面向智能电网的LDA-IDF进程日志异常检测方法

doi:10.3969/j.issn.1006-2475.2025.06.018

摘要/Abstract

摘要： 摘要：随着智能电网系统规模的扩大，系统中的进程日志数据呈指数级增长，传统的日志异常检测方法难以应对如此庞大且复杂的数据规模。为了及时发现智能电网系统中的异常进程，保障系统安全稳定运行，本文提出一种基于LDA-IDF的进程日志异常检测方法LogLDAIDF。该方法首先对进程日志序列进行LDA主题特征提取，然后引入IDF逆词频方法对主题特征进行加权，并选取权重前k的主题特征作为最终的进程日志主题特征，最后结合Bi-LSTM深度学习模型实现针对进程日志的异常检测。在HDFS和OpenStack这2个真实数据集上的实验结果表明，本文方法相比现有方法具有明显优势，F1分数分别达到了0.987和0.969，表明了本文方法在进程日志异常检测中的有效性和实用性。

关键词: 关键词：智能电网, 异常检测, 进程日志, 深度学习, 主题特征异常检测

Abstract: Abstract: With the expansion of smart grid systems， the process log data has grown exponentially， making traditional log anomaly detection methods inadequate for handling such massive and complex data volumes. To promptly detect abnormal processes in smart grid systems and ensure their safe and stable operation， this paper proposes LogLDAIDF， a process log anomaly detection method based on LDA-IDF. The method first extracts LDA topic features from process log sequences， then introduces the IDF （Inverse Document Frequency） method to weight the topic features， and selects the top-k weighted topics as the final process log topic features， finally combining with a Bi-LSTM deep learning model for process log anomaly detection. Experimental results on two real-world datasets， HDFS and OpenStack， demonstrate that our proposed method significantly outperforms existing methods， achieving F1 scores of 0.987 and 0.969， respectively， results show its effectiveness and practicality in process log anomaly detection.

Key words: Key words: smart grid, anomaly detection, process log, deep learning, semantic feature

中图分类号:

TP309

刘少君, 沙倚天, 金倩倩, 陈鹏, 吴越. 面向智能电网的LDA-IDF进程日志异常检测方法[J]. 计算机与现代化, 2025, 0(06): 114-119.

LIU Shaojun, SHA Yitian, JIN Qianqian, CHEN Peng, WU Yue. LDA-IDF Process Log Anomaly Detection Method for Smart Grids[J]. Computer and Modernization, 2025, 0(06): 114-119.

参考文献

［1］ YADAV R B， KUMAR P S， DHAVALE S V. A survey on log anomaly detection using deep learning［C］// 2020 8th International Conference on Reliability， Infocom Technologies and Optimization （Trends and Future Directions）. IEEE， 2020:1215-1220.
［2］ BLEI D M， NG A Y， JORDAN M I. Latent dirichlet allocation［J］. The Journal of Machine Learning Research， 2003，3:993-1022.
［3］ JIANG Z M， HASSAN A E， FLORA P， et al. Abstracting execution logs to execution events for enterprise applications （short paper）［C］// 2008 The Eighth International Conference on Quality Software. IEEE， 2008:181-186.
［4］ TANG L， LI T， PERNG C S. LogSig: Generating system events from raw textual logs［C］// Proceedings of the 20th ACM International Conference on Information and Knowledge Management. ACM， 2011:785-794.
［5］ HAMOONI H， DEBNATH B， Xu J， et al. Logmine: Fast pattern recognition for log analytics［C］// Proceedings of the 25th ACM International on Conference on Information and Knowledge Management. ACM， 2016:1573-1582.
［6］ HE P， ZHU J， ZHENG Z， et al. Drain: An online log parsing approach with fixed depth tree［C］// 2017 IEEE International Conference on Web Services. IEEE， 2017:33-40.
［7］ MESSAOUDI S， PANICHELLA A， BIANCULLI D， et al. A search-based approach for accurate identification of log message formats［C］// Proceedings of the 26th Conference on Program Comprehension. ACM， 2018:167-177.
［8］ DU M， LI F， ZHENG G， et al. Deeplog: Anomaly detection and diagnosis from system logs through deep learning［C］// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM， 2017:1285-1298.
［9］ MIKOLOV T， SUTSKEVER I， CHEN K， et al. Distributed representations of words and phrases and their compositionality［J］. Advances in Neural Information Processing Systems， 2013，23：3111-3119.
［10］ SALTON G， BUCKLEY C. Term-weighting approaches in automatic text retrieval［J］. Information Processing & Management， 1988，24（5）:513-523.
［11］ DEVLIN J， CHANG M W， LEE K， et al. Bert: Pre-training of deep bidirectional transformers for language understanding［J］. arXiv preprint arXiv:1810.04805， 2018.
［12］ WANG M Y， XU L L， GUO L L. Anomaly detection of system logs based on natural language processing and deep learning［C］// 2018 4th International Conference on Frontiers of Signal Processing. IEEE， 2018:140-144.
［13］ AKANLE M， ADETIBA E， AKANDE V， et al. Experimentations with openstack system logs and support vector machine for an anomaly detection model in a private cloud infrastructure［C］// 2020 International Conference on Artificial Intelligence， Big Data， Computing and Data Communication Systems. IEEE， 2020:1-7.
［14］ LIU X， LIU W Y， DI X Q， et al. LogNADS: Network anomaly detection scheme based on log semantics representation［J］. Future Generation Computer Systems， 2021，124:390-405.
［15］ MENG W B， LIU Y， ZHU Y C， et al. Loganomaly: Unsupervised detection of sequential and quantitative anomalies in unstructured logs［C］// Proceedings of the Twenty-Eighth International Joint Conference on Artificial Intelligence. IJCAI. 2019，19（7）:4739-4745.
［16］ MENG W B， LIU Y， ZHANG S L， et al. Logclass: Anomalous log identification and classification with partial labels［J］. IEEE Transactions on Network and Service Management， 2021，18（2）:1870-1884.
［17］ ZHANG X， XU Y， LIN Q W， et al. Robust log-based anomaly detection on unstable log data［C］// Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ACM， 2019:807-817.
［18］ GUO H X， YUAN S H， WU X T. Logbert: Log anomaly detection via bert［C］// 2021 International Joint Conference on Neural Networks. IEEE， 2021:1-8.
［19］ CHEN S， LIAO H. Bert-log: Anomaly detection for system logs based on pre-trained language model［J］. Applied Artificial Intelligence， 2022，36（1）. DOI: 10.1080/08839514.
2022.2145642.
［20］ AUSSEL N， PETETIN Y， CHABRIDON S. Improving performances of log mining for anomaly prediction through nlp-based log parsing［C］// 2018 IEEE 26th International Symposium on Modeling， Analysis， and Simulation of Computer and Telecommunication Systems. IEEE， 2018:237-243.
［21］ SATPATHI S， DEB S， SRIKANT R， et al. Learning latent events from network message logs［J］. IEEE/ACM Transactions on Networking， 2019，27（4）:1728-1741.
［22］ PETTINATO M， GIL J P， GALEAS P， et al. Log mining to re-construct system behavior: An exploratory study on a large telescope system［J］. Information and Software Technology， 2019，114:121-136.
［23］ OTOMO K， KOBAYASHI S， FUKUDA K， et al. Latent semantics approach for network log analysis: Modeling and its application［C］// 2021 IFIP/IEEE International Symposium on Integrated Network Management. IEEE， 2021:215-223.
［24］ NAPOLITANO D. Log analysis: Topic modeling applications on fine-features data processing system［D］. Turin：Politecnico di Torino， 2022.
［25］周建国，戴华，杨庚，等. 基于并列GRU分类模型的日志异常检测方法［J］. 南京理工大学学报， 2022，46（2）:198-204.
［26］孙雪奎，戴华，周建国，等. 基于日志模板主题特征的日志异常检测［J］. 计算机科学， 2023，50（6）:313-321.
［27］ HUANG Z H， XU W， YU K. Bidirectional LSTM-CRF models for sequence tagging［J］. arXiv preprint arXiv:1508.01991， 2015.
［28］ HE S， ZHU J， HE P， et al. Loghub: A large collection of system log datasets towards automated log analytics［J］. arXiv preprint arXiv:2008.06448， 2020.
［29］ ZHU J M， HE S L， LIU J Y， et al. Tools and benchmarks for automated log parsing［C］// 2019 IEEE/ACM 41st International Conference on Software Engineering: Software Engineering in Practice. IEEE，2019:121-130.
［30］周志华. 机器学习［M］. 北京:清华大学出版社， 2018.

[1]	李卓奇, 赵利辉. 基于投毒攻击策略的图像保护方法[J]. 计算机与现代化, 2025, 0(05): 41-47.
[2]	王东方1, 杨艳1, 张东1, 韩文锐2, 李明昌2. 基于形变场配准的DSA去伪影算法[J]. 计算机与现代化, 2025, 0(05): 86-90.
[3]	韦云松1, 2, 李加强1, 2, 何超1, 2, 3, 于海生1, 2, 陈彦林1, 2, 赵龙庆1, 2, 魏荣琨1, 2. 智能驾驶中基于视觉信息与LiDAR的3D目标检测方法研究进展[J]. 计算机与现代化, 2025, 0(05): 91-102.
[4]	徐玲1, 张东1, 文莘1, 胡平2. 目标检测辅助的脑胶质瘤分割分类网络[J]. 计算机与现代化, 2025, 0(05): 111-116.
[5]	庄瑜, 傅晓锦, 李莎, 吴峥. 基于XMB-YOLOv5s的无人机小目标检测[J]. 计算机与现代化, 2025, 0(04): 29-35.
[6]	李楷, 金云鹏, 李海洋, 孔莎莎, 杨鹏, 方成梧, 黄湘杰, 韩耀升, 李春梅 . 基于图像分割的无人机影像AGP计算方法[J]. 计算机与现代化, 2025, 0(04): 83-88.
[7]	王家乐, 宋文爱, 富丽贞. 基于HA-Net模型的职业性尘肺病筛查[J]. 计算机与现代化, 2025, 0(04): 103-110.
[8]	唐锐1, 武建超1, 陈剑波1, 柴江1, 王迁1, 何雨辰2. 基于GiraffeDet的改进YOLOv8s输电线路覆冰检测[J]. 计算机与现代化, 2025, 0(03): 6-11.
[9]	李浩然1, 何文雪1, 徐嘉振1, 杨帮华2. 基于多尺度动态卷积与注意力机制的抑郁脑电信号分类方法[J]. 计算机与现代化, 2025, 0(03): 60-65.
[10]	蒲亚亚, 王彦博, 苏勇东, 徐忠承. 内容引导注意力融合的多尺度特征图像去雾算法[J]. 计算机与现代化, 2025, 0(03): 78-85.
[11]	罗豪, 李先锋. 基于多尺度特征提取的遥感图像分类[J]. 计算机与现代化, 2025, 0(03): 86-92.
[12]	张跃, 郭子昕, 黄益彬, 颜涛. 基于convLSTM的卷积神经网络的网络入侵检测方法[J]. 计算机与现代化, 2025, 0(03): 119-126.
[13]	刘重宜, 李华, 任德均, 柳尧凯, 王玉龙. 基于双向多尺度知识蒸馏的异常检测算法[J]. 计算机与现代化, 2025, 0(02): 58-63.
[14]	何国涛1, 赵春辉2, 刘振宇1, 王龙1. 道路场景下基于地平线检测的相机自标定优化[J]. 计算机与现代化, 2025, 0(02): 77-85.
[15]	赵印, 尹四清, 章永来. 改进YOLOv7的交通标志检测算法[J]. 计算机与现代化, 2025, 0(02): 94-99.