Linux log anomaly detection method based on improved isolated forest algorithm

ZHAO  Haitao, LI  Hongye

doi:10.3969/j.issn.1673-3819.2024.05.015

Zhihui kongzhi yu fangzhen (Oct 2024)

Linux log anomaly detection method based on improved isolated forest algorithm

ZHAO Haitao, LI Hongye

Affiliations

ZHAO Haitao, LI Hongye: 1 The First Military Representative Office of the Naval Equipment Shanghai Bureau in Shanghai, Shanghai 201913;2 China Ship Research Academy, Beijing 100101, China

DOI: https://doi.org/10.3969/j.issn.1673-3819.2024.05.015
Journal volume & issue: Vol. 46, no. 5
pp. 114 – 118

Abstract

Read online

In order to efficiently and correctly identify abnormal behaviors in Linux logs, this paper proposes a Linux log anomaly detection method based on the improved isolated forest algorithm. The method introduces an attention mechanism on the basis of the isolated forest algorithm, which can dynamically adjust the attention features and sample points when processing log data, and dynamically adjust the degree of attention according to the degree of abnormality of the samples. Experimental results show that the method achieves high efficiency in the Linux log anomaly detection task compared with traditional methods, and can effectively discover potential security threats and abnormal behaviors.

anomaly detection|linux log data|isolated forests|attention mechanisms

Published in Zhihui kongzhi yu fangzhen

ISSN: 1673-3819 (Print)
Publisher: Editorial Office of Command Control and Simulation
Country of publisher: China
LCC subjects: Military Science
Website: https://www.zhkzyfz.cn/EN/home

About the journal

Abstract

Keywords