| 基于多维时序日志的异常行为可视分析 |
| |
| 引用本文: | 张文琦,周喜,赵凡,马博.基于多维时序日志的异常行为可视分析[J].计算机工程与应用,2020,56(10):231-239. |
| |
| 作者姓名: | 张文琦 周喜 赵凡 马博 |
| |
| 作者单位: | 1.中国科学院 新疆理化技术研究所,乌鲁木齐 830011
2.中国科学院大学,北京 100049
3.新疆民族语音语言信息处理实验室,乌鲁木齐 830011 |
| |
| 基金项目: | 西部之光"人才培养计划;新疆维吾尔自治区高层次人才引进工程项目;新疆维吾尔自治区项目 |
| |
| 摘 要: | 当前许多企业面临着来自内部的信息安全问题,由于核心信息的窃取而造成无法估量的损失。企业内部的监控日志数据记录了员工的操作行为与访问记录,通过对内部监控日志进行有效的分析以及时发现员工的异常行为具有重要的意义。然而现有的关于日志分析的方法不能很好地结合多种用户行为日志进行有效分析,并及时发现异常行为提前进行预警。针对这一问题,基于日志的多维性和时序性,提出了一种新颖的可视化系统MLVis。通过设计多个可视化视图,实现一个交互式的可视分析系统,可以帮助决策者发现异常行为,定位异常员工,并分析异常行为之间的联系。采用ChinaVis2018挑战赛I的数据集进行实验和案例分析,验证了该系统的可行性和有效性。
|
| 关 键 词: | 监控日志 异常行为 多视图 可视分析 |
Visual Analysis of Abnormal Behavior Based on Multidimensional Timing Log |
| |
| ZHANG Wenqi,ZHOU Xi,ZHAO Fan,MA Bo.Visual Analysis of Abnormal Behavior Based on Multidimensional Timing Log[J].Computer Engineering and Applications,2020,56(10):231-239. |
| |
| Authors: | ZHANG Wenqi ZHOU Xi ZHAO Fan MA Bo |
| |
| Affiliation: | 1.The Xinjiang Technical Institute of Physics & Chemistry, Chinese Academy of Sciences, Urumqi 830011, China
2.University of Chinese Academy of Sciences, Beijing 100049, China
3.Xinjiang Laboratory of Minority Speech & Language Information Processing, Urumqi 830011, China |
| |
| Abstract: | Many companies have faced internal information security issues at present, the theft of core information causes incalculable losses. The internal monitoring log records the employee’s operational behavior and access records. Therefore, it is of great significance to timely discover the abnormal behavior of employees by effectively analyzing the internal monitoring logs. However, the existing methods of log analysis cannot be combined with a variety of user behavior logs for the effective analysis and timely detection of abnormal behaviors for early warning. In order to solve these problems, a novel visualization system MLVis based on log multidimensionality and temporality is proposed. By designing multiple visual views, implementing an interactive visual analysis system, the system can help decision makers discover anomalous behavior, locate abnormal employees, and analyze the connections between abnormal events. Finally, the data set of ChinaVis2018 Challenge I is used for experiment and case analysis, the results show that the system is feasible and effective. |
| |
| Keywords: | monitoring log abnormal behavior multiple visual views visual analysis |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机工程与应用》浏览原始摘要信息 |
|
点击此处可从《计算机工程与应用》下载全文 |
|
