The Class Overlap Model for System Log Anomaly Detection Based on Ensemble Learning

2020 IEEE Fifth International Conference on Data Science in Cyberspace (DSC) Pub Date : 2020-07-01 DOI:10.1109/DSC50466.2020.00064

Yitong Ren, Zhaojun Gu, Lanlan Pan, Chunbo Liu

{"title":"The Class Overlap Model for System Log Anomaly Detection Based on Ensemble Learning","authors":"Yitong Ren, Zhaojun Gu, Lanlan Pan, Chunbo Liu","doi":"10.1109/DSC50466.2020.00064","DOIUrl":null,"url":null,"abstract":"Using machine learning to detect system log data is essential. It is prone to the phenomenon of class overlap because of too many similar system log data. The occurrence of this phenomenon will have a serious impact on the anomaly detection of the system logs. In order to solve the problem of class overlap in system logs, this paper proposes an anomaly detection model for class overlap on system logs. We first calculate the relationship between the sample data and the membership of different classes, normal or anomaly, and use the fuzziness to separate the sample data of the overlapping parts of the classes from the data of the other parts. AdaBoost, an ensemble learning approach, is used to detect overlapping data. Compared with machine learning algorithms, ensemble learning can better classify the data of the overlapping parts, so as to achieve the purpose of detecting the anomalies of the system logs. Experimental results show that our model can be effectively applied in a variety of basic algorithms, and the results of each measure have been improved.","PeriodicalId":423182,"journal":{"name":"2020 IEEE Fifth International Conference on Data Science in Cyberspace (DSC)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE Fifth International Conference on Data Science in Cyberspace (DSC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSC50466.2020.00064","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Using machine learning to detect system log data is essential. It is prone to the phenomenon of class overlap because of too many similar system log data. The occurrence of this phenomenon will have a serious impact on the anomaly detection of the system logs. In order to solve the problem of class overlap in system logs, this paper proposes an anomaly detection model for class overlap on system logs. We first calculate the relationship between the sample data and the membership of different classes, normal or anomaly, and use the fuzziness to separate the sample data of the overlapping parts of the classes from the data of the other parts. AdaBoost, an ensemble learning approach, is used to detect overlapping data. Compared with machine learning algorithms, ensemble learning can better classify the data of the overlapping parts, so as to achieve the purpose of detecting the anomalies of the system logs. Experimental results show that our model can be effectively applied in a variety of basic algorithms, and the results of each measure have been improved.

查看原文本刊更多论文

基于集成学习的系统日志异常检测类重叠模型

使用机器学习来检测系统日志数据是必不可少的。由于相似的系统日志数据太多，容易出现类重叠的现象。该现象的发生将严重影响系统日志的异常检测。为了解决系统日志类重叠问题，提出了一种系统日志类重叠异常检测模型。我们首先计算样本数据与不同类别(正常或异常)的隶属度之间的关系，并利用模糊性将类别重叠部分的样本数据与其他部分的数据分离开来。AdaBoost是一种集成学习方法，用于检测重叠数据。与机器学习算法相比，集成学习可以更好地对重叠部分的数据进行分类，从而达到检测系统日志异常的目的。实验结果表明，我们的模型可以有效地应用于多种基本算法中，并且各项措施的结果都得到了改善。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 IEEE Fifth International Conference on Data Science in Cyberspace (DSC)

自引率

0.00%

发文量