###
计算机系统应用英文版:2024,33(12):78-88
本文二维码信息
码上扫一扫!
基于联邦学习的异常日志检测
(1.国网福建省电力有限公司 泉州供电公司, 泉州 362019;2.国网福建省电力有限公司 漳州供电公司, 漳州 363030;3.国网福建省电力有限公司 莆田供电公司, 莆田 351199)
Abnormal Log Detection Based on Federated Learning
(1.Quanzhou Power Supply Company, State Grid Fujian Electric Power Co. Ltd., Quanzhou 362019, China;2.Zhangzhou Power Supply Company, State Grid Fujian Electric Power Co. Ltd., Zhangzhou 363030, China;3.Putian Power Supply Company, State Grid Fujian Electric Power Co. Ltd., Putian 351199, China)
摘要
图/表
参考文献
相似文献
本文已被:浏览 27次   下载 496
Received:May 17, 2024    Revised:June 17, 2024
中文摘要: Hadoop系统作为大数据存储的分布式架构被广泛使用, 运行时生成大量日志数据来记录设备的异常情况, 这为定位和分析问题提供重要线索. 然而, 传统的日志异常检测模型通常在中心服务器上收集日志数据, 导致数据收集过程中存在敏感信息泄露的风险. 联邦学习作为一种新的机器学习范式, 通过在本地服务器上训练模型并仅在中心服务器上聚合模型参数, 有效解决了数据隐私问题. 本文提出了一种基于联邦学习的日志异常检测架构, 结合本地服务器和中心服务器进行检测任务, 避免了敏感信息在网络传输过程中的泄露风险. 此外, 本文采用树解析器实现日志模板标准化. 为了有效地捕获日志数据中的复杂模式和异常行为, 建立基于自注意力机制的BiLSTM模型作为本地服务器模型. 为了验证所提出方法的有效性, 本文使用公开的分布式系统架构数据集进行仿真实验. 结果表明, 该模型的综合评价指标稳定, 准确率保持在93%以上, 具有较高的适用性.
Abstract:The Hadoop system is widely used as a distributed architecture for big data storage. It generates a large amount of log data during runtime to record device anomalies, which provides important clues for locating and analyzing problems. However, traditional log anomaly detection models typically collect log data on a central server, which introduces the risk of sensitive information leakage during data collection. Federated learning, a novel machine learning paradigm, effectively protects data privacy by training models on local servers and aggregating model parameters only on a central server. This study proposes a log anomaly detection architecture based on federated learning, which combines local and central servers to perform detection tasks, avoiding the risk of leaking sensitive information during network transmission. Additionally, it employs a tree parser to standardize log templates. To effectively capture complex patterns and anomalous behaviors in log data, a BiLSTM model based on the self-attention mechanism is established as a local server model. To validate the effectiveness of the proposed method, simulation experiments are conducted using publicly available datasets of distributed systems. The results demonstrate that the model maintains stable comprehensive evaluation metrics, with an accuracy rate above 93%, indicating high applicability.
文章编号:     中图分类号:    文献标志码:
基金项目:福建省电力有限公司科技项目 (52133023000C)
引用文本:
连宇瀚,廖声扬,张坤三,邹维福,林楠.基于联邦学习的异常日志检测.计算机系统应用,2024,33(12):78-88
LIAN Yu-Han,LIAO Sheng-Yang,ZHANG Kun-San,ZOU Wei-Fu,LIN Nan.Abnormal Log Detection Based on Federated Learning.COMPUTER SYSTEMS APPLICATIONS,2024,33(12):78-88