone.0315897.g005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4e01/11706483/95ca9358bf6d/pone.0315897.g006.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4e01/11706483/88edc8871864/pone.0315897.g007.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4e01/11706483/b93e47c3cc12/pone.0315897.g008.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4e01/11706483/e3ac4cc075d2/pone.0315897.g009.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4e01/11706483/b030a84032a9/pone.0315897.g010.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4e01/11706483/d59dd42a0cdf/pone.0315897.g011.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4e01/11706483/76f77a621db1/pone.0315897.g001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4e01/11706483/4c0adb1739f9/pone.0315897.g002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4e01/11706483/b2ce12155d5d/pone.0315897.g003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4e01/11706483/18057913da78/pone.0315897.g004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4e01/11706483/24aadee8f94c/pone.0315897.g005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4e01/11706483/95ca9358bf6d/pone.0315897.g006.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4e01/11706483/88edc8871864/pone.0315897.g007.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4e01/11706483/b93e47c3cc12/pone.0315897.g008.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4e01/11706483/e3ac4cc075d2/pone.0315897.g009.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4e01/11706483/b030a84032a9/pone.0315897.g010.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4e01/11706483/d59dd42a0cdf/pone.0315897.g011.jpg

相似文献

1
Anomaly detection in virtual machine logs against irrelevant attribute interference.针对无关属性干扰的虚拟机日志异常检测。
PLoS One. 2025 Jan 7;20(1):e0315897. doi: 10.1371/journal.pone.0315897. eCollection 2025.
2
Impact of log parsing on deep learning-based anomaly detection.日志解析对基于深度学习的异常检测的影响。
Empir Softw Eng. 2024;29(6):139. doi: 10.1007/s10664-024-10533-w. Epub 2024 Aug 17.
3
Comparative Analysis of Anomaly Detection Approaches in Firewall Logs: Integrating Light-Weight Synthesis of Security Logs and Artificially Generated Attack Detection.防火墙日志中异常检测方法的比较分析:整合安全日志的轻量级合成与人工生成的攻击检测
Sensors (Basel). 2024 Apr 20;24(8):2636. doi: 10.3390/s24082636.
4
A dual autoencoder and singular value decomposition based feature optimization for the segmentation of brain tumor from MRI images.基于双自动编码器和奇异值分解的特征优化在 MRI 图像脑部肿瘤分割中的应用。
BMC Med Imaging. 2021 May 13;21(1):82. doi: 10.1186/s12880-021-00614-3.
5
Investigating the Effectiveness of Novel Support Vector Neural Network for Anomaly Detection in Digital Forensics Data.研究新型支持向量神经网络在数字取证数据异常检测中的有效性。
Sensors (Basel). 2023 Jun 15;23(12):5626. doi: 10.3390/s23125626.
6
Anomaly detection for blueberry data using sparse autoencoder-support vector machine.基于稀疏自编码器-支持向量机的蓝莓数据异常检测
PeerJ Comput Sci. 2023 Mar 10;9:e1214. doi: 10.7717/peerj-cs.1214. eCollection 2023.
7
Convolutional autoencoder based on latent subspace projection for anomaly detection.基于潜在子空间投影的卷积自动编码器用于异常检测。
Methods. 2023 Jun;214:48-59. doi: 10.1016/j.ymeth.2023.04.007. Epub 2023 Apr 28.
8
A hybrid anomaly detection method for high dimensional data.一种用于高维数据的混合异常检测方法。
PeerJ Comput Sci. 2023 Jan 12;9:e1199. doi: 10.7717/peerj-cs.1199. eCollection 2023.
9
ConAnomaly: Content-Based Anomaly Detection for System Logs.ConAnomaly:基于内容的系统日志异常检测。
Sensors (Basel). 2021 Sep 13;21(18):6125. doi: 10.3390/s21186125.
10
Semi-supervised automatic seizure detection using personalized anomaly detecting variational autoencoder with behind-the-ear EEG.基于耳后的 EEG 使用个性化异常检测变分自动编码器的半监督自动癫痫发作检测。
Comput Methods Programs Biomed. 2022 Jan;213:106542. doi: 10.1016/j.cmpb.2021.106542. Epub 2021 Nov 17.

本文引用的文献

1
Multi-View Graph Contrastive Learning via Adaptive Channel Optimization for Depression Detection in EEG Signals.基于自适应通道优化的多视图图对比学习在 EEG 信号中的抑郁检测
Int J Neural Syst. 2023 Nov;33(11):2350055. doi: 10.1142/S0129065723500557.
2
An AutoEncoder and LSTM-Based Traffic Flow Prediction Method.一种基于自动编码器和长短期记忆网络的交通流预测方法。
Sensors (Basel). 2019 Jul 4;19(13):2946. doi: 10.3390/s19132946.