摘要
在系统日志异常检测中,决策边界出现的类重叠问题将导致传统分类器很难实现正确分类。为避免耗时的预处理技术或依赖特定算法,提出一致性异常检测模型。该模型计算样本与不同类别的隶属度,根据传统分类器的准确率差值选择最佳模糊度分离出类重叠日志;通过集成分类器的不一致性度量函数得到p值,根据预设置信度得到类重叠日志标签。实验结果表明,相比传统分类器,该模型的召回率和F值等平均提高10百分点左右,验证了该模型在处理类重叠问题的有效性。
In system log anomaly detection,the class overlap of decision boundaries makes it difficult for traditional classifiers to achieve correct classification.In order to avoid time-consuming preprocessing techniques or dependence on specific algorithms,a conformal anomaly detection model is proposed.The model calculated the membership degree of samples and different categories,and selected the best fuzzy degree to separate the class overlap logs according to the accuracy difference of the traditional classifier.The p value was obtained by integrating the non-conformal measure function of the ensemble learning classifier,and the class overlapping log labels were obtained according to the preset confidence.Experimental results show that compared with the traditional classifiers,the recall rate and F-measure of the proposed model are increased by about 10 percentage points on average,which verifies the effectiveness of the proposed model in dealing with class overlap.
作者
吕宗平
梁孟孟
顾兆军
刘春波
王志
Lü Zongping;Liang Mengmeng;Gu Zhaojun;Liu Chunbo;Wang Zhi(Information Security Evaluation Center,Civil Aviation University of China,Tianjin 300300,China;College of Computer Science and Technology,Civil Aviation University of China,Tianjin 300300,China;College of Cyber Science,Nankai University,Tianjin 300350,China)
出处
《计算机应用与软件》
北大核心
2024年第8期367-375,共9页
Computer Applications and Software
基金
国家自然科学基金项目(61872202,61601467)
民航安全能力建设项目(PESA2019073,PESA2019074)
中国科学院重点部署项目(KFZD-SW-440)
天津市自然科学基金项目(19JCYBJC15500)。
关键词
异常检测
类重叠
一致性检测
模糊度
置信度
Anomaly detection
Class overlap
Conformal detection
Fuzzy degree
Confidence
