| CPC G06F 21/554 (2013.01) [G06F 2221/034 (2013.01)] | 10 Claims |
|
1. A method for performing machine learning-based observation level measurement using a server system log and performing risk calculation using the machine learning-based observation level measurement, which is implemented in a computing device including at least one processor and at least one memory for storing instructions that are executable by the processor, the method comprising:
a log preprocessing step of collecting, by a log collection server, a log generated in a server system, processing the collected log into a predefined structured data format, and storing the processed log as a log file classified according to the structured data format that defines data attributes of the processed log;
a log file linkage step of processing data of the log file to store the log file stored in the log preprocessing step in a Hadoop distributed file system (HDFS), and linking the processed log file to a big data storage;
a feature value extraction step of communicating, by a log analysis server, with the big data storage to request an inquiry of a raw log collected by the log collection server, and extracting a feature value for a normal behavior from the inquired raw log;
a model training step of normalizing the extracted feature value to level a baseline value for the normal behavior, and training a machine learning model based on the leveled baseline value; and
a risk calculation step of storing the trained machine learning model in a database, and determining, when a log that violates the leveled baseline value is detected from an analysis target log, that an abnormal behavior is detected so as to calculate a risk for the detected abnormal behavior.
|