بهبود نحوه تجزیه و تحلیل داده های حجیم مربوط به فایل لاگ با استفاده از مدل زبان بزرگ LLG
محورهای موضوعی : شبکه های عصبی و یادگیری عمیقبابک نیکمرد 1 * , آذین پیشداد 2 , گلناز آقایی قزوینی 3 , مهرداد عباسی 4
1 - گروه مهندسی کامپیوتر، واحد دولت آباد، دانشگاه آزاد اسلامی، دولت آباد، ایران
2 - گروه مهندسی کامپیوتر، واحد دولت آباد، دانشگاه آزاد اسلامی، دولت آباد، ایران
3 - گروه مهندسی کامپیوتر، واحد دولت آباد، دانشگاه آزاد اسلامی، دولت آباد، ایران
4 - گروه مهندسی کامپیوتر، واحد دولت آباد، دانشگاه آزاد اسلامی، دولت آباد، ایران
کلید واژه: شبکه عصبی, هوش مصنوعی مولد, مدل زبان بزرگ, فایل لاگ,
چکیده مقاله :
هر روز، سازمانها حجم قابلتوجهی از فایلهای رخداد (لاگ) تولید میکنند که برای بررسی شرایط، اشکالزدایی و رفع ناهنجاریها نیاز به پردازش دارند. برون سپاری چنین فرایندی به دلیل نیاز به پردازش بلادرنگ و نگهداری امنیتی مناسب نیست. با توجه به انبوه نرم افزارها و سرویسهای مختلف، سازمانها با حجم قابل توجهی از گزارشها و رخدادهای تولیدی مواجه هستند که به جای حذف یا نادیده گرفته شدن، باید پردازش شوند. در روش سنتی، کارشناسان روزانه به صورت دستی پروندههای رخداد را بررسی میکنند که این امر از یک سو باعث کندی فرآیند، افزایش زمان و عدم دقت و از سوی دیگر به دلیل نیاز به نیروی متخصص، هزینههای بالای استخدام را در پی دارد. این مقاله راه حلی را معرفی میکند که از شبکههای عصبی مولد برای ایجاد یک ساختار محلی برای تجزیه و تحلیل گزارش در سازمان استفاده میشود. این فرآیند شامل بازیابی و تجزیه فایلهای متنی از بخشهای مختلف، تقسیم آنها به بخشهای قابل مدیریت، جاسازی و ذخیره آنها در یک پایگاه داده برداری است. در این ساختار، یک فرد آموزش دیده بدون تخصص خاص میتواند به سرعت به اطلاعات لازم با استفاده از اعلانهای مناسب (پرامپت نویسی) از یک مدل زبان بزرگ که به صورت محلی در سازمان توسعه یافته و در هر زمان قابل دسترسی است، استفاده کند. ازهمین روی، روش پیشنهادی می¬تواند باعث پایداری امنیت، افزایش سرعت تجزیه و تحلیل و کاهش هزینههای منابع انسانی شود.
Nowdays, organizations generate a significant volume of log files that require processing for condition checking, debugging, and anomaly resolution. Outsourcing such processing is not suitable due to the need for real-time processing and security maintenance. Given the multitude of different software and services, organizations face a substantial volume of production logs that should be processed rather than deleted or ignored. In the traditional approach, experts manually check the logs daily. This, on one hand, slows down the process, increases the time and inaccuracy, and, on the other hand, results in a high hiring cost due to the need for an expert force. This article introduces a solution that employs generative neural networks to establish a local structure for log analysis within the organization. The process involves retrieving and parsing text files from various sectors, segmenting them into manageable portions, embedding them, and storing them in a vector database. In this structure, a trained individual without special expertise can quickly access necessary information using appropriate prompts from a local language model available at any time. As a result, three overarching goals are achieved: maintaining security, increasing the speed of analysis, and reducing human resource costs.
[1] M. Landauer, S. Onder, F. Skopik, and M. Wurzenberger, “Deep learning for anomaly detection in log data: A survey,” Machine Learning with Applications, vol. 12, p. 100470, Jun. 2023, doi: 10.1016/J.MLWA.2023.100470.
[2] S. Muthurajkumar, S. Ganapathy, M. Vijayalakshmi, and A. Kannan, “Secured Temporal Log Management Techniques for Cloud,” Procedia Comput Sci, vol. 46, pp. 589–595, Jan. 2015, doi: 10.1016/J.PROCS.2015.02.098.
[3] R. Meyers, “Data highway and the digital transformation: arguments for secure, centralised log management,” Network Security, vol. 2020, no. 10, pp. 17–19, Oct. 2020, doi: 10.1016/S1353-4858(20)30119-7.
[4] Q. Wang, X. Zhang, X. Wang, and Z. Cao, “Log Sequence Anomaly Detection Method Based on Contrastive Adversarial Training and Dual Feature Extraction,” Entropy, vol. 24, no. 1, 2022, doi: 10.3390/e24010069.
[5] H. J. Liao, C. H. Richard Lin, Y. C. Lin, and K. Y. Tung, “Intrusion detection system: A comprehensive review,” Journal of Network and Computer Applications, vol. 36, no. 1, pp. 16–24, Jan. 2013, doi: 10.1016/J.JNCA.2012.09.004.
[6] T. Niesen, S. Dadashnia, P. Fettke, and P. Loos, “A vector space approach to process model matching using insights from natural language processing,” Multikonferenz Wirtschaftsinformatik (MKWI), pp. 93–104, 2016.
[7] N. Wang, S. Sun, and D. OuYang, “Business Process Modeling Abstraction Based on Semi-Supervised Clustering Analysis,” Business & Information Systems Engineering, vol. 60, Jul. 2018, doi: 10.1007/s12599-016-0457-x.
[8] M. Landauer, F. Skopik, M. Wurzenberger, and A. Rauber, “System log clustering approaches for cyber security applications: A survey,” Comput Secur, vol. 92, p. 101739, May 2020, doi: 10.1016/J.COSE.2020.101739.
[9] M. Landauer, M. Wurzenberger, F. Skopik, G. Settanni, and P. Filzmoser, “Dynamic log file analysis: An unsupervised cluster evolution approach for anomaly detection,” Comput Secur, vol. 79, pp. 94–116, Nov. 2018, doi: 10.1016/J.COSE.2018.08.009.
[10] M. and M. Q. and H. B. and L. T. Dai Fei and Liu, “Refactor Business Process Models for Efficiency Improvement,” in Cloud Computing, Smart Grid and Innovative Frontiers in Telecommunications, G. and Q. M. and X. W. and H. T. Zhang Xuyun and Liu, Ed., Cham: Springer International Publishing, 2020, pp. 454–467.
[11] W. Xu, L. Huang, A. Fox, D. Patterson, and M. I. Jordan, “Detecting Large-Scale System Problems by Mining Console Logs,” in Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles, in SOSP ’09. New York, NY, USA: Association for Computing Machinery, 2009, pp. 117–132. doi: 10.1145/1629575.1629587.
[12] Q. Lin, H. Zhang, J.-G. Lou, Y. Zhang, and X. Chen, “Log Clustering Based Problem Identification for Online Service Systems,” in Proceedings of the 38th International Conference on Software Engineering Companion, in ICSE ’16. New York, NY, USA: Association for Computing Machinery, 2016, pp. 102–111. doi: 10.1145/2889160.2889232.
[13] J.-G. Lou, Q. Fu, S. Yang, Y. Xu, and J. Li, “Mining invariants from console logs for system problem detection,” in 2010 USENIX Annual Technical Conference (USENIX ATC 10), 2010.
[14] X. Zhang et al., “Robust Log-Based Anomaly Detection on Unstable Log Data,” in Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, in ESEC/FSE 2019. New York, NY, USA: Association for Computing Machinery, 2019, pp. 807–817. doi: 10.1145/3338906.3338931.
[15] M. Du, F. Li, G. Zheng, and V. Srikumar, “DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning,” in Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, in CCS ’17. New York, NY, USA: Association for Computing Machinery, 2017, pp. 1285–1298. doi: 10.1145/3133956.3134015.
[16] W. Meng et al., “Loganomaly: Unsupervised detection of sequential and quantitative anomalies in unstructured logs.,” in IJCAI, 2019, pp. 4739–4745.
[17] H. Gimpel et al., “Unlocking the power of generative AI models and systems such as GPT-4 and ChatGPT for higher education: A guide for students and lecturers,” Universität Hohenheim, Fakultät Wirtschafts- und Sozialwissenschaften, Stuttgart, 2023.s
[18] Y. Liu et al., “Generative artificial intelligence and its applications in materials science: Current situation and future perspectives,” Journal of Materiomics, vol. 9, no. 4, pp. 798–816, Jul. 2023, doi: 10.1016/J.JMAT.2023.05.001.
[19] A. Radford et al., “Language models are unsupervised multitask learners,” OpenAI blog, vol. 1, no. 8, p. 9, 2019.
[20] T. Brown et al., “Language Models are Few-Shot Learners,” in Advances in Neural Information Processing Systems, H. Larochelle, M. Ranzato, R. Hadsell, M. F. Balcan, and H. Lin, Eds., Curran Associates, Inc., 2020, pp. 1877–1901.
[21] L. Ouyang et al., “Training language models to follow instructions with human feedback,” in Advances in Neural Information Processing Systems, S. Koyejo, S. Mohamed, A. Agarwal, D. Belgrave, K. Cho, and A. Oh, Eds., Curran Associates, Inc., 2022, pp. 27730–27744.
[22] A. Gilson et al., “How Does ChatGPT Perform on the Medical Licensing Exams? The Implications of Large Language Models for Medical Education and Knowledge Assessment,” medRxiv, 2022, doi: 10.1101/2022.12.23.22283901.
[23] Y. K. Dwivedi et al., “Opinion Paper: ‘So what if ChatGPT wrote it?’ Multidisciplinary perspectives on opportunities, challenges and implications of generative conversational AI for research, practice and policy,” Int J Inf Manage, vol. 71, p. 102642, Aug. 2023, doi: 10.1016/J.IJINFOMGT.2023.102642
[24] E. A. M. Van Dis, J. Bollen, W. Zuidema, R. van Rooij, and C. L. Bockting, “ChatGPT: five priorities for research,” Nature, vol. 614, no. 7947, pp. 224–226, 2023.
[25] C. Qin, A. Zhang, Z. Zhang, J. Chen, M. Yasunaga, and D. Yang, “Is ChatGPT a general-purpose natural language processing task solver?,” arXiv preprint arXiv:2302.06476, 2023.
[26] S. Bubeck et al., “Sparks of artificial general intelligence: Early experiments with gpt-4,” arXiv preprint arXiv:2303.12712, 2023.
[27] Y. Liu et al., “Cloud-VAE: Variational autoencoder with concepts embedded,” Pattern Recognit, vol. 140, p. 109530, Aug. 2023, doi: 10.1016/J.PATCOG.2023.109530.
[28] A. Brock, J. Donahue, and K. Simonyan, “Large scale GAN training for high fidelity natural image synthesis,” arXiv preprint arXiv:1809.11096, 2018.
[29] D. Ganguli et al., “Predictability and Surprise in Large Generative Models,” in Proceedings of the 2022 ACM Conference on Fairness, Accountability, and Transparency, in FAccT ’22. New York, NY, USA: Association for Computing Machinery, 2022, pp. 1747–1764. doi: 10.1145/3531146.3533229.
[30] S. Welleck, I. Kulikov, S. Roller, E. Dinan, K. Cho, and J. Weston, “Neural text generation with unlikelihood training,” arXiv preprint arXiv:1908.04319, 2019.
[31] G. Mialon et al., “Augmented language models: a survey,” arXiv preprint arXiv:2302.07842, 2023.
[32] J. Devlin, M.-W. Chang, K. Lee, and K. Toutanova, “Bert: Pre-training of deep bidirectional transformers for language understanding,” arXiv preprint arXiv:1810.04805, 2018.
[33] A. Chowdhery et al., “Palm: Scaling language modeling with pathways,” arXiv preprint arXiv:2204.02311, 2022.
[34] M. Chen et al., “Evaluating large language models trained on code,” arXiv preprint arXiv:2107.03374, 2021.