Design and implementation of log parsing system based on machine learning

doi:10.11772/j.issn.1001-9081.2017071786

Journal of Computer Applications ›› 2018, Vol. 38 ›› Issue (2): 352-356.DOI: 10.11772/j.issn.1001-9081.2017071786

Previous Articles Next Articles

Design and implementation of log parsing system based on machine learning

ZHONG Ya^1,2, GUO Yuanbo^1,2

1. Cyberspace Security College, Information Engineering University, Zhengzhou Henan 450001, China;
2 State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou Henan 450001, China

Received:2017-07-20 Revised:2017-09-05 Online:2018-02-10 Published:2018-02-10
Supported by:
This work is partially supported by the National Natural Science Foundation of China (61501515).

基于机器学习的日志解析系统设计与实现

钟雅^1,2, 郭渊博^1,2

1. 信息工程大学网络空间安全学院, 郑州 450001;
2. 数学工程与先进计算国家重点实验室, 郑州 450001

通讯作者: 郭渊博
作者简介:钟雅(1995-),女,湖南岳阳人,硕士研究生,主要研究方向:信息安全;郭渊博(1975-),男,陕西周至人,教授,博士生导师,博士,CCF高级会员,主要研究方向:网络攻防对抗。
基金资助:
国家自然科学基金资助项目（61501515）。

Abstract

Abstract: Focusing on the problem that the existing log classification method is only applicable to the formative log, and the performance is closely related to the structure of the log, the existing log parsing algorithm LogSig (Log Signature) was extended and improved based on machine learning, and a log clustering analysis system was designed by combining data processing and result analysis in one, including raw data preprocessing, log analysis, clustering analysis and evaluation, scatter diagram display of results. This system was tested on the open source firewall log data set in VAST 2011 challenge. The experimental results show that the average accuracy of the improved algorithm in the classification of the event log reaches more than 85%; compared with the original LogSig algorithm, the log parsing accuracy is improved by 50%, and the parsing time is only 25% of the original algorithm. The proposed algorithm can be used to analyze multi-source unstructured log data efficiently and accurately in large data environment.

Key words: log parsing, machine learning, clustering, anomaly detection, LogSig (Log Signature) algorithm

摘要： 针对现有日志分类方法只适用于格式化的日志，且性能依赖于日志结构的问题，基于机器学习方法对日志信息解析算法LogSig进行了扩展改进，并设计开发了一个集数据处理与结果分析于一体的日志解析系统，包括原始数据预处理、日志解析、聚类分析评价、聚类结果散点图显示等功能，在VAST 2011挑战赛的开源防火墙日志数据集上进行了测试。实验结果表明，改进后的算法在归类整理日志事件时的平均准确性达到85%以上；与原LogSig算法相比，日志解析精度提高了50%，同时解析时间仅为原先的25%，可用于大数据环境下高效准确地对多源非结构化日志数据进行解析。

关键词: 日志解析, 机器学习, 聚类, 异常检测, LogSig算法

CLC Number:

TP309

ZHONG Ya, GUO Yuanbo. Design and implementation of log parsing system based on machine learning[J]. Journal of Computer Applications, 2018, 38(2): 352-356.

钟雅, 郭渊博. 基于机器学习的日志解析系统设计与实现[J]. 计算机应用, 2018, 38(2): 352-356.

References

[1] 张宏鑫,盛风帆,徐沛原,等.基于移动终端日志数据的人群特征可视化[J].软件学报,2016,27(5):1174-1187. (ZHANG H X, SHENG F F, XU P Y, et al. Visualizing user characteristics based on mobile device log data[J]. Journal of Software, 2016, 27(5):1174-1187.)
[2] 廖湘科,李姗姗,董威,等.大规模软件系统日志研究综述[J].软件学报,2016,27(8):1934-1947. (LIAO X K, LI S S, DONG W, et al. Survey on log research of large scale software system[J]. Journal of Software, 2016, 27(8):1934-1947.)
[3] NAGAPPAN M, WU K, VOUK M A. Efficiently extracting operational profiles from execution logs using suffix arrays[C]//Proceedings of the 2009 International Symposium on Software Reliability Engineering. Piscataway, NJ:IEEE, 2009:41-50.
[4] PREWETT J E. Analyzing cluster log files using Logsurfer[C]//Proceedings of the 4th Annual Linux Showcase & Conference. Atlanta:[s.n.], 2003:169-176.
[5] 薛文娟.基于层次聚类的日志分析技术研究[D].济南:山东师范大学,2013. (XUE W J. Research on log analysis technology based on hierarchical clustering[D]. Jinan:Shandong Normal University, 2013.)
[6] 马文,朱志祥,吴晨,等.基于FP-Growth算法的安全日志分析系统[J].电子科技,2016,29(9):94-97. (MA W, ZHU Z X, WU C, et al. Security log analysis system based on FP-Growth algorithm[J]. Electronics Technology, 2016, 29(9):94-97.)
[7] TANG L, LI T, PERNG C S. LogSig:generating system events from raw textual logs[C]//Proceedings of the 2011 ACM International Conference on Information and Knowledge Management. New York:ACM, 2011:785-794.
[8] XU W, HUANG L, FOX A, et al. Detecting large-scale system problems by mining console logs[C]//SOSP 2009:Proceedings of the 2009 ACM Symposium on Operating Systems Principles. New York:ACM, 2009:117-132.
[9] 周平,马斌,韩冰,等.基于大数据平台的日志分析预警技术研究[J].电脑知识与技术,2016,12(32):266-268. (ZHOU P, MA B, HAN B, et al. Research on log analysis and early warning technology based on large data platform[J]. Computer Knowledge and Technology, 2016, 12(32):266-268.)
[10] 袁汉宁,王树良,程永,等.数据仓库与数据挖掘[M].北京:人民邮电出版社,2015. (YUAN H N, WANG S L, CHENG Y, et al. Data Warehouse and Data Mining[M]. Beijing:People's Posts and Telecommunications Press, 2015:31-34.)
[11] 张惟皎,刘春煌,李芳玉.聚类质量的评价方法[J].计算机工程,2005,30(20):10-12. (ZHANG W J, LIU C H, LI F Y. Evaluation method of clustering quality[J]. Computer Engineering, 2005, 30(20):10-12.)
[12] 向培素.两种聚类有效性评价指标的Matlab实现[J].西南民族大学学报(自然科学版),2013,30(6):1002-1005. (XIANG P S. Matlab implementation of two cluster validity evaluation indexes[J]. Journal of Southwest Nationalities University (Natural Science Edition), 2013, 30(6):1002-1005.
[13] 周开乐,杨善林,丁帅,等.聚类有效性研究综述[J].系统工程理论与实践,2014,34(9):2417-2431. (ZHOU K L,YANG S L, DING S, et al. Research on clustering validity[J]. System Engineering-Theory & Practice, 2014, 34(9):2417-2431.)
[14] 赵庆永.基于数据挖掘算法的日志分析系统的设计与实现[D].青岛:青岛大学,2009. (ZHAO Q Y. Design and implementation of log analysis system based on data mining algorithm[D]. Qingdao:Qingdao University, 2009.)

[1]	GUO Mian, ZHANG Jinyou. Computation offloading policy for machine learning in mobile edge computing environments [J]. Journal of Computer Applications, 2021, 41(9): 2639-2645.
[2]	MAO Mingze, CAO Ruihao, YAN Chungang. Semi-supervised classification algorithm based on weight diversity [J]. Journal of Computer Applications, 2021, 41(9): 2473-2480.
[3]	CHEN Hengheng, NI Zhiwei, ZHU Xuhui, JIN Yuanyuan, CHEN Qian. Differential privacy high-dimensional data publishing method via clustering analysis [J]. Journal of Computer Applications, 2021, 41(9): 2578-2585.
[4]	HU Tianjie, HU Wenjun, WANG Shitong. Distribution entropy penalized support vector data description [J]. Journal of Computer Applications, 2021, 41(8): 2212-2218.
[5]	QIN Binbin, PENG Liangkang, LU Xiangming, QIAN Jiangbo. Research progress on driver distracted driving detection [J]. Journal of Computer Applications, 2021, 41(8): 2330-2337.
[6]	ZHU Cheng, ZHAO Xiaoqi, ZHAO Liping, JIAO Yuhong, ZHU Yafei, CHENG Jianying, ZHOU Wei, TAN Ying. Classification of functional magnetic resonance imaging data based on semi-supervised feature selection by spectral clustering [J]. Journal of Computer Applications, 2021, 41(8): 2288-2293.
[7]	ZENG Xiangyin, ZHENG Bochuan, LIU Dan. Detection of left and right railway tracks based on deep convolutional neural network and clustering [J]. Journal of Computer Applications, 2021, 41(8): 2324-2329.
[8]	YAO Jie, CHENG Chunling, HAN Jing, LIU Zheng. Anomaly detection method based on multi-task temporal convolutional network in cloud workflow [J]. Journal of Computer Applications, 2021, 41(6): 1701-1708.
[9]	WANG Jiarui, TAN Guoping, ZHOU Siyuan. Clustered wireless federated learning algorithm in high-speed internet of vehicles scenes [J]. Journal of Computer Applications, 2021, 41(6): 1546-1550.
[10]	DAI Yanran, DAI Guoqing, YUAN Yubo. Multi-face foreground extraction method based on skin color learning [J]. Journal of Computer Applications, 2021, 41(6): 1659-1666.
[11]	XIE Yu, JIANG Yu, LONG Chaoqi. Extended isolation forest algorithm based on random subspace [J]. Journal of Computer Applications, 2021, 41(6): 1679-1685.
[12]	LI Yanzhi, FAN Yong, GAO Lin. Anomaly detection of oil drilling water flow based on shape flow [J]. Journal of Computer Applications, 2021, 41(6): 1842-1848.
[13]	MA Jianhong, CAO Wenbin, LIU Yuangang, XIA Shuang. Patent clustering method based on functional effect [J]. Journal of Computer Applications, 2021, 41(5): 1361-1366.
[14]	LI Guorong, YE Jimin, ZHEN Yuanting. Time series clustering based on new robust similarity measure [J]. Journal of Computer Applications, 2021, 41(5): 1343-1347.
[15]	WANG Zhihe, CHANG Xiaoqing, DU Hui. Adaptive affinity propagation clustering algorithm based on universal gravitation [J]. Journal of Computer Applications, 2021, 41(5): 1337-1342.

Design and implementation of log parsing system based on machine learning

基于机器学习的日志解析系统设计与实现

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics