Research Article
LogCAD: An Efficient and Robust Model for Log-Based Conformal Anomaly Detection
Algorithm 1
Proposed framework of LogCAD.
| Input: Detected log set X, Training log set T, Training normal log set T1, Training abnormal log set T2, Significance level | | Output: Prediction set | | 1 | Γε⟵∅ | | 2 | BaseClassifier ⟵ {LR, SVM, DT, NB} | | 3 | for all i BaseClassifier do | | 4 | Train ensemble classifier with training log data T | | 5 | Normal scores set SN ⟵Ensemble classifier’ non-conformity measure(T1) | | 6 | Abnormal score set SA ⟵ Ensemble classifier’ non-conformity measure(T2) | | 7 | for all log entry xX do | | 8 | pN(x)⟵normal p value calculated in SN | | 9 | pA(x)⟵abnormal p value calculated in SA | | 10 | if pN(x) ≥ pA(x) then | | 11 | Cred(x) ⟵ pN(x) | | 12 | Conf(x) ⟵1 – pA(x) | | 13 | if Conf(x) ≥ then | | 14 | result(x) ⟵(NORMAL, Conf(x))//detection results are pairs of (class label, confidence) | | 15 | else | | 16 | result(x) ⟵(ABNORMAL, Conf(x)) | | 17 | else | | 18 | Cred(x) ⟵ pA(x) | | 19 | Conf(x) ⟵1 – pN(x) | | 20 | if Conf(x) ≥ then | | 21 | result(x) ⟵(ABNORMAL, Conf(x)) | | 22 | else | | 23 | result(x) ⟵(NORMAL, Conf(x)) | | 24 | Γε⟵Γε∪{result(x)} | | 25 | end | | 26 | end |
|
