Research On System Status Oriented Information System Anomaly Detection Method

In recent years,the rapid development of cutting-edge technologies such as deep learning has injected a strong impetus to ensure the security of information system.However,how to study and use these cutting-edge technologies in the actual business scenario,timely and effectively find system abnormalities,evaluate system status and improve system emergency response capabilities still need to be improved.Facing complex application scenarios,the existing anomaly detection methods of information system over depend on data labeling,pay less attention to the time dependence of time-series data and difficult to quantify the system abnormal status.In order to solve the above problems,this thesis analyzes the deep learning technology and the system status evaluation method in detail,and proposes a system status-oriented information system anomaly detection method on the basis of the existing theory.Aiming at the problems that the existing information system anomaly detection methods rely too much on data labeling and pay less attention to the time dependence of time-series data,by combining the long short-term memory network(LSTM)and the variational auto-encoder(VAE),this thesis studies and proposes an anomaly detection model based on LSTM-VAE hybrid generation network,the features of the system time-series data are extracted by LSTM and its distribution is modeled by VAE.A method of abnormal status evaluation based on weighted coupling degree is proposed,the coupling degree method is used to optimize the linear weighted sum method,according to the weighted coupling degree method which is optimized,the system abnormal status quantitative value is calculated,and the system abnormal status is evaluated.In order to verify the anomaly detection effect of this model,this model and other generative models are verified in the same data set,and the effectiveness of this model is verified by experiments,experiments results show that the model in this thesis is better than other generative models in the comprehensive index F value,compared with the auto-encoder model,the F value of the model in this thesis has been improved by up to 21.9%,which shows that the model in this thesis has good detection ability for the abnormal time-series data of information system.At the same time,through the comparative experiment with the traditional status evaluation method,the method in this thesis can comprehensively consider and quantify the abnormal status of the system from many aspects,and the evaluation result is more reasonable and effective.