首页|期刊导航|信息安全研究|基于图注意力网络与协作学习的日志异常检测

基于图注意力网络与协作学习的日志异常检测

余坤张仕斌卢嘉中

信息安全研究2026，Vol.12Issue(3)：246-254,9.

信息安全研究2026，Vol.12Issue(3)：246-254,9.DOI:10.12379/j.issn.2096-1057.2026.03.06

基于图注意力网络与协作学习的日志异常检测

Log Anomaly Detection Based on Graph Attention Networks and Collaborative Learning

余坤 ¹张仕斌 ²卢嘉中³

作者信息

1. 成都信息工程大学网络空间安全学院(芯谷产业学院) 成都 610225||先进微处理器技术国家工程研究中心(工业控制与安全分中心) 成都 610225
2. 先进密码技术与系统安全四川省重点实验室(成都信息工程大学) 成都 610225||成都信息工程大学人工智能学院成都 610225
3. 成都信息工程大学网络空间安全学院(芯谷产业学院) 成都 610225||先进密码技术与系统安全四川省重点实验室(成都信息工程大学) 成都 610225||先进微处理器技术国家工程研究中心(工业控制与安全分中心) 成都 610225||成都信息工程大学人工智能学院成都 610225
折叠

摘要

Abstract

Log anomaly detection plays a crucial role in the field of cybersecurity,yet existing methods still face significant challenges.Supervised learning approaches depend on large amounts of labeled data,making the annotation process time-consuming and costly.Although unsupervised learning methods do not require labeled data,they struggle to effectively extract key features in complex log environments,which negatively impacts detection performance.To address these issues,this paper proposes a novel knowledge distillation approach-collaborative learning-and introduces a log anomaly detection model based on this approach,CoLogGNN.The model first converts log data into a directed graph to comprehensively preserve the structural relationships between logs.During the early stages of training,CoLogGNN performs unsupervised learning on normal samples to explore the intrinsic structure of logs.In the mixed-sample training phase,the graph attention network and the graph convolution module collaborate with each other and guide one another.When the graph attention network excels at processing certain samples,it transfers key knowledge to the graph convolutional network through collaborative learning,and vice versa.Through this dynamic mutual learning process,both modules improve their accuracy.Compared to existing models,CoLogGNN achieves effective training using only normal samples,significantly reducing the cost of data annotation.Experimental results on five public datasets demonstrate that the proposed model exhibits superior detection performance,improving the F1-score by approximately 5％over previous methods.

关键词

日志异常检测/知识蒸馏/有向图/协作学习/无监督学习

Key words

log anomaly detection/knowledge distillation/directed graph/collaborative learning/unsupervised learning

分类

信息技术与安全科学

引用本文复制引用

余坤,张仕斌,卢嘉中..基于图注意力网络与协作学习的日志异常检测[J].信息安全研究,2026,12(3):246-254,9.

基金项目

国家自然科学基金项目(62102049) （62102049）

四川省自然科学基金项目(2025ZNSFSC0507) （2025ZNSFSC0507）

四川省重点实验室开放基金项目(SKLACSS-202402) （SKLACSS-202402）

信息安全研究

ISSN：2096-1057

访问量1

下载量0

段落导航