CN112084056A - Abnormality detection method, apparatus, device and storage medium - Google Patents
Abnormality detection method, apparatus, device and storage mediumDownload PDFInfo
- Publication number
- CN112084056A CN112084056ACN202010862378.8ACN202010862378ACN112084056ACN 112084056 ACN112084056 ACN 112084056ACN 202010862378 ACN202010862378 ACN 202010862378ACN 112084056 ACN112084056 ACN 112084056A
- Authority
- CN
- China
- Prior art keywords
- time series
- series data
- detected
- abnormality detection
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0751—Error or fault detection not based on redundancy
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Testing And Monitoring For Control Systems (AREA)
- Debugging And Monitoring (AREA)
Abstract
Translated fromChinese
Description
Translated fromChinese技术领域technical field
本申请涉及人工智能技术领域,尤其涉及一种异常检测方法、装置、设备及存储介质。The present application relates to the technical field of artificial intelligence, and in particular, to an abnormality detection method, apparatus, device, and storage medium.
背景技术Background technique
现有对指标数据的时间序列的检测,一般为人工阈值检测方式或者基于特征工程的机器学习方式。而人工阈值检测方式中,通过业务运维人员的经验,来给每条时间序列的指标数据进行一个静态阈值的设定,当时间序列的指标数据超出该静态阈值,即会被认定为异常并发送告警。并且,在真实的监控应用场景中,监控指标往往都是百万级别的,这时候对每一条指标数据,都需要维护一个静态阈值的监控方案,维护成本太高。以及随着业务的发展和演进,最初设置的静态阈值可能会不再合适,静态阈值的调整将跟不上发展速度。Existing detection of time series of index data is generally a manual threshold detection method or a machine learning method based on feature engineering. In the manual threshold detection method, a static threshold is set for each time series indicator data based on the experience of business operation and maintenance personnel. When the time series indicator data exceeds the static threshold, it will be identified as abnormal and Send an alert. Moreover, in real monitoring application scenarios, the monitoring indicators are often in the millions. At this time, for each indicator data, it is necessary to maintain a static threshold monitoring scheme, and the maintenance cost is too high. And with the development and evolution of the business, the static thresholds initially set may no longer be appropriate, and the adjustment of the static thresholds will not keep up with the development speed.
基于特征工程的机器学习方式虽然解决了传统方案的一些问题,但是仍然存在一些不足,比如检测耗时高,模型通用化能力弱,即模型在不同业务场景泛化能力弱,数据标注和模型业务特性加载在指标数据的标注中,导致在业务a训练的模型,到业务b中不再适用。而且在不同的业务中进行各自业务数据的标注和模型的训练,工作量大。Although the machine learning method based on feature engineering solves some problems of the traditional solution, it still has some shortcomings, such as high detection time, weak model generalization ability, that is, the model has weak generalization ability in different business scenarios, data annotation and model business. The feature is loaded in the annotation of the indicator data, so that the model trained in business a is no longer applicable to business b. In addition, the labeling of the respective business data and the training of the model are carried out in different businesses, and the workload is large.
发明内容SUMMARY OF THE INVENTION
有鉴于上述存在的技术问题,本申请提出了一种异常检测方法、装置、设备及存储介质。In view of the above existing technical problems, the present application proposes an abnormality detection method, apparatus, device and storage medium.
根据本申请的一方面,提供了一种异常检测方法,所述方法包括:According to an aspect of the present application, an anomaly detection method is provided, the method comprising:
获取至少一个待检测时序数据;Obtain at least one time series data to be detected;
从所述至少一个待检测时序数据中提取基础特征信息;Extract basic feature information from the at least one time series data to be detected;
确定与所述基础特征信息对应的异常检测模型;determining an anomaly detection model corresponding to the basic feature information;
将所述至少一个待检测时序数据输入对应的异常检测模型中,进行异常检测处理,得到所述至少一个待检测时序数据对应的异常检测结果;Inputting the at least one time series data to be detected into a corresponding abnormality detection model, performing abnormality detection processing, and obtaining an abnormality detection result corresponding to the at least one time series data to be detected;
获取异常检测结果为异常的待检测时序数据作为目标时序数据以及获取所述目标时序数据对应的业务类型;Obtaining the time series data to be detected whose abnormality detection result is abnormal as the target time series data and obtaining the service type corresponding to the target time series data;
基于所述目标时序数据对应的业务类型,对所述目标时序数据进行验证,确定所述目标时序数据对应的目标异常检测结果。Based on the service type corresponding to the target time series data, the target time series data is verified, and the target abnormality detection result corresponding to the target time series data is determined.
根据本申请的另一方面,提供了一种异常检测装置,包括:According to another aspect of the present application, an abnormality detection device is provided, comprising:
待检测时序数据获取模块,用于获取至少一个待检测时序数据;A to-be-detected sequence data acquisition module, used to acquire at least one to-be-detected sequence data;
基础特征信息提取模块,用于从所述至少一个待检测时序数据中提取基础特征信息;a basic feature information extraction module, configured to extract basic feature information from the at least one time series data to be detected;
异常检测模型确定模块,用于确定与所述基础特征信息对应的异常检测模型;an anomaly detection model determination module for determining an anomaly detection model corresponding to the basic feature information;
异常检测结果获取模块,用于将所述至少一个待检测时序数据输入对应的异常检测模型中,进行异常检测处理,得到所述至少一个待检测时序数据对应的异常检测结果;an abnormality detection result acquisition module, configured to input the at least one time series data to be detected into a corresponding abnormality detection model, perform abnormality detection processing, and obtain an abnormality detection result corresponding to the at least one time series data to be detected;
目标时序数据和业务类型获取模块,用于获取异常检测结果为异常的待检测时序数据作为目标时序数据以及获取所述目标时序数据对应的业务类型;a target time series data and business type acquisition module, used for acquiring the to-be-detected time series data whose abnormality detection result is abnormal as the target time series data and acquiring the business type corresponding to the target time series data;
目标异常检测结果确定模块,用于基于所述目标时序数据对应的业务类型,对所述目标时序数据进行验证,确定所述目标时序数据对应的目标异常检测结果。The target abnormality detection result determination module is configured to verify the target time series data based on the service type corresponding to the target time series data, and determine the target abnormality detection result corresponding to the target time series data.
根据本申请的另一方面,提供了一种异常检测设备,包括:处理器;用于存储处理器可执行指令的存储器;其中,所述处理器被配置为执行上述方法。According to another aspect of the present application, there is provided an anomaly detection apparatus, comprising: a processor; a memory for storing instructions executable by the processor; wherein the processor is configured to perform the above method.
根据本申请的另一方面,提供了一种非易失性计算机可读存储介质,其上存储有计算机程序指令,其中,所述计算机程序指令被处理器执行时实现上述方法。According to another aspect of the present application, there is provided a non-volatile computer-readable storage medium having computer program instructions stored thereon, wherein the computer program instructions, when executed by a processor, implement the above method.
通过从待检测时序数据中提取基础特征信息、将待检测时序数据输入对应的异常检测模型中,进行异常检测处理,以及基于目标时序数据对应的业务类型,对目标时序数据进行验证,确定目标时序数据对应的目标异常检测结果。使得本申请的异常检测处理,不需要人为的设定和维护检测阈值,人力成本低;也不需要计算大量的特征,只需要提取基础特征信息,避免了大量特征工程的计算工作,异常检测处理更加扁平化,耗时低,可以达到毫秒级;并且,本申请的异常检测模型从业务类型中抽离出来,使得异常检测模型泛化能力强,可以只对时序数据的本身形态进行检测,通用性更高,更易进行异常检测模型的拓展。另外,通过将待检测时序数据输入对应的异常检测模型,进行异常检测处理,可以实现异常检测的并行处理,进一步地提高了异常检测的高效性,并且实现了异常检测的精细化。By extracting basic feature information from the time series data to be detected, inputting the time series data to be detected into the corresponding anomaly detection model, performing abnormal detection processing, and verifying the target time series data based on the business type corresponding to the target time series data, and determining the target time series The target anomaly detection result corresponding to the data. The anomaly detection processing of the present application does not require manual setting and maintenance of detection thresholds, and the labor cost is low; it does not need to calculate a large number of features, but only needs to extract basic feature information, avoiding a large number of feature engineering calculation work, anomaly detection processing It is flatter, less time-consuming, and can reach the millisecond level; in addition, the anomaly detection model of this application is extracted from the business type, so that the anomaly detection model has strong generalization ability, and can only detect the form of time series data itself. It is more flexible and easier to expand the anomaly detection model. In addition, by inputting the time series data to be detected into a corresponding anomaly detection model and performing anomaly detection processing, parallel processing of anomaly detection can be realized, which further improves the efficiency of anomaly detection and realizes refinement of anomaly detection.
根据下面参考附图对示例性实施例的详细说明,本申请的其它特征及方面将变得清楚。Other features and aspects of the present application will become apparent from the following detailed description of exemplary embodiments with reference to the accompanying drawings.
附图说明Description of drawings
包含在说明书中并且构成说明书的一部分的附图与说明书一起示出了本申请的示例性实施例、特征和方面,并且用于解释本申请的原理。The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate exemplary embodiments, features and aspects of the application and together with the description, serve to explain the principles of the application.
图1示出根据本申请一实施例提供的一种应用系统的示意图。FIG. 1 shows a schematic diagram of an application system provided according to an embodiment of the present application.
图2示出根据本申请一实施例的时序数据的示意图。FIG. 2 shows a schematic diagram of time series data according to an embodiment of the present application.
图3示出根据本申请一实施例的异常检测模型的训练方法的流程图。FIG. 3 shows a flowchart of a training method for an anomaly detection model according to an embodiment of the present application.
图4示出根据本申请一实施例的异常检测方法的流程图。FIG. 4 shows a flowchart of an abnormality detection method according to an embodiment of the present application.
图5示出根据本申请一实施例的所述基于所述目标时序数据对应的业务类型,对所述目标时序数据进行验证,确定所述目标时序数据对应的目标异常检测结果的方法流程图。5 shows a flowchart of the method for verifying the target time series data based on the service type corresponding to the target time series data, and determining the target abnormality detection result corresponding to the target time series data according to an embodiment of the present application.
图6示出根据本申请一实施例的异常检测方法的流程图。FIG. 6 shows a flowchart of an abnormality detection method according to an embodiment of the present application.
图7a和7b示出根据本申请一实施例的异常时序数据的告警示意图。7a and 7b show schematic diagrams of alarms of abnormal time series data according to an embodiment of the present application.
图8示出根据本申请一实施例的异常检测方法的流程图。FIG. 8 shows a flowchart of an abnormality detection method according to an embodiment of the present application.
图9示出根据本申请一实施例的异常检测技术架构的示意图。FIG. 9 shows a schematic diagram of an anomaly detection technology architecture according to an embodiment of the present application.
图10示出根据本申请一实施例的异常检测方法的流程图。FIG. 10 shows a flowchart of an abnormality detection method according to an embodiment of the present application.
图11示出根据本申请一实施例的图像的异常检测装置的框图。FIG. 11 shows a block diagram of an image abnormality detection apparatus according to an embodiment of the present application.
图12是根据一示例性实施例示出的一种用于异常检测装置1200的框图。FIG. 12 is a block diagram of an
具体实施方式Detailed ways
以下将参考附图详细说明本申请的各种示例性实施例、特征和方面。附图中相同的附图标记表示功能相同或相似的元件。尽管在附图中示出了实施例的各种方面,但是除非特别指出,不必按比例绘制附图。Various exemplary embodiments, features and aspects of the present application will be described in detail below with reference to the accompanying drawings. The same reference numbers in the figures denote elements that have the same or similar functions. While various aspects of the embodiments are shown in the drawings, the drawings are not necessarily drawn to scale unless otherwise indicated.
在这里专用的词“示例性”意为“用作例子、实施例或说明性”。这里作为“示例性”所说明的任何实施例不必解释为优于或好于其它实施例。The word "exemplary" is used exclusively herein to mean "serving as an example, embodiment, or illustration." Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.
另外,为了更好的说明本申请,在下文的具体实施方式中给出了众多的具体细节。本领域技术人员应当理解,没有某些具体细节,本申请同样可以实施。在一些实例中,对于本领域技术人员熟知的方法、手段、元件和电路未作详细描述,以便于凸显本申请的主旨。In addition, in order to better illustrate the present application, numerous specific details are given in the following detailed description. It should be understood by those skilled in the art that the present application may be practiced without certain specific details. In some instances, methods, means, components and circuits well known to those skilled in the art have not been described in detail so as not to obscure the subject matter of the present application.
人工智能(Artificial Intelligence,AI)是利用数字计算机或者数字计算机控制的机器模拟、延伸和扩展人的智能,感知环境、获取知识并使用知识获得最佳结果的理论、方法、技术及应用系统。人工智能软件技术主要包括计算机视觉技术、语音处理技术、自然语言处理技术以及机器学习/深度学习等几大方向。Artificial Intelligence (AI) is a theory, method, technology and application system that uses digital computers or machines controlled by digital computers to simulate, extend and expand human intelligence, perceive the environment, acquire knowledge and use knowledge to obtain the best results. Artificial intelligence software technology mainly includes computer vision technology, speech processing technology, natural language processing technology, and machine learning/deep learning.
近年来,随着人工智能技术研究和进步,人工智能技术在多个领域得到广泛应用,本申请实施例提供的方案涉及计算机视觉等技术,具体通过如下实施例进行说明:In recent years, with the research and progress of artificial intelligence technology, artificial intelligence technology has been widely used in many fields. The solutions provided in the embodiments of this application involve technologies such as computer vision, which are specifically described by the following embodiments:
请参阅图1,图1示出根据本申请一实施例提供的一种应用系统的示意图。所述应用系统可以用于本申请的异常检测方法。如图1所示,该应用系统至少可以包括服务器01和终端02。Please refer to FIG. 1. FIG. 1 shows a schematic diagram of an application system according to an embodiment of the present application. The application system can be used in the abnormality detection method of the present application. As shown in FIG. 1 , the application system may include at least a
本申请实施例中,所述服务器01可以包括独立的物理服务器,也可以是多个物理服务器构成的服务器集群或者分布式系统,还可以是提供云服务、云数据库、云计算、云函数、云存储、网络服务、云通信、中间件服务、域名服务、安全服务、CDN(Content DeliveryNetwork,内容分发网络)、以及大数据和人工智能平台等基础云计算服务的云服务器。In this embodiment of the present application, the
本申请实施例中,所述终端02可以包括智能手机、台式计算机、平板电脑、笔记本电脑、智能音箱、数字助理、增强现实(augmented reality,AR)/虚拟现实(virtualreality,VR)设备、智能可穿戴设备等类型的实体设备。实体设备,也可以包括运行于实体设备中的软体,例如应用程序等。本申请实施例中终端02上运行的操作系统可以包括但不限于安卓系统、IOS系统、linux、windows等。In this embodiment of the present application, the terminal 02 may include a smartphone, a desktop computer, a tablet computer, a laptop computer, a smart speaker, a digital assistant, an augmented reality (AR)/virtual reality (VR) device, a smart Physical devices such as wearable devices. The physical device may also include software running in the physical device, such as an application program. The operating system running on the terminal 02 in this embodiment of the present application may include, but is not limited to, an Android system, an IOS system, linux, windows, and the like.
本说明书实施例中,上述终端02以及服务器01可以通过有线或无线通信方式进行直接或间接地连接,本申请对此不作限定。In the embodiment of this specification, the above-mentioned
所述终端02可以用于提供面向用户的异常检测处理。用户可以在终端02上传待检测时序数据。终端02可以接收并显示告警信息、异常时序数据对应的时间序列图以及异常时序数据的基础特征信息。用户还可以在终端02上对该告警信息进行反馈,即可以对异常时序数据进行反馈。终端02提供面向用户的异常检测处理的方式可以包括但不限于应用程序方式、网页方式等。The terminal 02 may be used to provide user-oriented anomaly detection processing. The user can upload the time series data to be detected on the terminal 02 . The terminal 02 can receive and display alarm information, a time series diagram corresponding to the abnormal time series data, and basic feature information of the abnormal time series data. The user can also give feedback on the alarm information on the terminal 02, that is, can give feedback on the abnormal time series data. The manner in which the terminal 02 provides user-oriented abnormality detection processing may include, but is not limited to, an application program manner, a web page manner, and the like.
需要说明的是,本申请实施例中,可以由服务器01执行异常检测方法,优选地,在服务器01中实现所述异常检测方法。以便减轻终端的数据处理压力,改善面向用户的终端的设备性能。It should be noted that, in this embodiment of the present application, the abnormality detection method may be executed by the
在一个具体的实施例中,服务器02为分布式系统时,该分布式系统可以为区块链系统,分布式系统为区块链系统时,可以由多个节点(接入网络中的任意形式的计算设备,如服务器、用户终端)形成,节点之间形成的点对点(P2P,Peer To Peer)网络,P2P协议是一个运行在传输控制协议(TCP,Transmission Control Protocol)协议之上的应用层协议。在分布式系统中,任何机器如服务器、终端都可以加入而成为节点,节点包括硬件层、中间层、操作系统层和应用层。具体的,区块链系统中各节点的功能,涉及的功能可以包括:In a specific embodiment, when the
1)路由,节点具有的基本功能,用于支持节点之间的通信。1) Routing, a basic function that a node has to support communication between nodes.
节点除具有路由功能外,还可以具有以下功能:In addition to the routing function, a node can also have the following functions:
2)应用,用于部署在区块链中,根据实际业务需求而实现特定业务,记录实现功能相关的数据形成记录数据,在记录数据中携带数字签名以表示任务数据的来源,将记录数据发送到区块链系统中的其他节点,供其他节点在验证记录数据来源以及完整性成功时,将记录数据添加到临时区块中。2) Application, used to deploy in the blockchain, implement specific business according to actual business needs, record data related to the realization of functions to form record data, carry a digital signature in the record data to indicate the source of the task data, and send the record data To other nodes in the blockchain system, for other nodes to add the record data to the temporary block when verifying the source and integrity of the record data successfully.
需要说明的是,以下图中示出的是一种可能的步骤顺序,实际上并不限定必须严格按照此顺序。有些步骤可以在互不依赖的情况下并行执行。It should be noted that, what is shown in the following figure is a possible sequence of steps, which is not actually limited to strictly follow this sequence. Some steps can be executed in parallel without being dependent on each other.
本说明书实施例中,由于异常检测过程和异常检测模型训练过程中均会使用基础特征信息、特征类型、异常检测模型的对应关系,选择先介绍基础特征信息、特征类型、异常检测模型的对应关系。该对应关系可以是根据实际需求设置的,本申请不作限定。In the embodiment of this specification, since the corresponding relationship between basic feature information, feature type, and abnormality detection model will be used in the abnormality detection process and the abnormality detection model training process, the corresponding relationship between basic feature information, feature type, and abnormality detection model is chosen to be introduced first. . The corresponding relationship may be set according to actual requirements, which is not limited in this application.
其中,基础特征信息可以用于反映时序数据的分布信息,用于选择异常检测模型。例如,基础特征信息可以包括时序数据的波动信息、趋势(单调)信息和周期性信息等。特征类型可以包括平稳类型和非平稳类型。对于平稳类型的时序数据,西格玛sigma模型进行异常检测的效果就可以很好,例如N-sigma模型,N可以为3。但是对于非平稳类型的时序数据,sigma模型不能得到很好的异常检测效果。为了更好的处理非平稳类型时序数据的异常检测,本申请引入趋势信息和周期性信息,对非平稳类型进行细分。在一个示例中,非平稳类型可以包括第一非平稳类型、第二非平稳类型、第三非平稳类型。具体地,第一非平稳类型可以包括时序数据为波动大、无趋势、无周期差异类型或时序数据为波动大、有趋势、无周期差异类型;第二非平稳类型可以包括时序数据为波动大、有趋势、有周期差异类型;第三非平稳类型可以包括时序数据为包括波动大、无趋势、有周期差异类型。其中,时序数据可以参见下面相应部分的介绍。Among them, the basic feature information can be used to reflect the distribution information of time series data, and used to select an anomaly detection model. For example, the basic feature information may include fluctuation information, trend (monotonic) information, periodicity information and the like of time series data. Feature types can include stationary and non-stationary types. For stationary type of time series data, the sigma model can be very effective for anomaly detection, such as N-sigma model, N can be 3. However, for non-stationary time series data, the sigma model cannot obtain a good anomaly detection effect. In order to better handle abnormal detection of non-stationary type time series data, the present application introduces trend information and periodic information to subdivide non-stationary types. In one example, the non-stationary types may include a first non-stationary type, a second non-stationary type, and a third non-stationary type. Specifically, the first non-stationary type may include that the time series data has large fluctuation, no trend, and no periodic difference, or the time series data is a type that has large fluctuation, has a trend, and no periodic difference; the second non-stationary type may include that the time series data has large fluctuation , with trend, and with periodic difference; the third non-stationary type can include time series data that includes large fluctuation, no trend, and periodic difference. For the time series data, please refer to the introduction in the corresponding section below.
本说明书实施例中,可以基于基础特征信息与对应的波动阈值,确定特征类型。例如,若基础特征信息中的波动信息小于或等于波动阈值,可以确定特征类型为平稳类型;若基础特征信息中的波动信息大于波动阈值,可以确定特征类型为非平稳类型。在基础特征信息包括时序数据的波动信息、趋势信息和周期性信息时,在一个示例中,对非平稳类型进行进一步划分,可以包括:将波动信息大于波动阈值、无趋势、有周期性、周期之间不存在差异以及波动信息大于波动阈值、趋势上升或趋势下降、有周期性、周期之间不存在差异,划分为对应的第一非平稳类型;将波动信息大于波动阈值、趋势上升或趋势下降、有周期性、周期之间存在差异,划分为对应的第二非平稳类型;将波动信息大于波动阈值、无趋势、有周期性、周期之间存在差异,划分为对应的第三非平稳类型。In the embodiment of this specification, the feature type may be determined based on the basic feature information and the corresponding fluctuation threshold. For example, if the fluctuation information in the basic feature information is less than or equal to the fluctuation threshold, the feature type can be determined to be a stationary type; if the fluctuation information in the basic feature information is greater than the fluctuation threshold, the feature type can be determined to be a non-stationary type. When the basic feature information includes fluctuation information, trend information, and periodicity information of time series data, in an example, further dividing the non-stationary type may include: setting the fluctuation information greater than the fluctuation threshold, no trend, periodicity, periodicity There is no difference between them and the fluctuation information is greater than the fluctuation threshold, the trend is rising or the trend is falling, there is periodicity, and there is no difference between the periods, it is divided into the corresponding first non-stationary type; the fluctuation information is greater than the fluctuation threshold, the trend is rising or the trend is rising. If the fluctuation information is greater than the fluctuation threshold, there is no trend, there is periodicity, and there is a difference between the periods, it is divided into the corresponding third non-stationary type. type.
其中,波动信息可以是指时序数据的波动程度信息;趋势信息可以是指时序数据中、检测数据点之前预设时间至检测数据点的上升、下降或平稳的信息,其中,预设时间可以是半小时,本申请对此不作限定;周期性信息可以是指时序数据是否具有周期性以及周期之间数据的差异性;周期之间的数据差异性包括周期之间存在差异(有周期差异)、周期之间不存在差异(无周期差异),有周期差异可以是指检测数据点与历史数据点中与检测时间点对应的数据点不同;无周期差异可以是指检测数据点与历史数据点中与检测时间点对应的数据点相同。比如检测数据点为当前10:00,与该检测点对应的数据点可以是指历史数据点中历史检测点为10:00对应数据点。其中,时序数据、检测数据点和历史数据点可以参见下面相应介绍。历史时间点可以与历史数据点对应。作为一个示例,可以利用时间序列分解算法,例如STL(Seasonal-Trend decomposition procedure based on Loess)算法(基于局部回归平滑的时间序列分解算法),获取时序数据的周期性信息。Wherein, the fluctuation information may refer to the fluctuation degree information of the time series data; the trend information may refer to the rising, falling or stable information from the preset time before the detection data point to the detection data point in the time series data, wherein the preset time may be Half an hour, which is not limited in this application; periodicity information may refer to whether the time series data has periodicity and the difference of data between cycles; There is no difference between periods (no period difference), a period difference can refer to the difference between the detection data point and the data point corresponding to the detection time point in the historical data point; no period difference can refer to the detection data point and the historical data point. The same as the data points corresponding to the detection time points. For example, the detection data point is the current 10:00, and the data point corresponding to the detection point may refer to the data point corresponding to the historical detection point at 10:00 in the historical data points. Among them, time series data, detection data points and historical data points can be referred to the corresponding introduction below. Historical time points may correspond to historical data points. As an example, a time series decomposition algorithm, such as an STL (Seasonal-Trend decomposition procedure based on Loess) algorithm (time series decomposition algorithm based on local regression smoothing), can be used to obtain periodicity information of time series data.
可选地,异常检测模型可以分为非深度学习模型和深度学习模型。异常检测模型可以是有监督学习模型或者无监督学习模型,本申请对此不作限定。Optionally, anomaly detection models can be classified into non-deep learning models and deep learning models. The anomaly detection model may be a supervised learning model or an unsupervised learning model, which is not limited in this application.
作为一个示例,该基础特征信息、特征类型、异常检测模型的对应关系可以如下表1所示:As an example, the corresponding relationship between the basic feature information, feature type, and anomaly detection model may be as shown in Table 1 below:
表1Table 1
需要说明的是,上述表1仅仅是一个示例,不对本申请进行限定。其中,对于波动大、周期之间不存在差异的,利用决策树模型进行异常检测可以得到较好的效果,例如,决策树模型可以包括GBDT(Gradient Boosting Decison Tree,梯度提升决策树)模型或者xgboost(Extreme Gradient Boosting)模型。其中,GBDT是把所有树的结论累加起来作最终结论的,GBDT中的树都是回归树,GBDT可以用来做回归预测和分类。XGBoost是一种高效的梯度提升算法,能自动利用cpu的多线程,可以提高异常检测的效率,比较适合数据量大的场景。对于波动大、有趋势、有周期差异类型,利用移动平均类算法模型可以有效评估检测数据点附近多个数据点的拟合情况,以用于有效检测出异常。例如,移动平均类算法模型可以包括EWMA(Exponentially Weighted Moving Average,指数加权移动平均)算法模型或者ARIMA(Autoregressive Integrated Moving Average model,差分整合移动平均自回归模型)算法模型。对于波动大,无趋势,有周期差异类型,由于检测数据点临近的数据点没有明显趋势,使用EWMA算法模型不能够检测出异常,因此可以选择多项式拟合算法模型和变点检测算法模型结合,进行异常检测。其中,多项式拟合算法模型本质也是一个线性模型,只是变量可以是2次幂或更高次幂。多项式拟合算法模型可以是用一个多项式展开去拟合时序数据,其中,展开系数可以用最小二乘拟合来确定。变点检测算法模型主要是利用差分的方法,检测时间序列变化的幅度,幅度大于幅度阈值,则可以认为存在变点,即异常检测结果为异常。It should be noted that the above Table 1 is only an example, and does not limit the present application. Among them, for those with large fluctuations and no difference between cycles, the decision tree model can be used for abnormal detection to obtain better results. For example, the decision tree model can include GBDT (Gradient Boosting Decison Tree, gradient boosting decision tree) model or xgboost (Extreme Gradient Boosting) model. Among them, GBDT accumulates the conclusions of all trees to make the final conclusion. The trees in GBDT are regression trees, and GBDT can be used for regression prediction and classification. XGBoost is an efficient gradient boosting algorithm that can automatically utilize the multi-threading of the CPU, which can improve the efficiency of anomaly detection and is more suitable for scenarios with large amounts of data. For the types with large fluctuations, trends and periodic differences, the moving average algorithm model can effectively evaluate the fitting situation of multiple data points near the detected data points, so as to effectively detect abnormalities. For example, the moving average algorithm model may include an EWMA (Exponentially Weighted Moving Average, exponentially weighted moving average) algorithm model or an ARIMA (Autoregressive Integrated Moving Average model, differential integrated moving average autoregressive model) algorithm model. For the type with large fluctuation, no trend, and periodic difference, since there is no obvious trend in the data points adjacent to the detected data points, the EWMA algorithm model cannot detect abnormality. Therefore, the polynomial fitting algorithm model and the change point detection algorithm model can be selected to combine. Anomaly detection is performed. Among them, the polynomial fitting algorithm model is also a linear model in essence, but the variable can be a power of 2 or higher. The polynomial fitting algorithm model may use a polynomial expansion to fit the time series data, wherein the expansion coefficients may be determined by least squares fitting. The change point detection algorithm model mainly uses the difference method to detect the amplitude of the time series change. If the amplitude is greater than the amplitude threshold, it can be considered that there is a change point, that is, the abnormal detection result is abnormal.
在异常检测模型的训练阶段,可以获取与特征类型对应的子样本时序数据集,利用子样本时序数据集,对预设机器学习模型进行机器学习训练,得到表1中对应的非深度学习模型。还可以利用子样本时序数据集对预设深度学习模型进行训练,得到表1中对应的深度学习模型:第一异常检测模型、第二异常检测模型、第三异常检测模型和第四异常检测模型。In the training phase of the anomaly detection model, the sub-sample time series data set corresponding to the feature type can be obtained, and the sub-sample time series data set can be used to perform machine learning training on the preset machine learning model to obtain the corresponding non-deep learning model in Table 1. The preset deep learning model can also be trained by using the sub-sample time series data set to obtain the corresponding deep learning models in Table 1: the first anomaly detection model, the second anomaly detection model, the third anomaly detection model and the fourth anomaly detection model. .
需要说明的是,时序数据的基础特征也可以是无周期性的,相应地,也可以设置对应的异常检测模型,并可以获取无周期性的子样本时序数据,基于该子样本时序数据,对预设机器学习模型进行机器学习训练,得到对应的异常检测模型。后续也可以对无周期性的时序数据进行异常检测。It should be noted that the basic features of time series data can also be aperiodic, and correspondingly, a corresponding anomaly detection model can also be set, and aperiodic sub-sample time series data can be obtained. The machine learning model is preset for machine learning training to obtain a corresponding anomaly detection model. Subsequent anomaly detection can also be performed on aperiodic time series data.
在异常检测的应用中,可以将待检测时序数据输入对应的异常检测模型,这里由于待检测时序数据对应的异常检测模型包括两种类型:非深度学习模型和深度学习模型,可以由用户选择异常检测模型的类型;或者可以自动选择异常检测模型的类型;或者也可以同时输入对应的非深度学习模型和深度学习模型,基于两个模型的输出对应的权重,确定异常检测结果。本申请对此不作限定。In the application of anomaly detection, the time series data to be detected can be input into the corresponding anomaly detection model. Here, since the anomaly detection model corresponding to the time series data to be detected includes two types: non-deep learning model and deep learning model, the user can select the anomaly detection model. The type of detection model; or the type of anomaly detection model can be automatically selected; or the corresponding non-deep learning model and deep learning model can be input at the same time, and the anomaly detection result can be determined based on the corresponding weights of the outputs of the two models. This application does not limit this.
另外,这里先介绍本说明书实施例中的时序数据。该时序数据可以是监控设备上报的,时序数据可以是指按照上报的时间先后顺序排列的数据,可以用一维数组表示,该一维数组中可以包括从左至右的数据,该从左至右的数据对应上报的时间先后顺序排列的数据。该时序数据可以看作时间序列,是一组按照时间发生先后顺序进行排列的数据点序列。其中,一维数组中每个元素可以是一个数据点(对应一次上报的数据),一维数组中的最右(最后)一个数据点可以是检测数据点;其它数据点可以是历史数据点。其中,数据点的间隔可以是恒定的,因为上报的间隔可以是恒定的,比如10秒、1分钟、5分钟等。这里的时间序列可以是指监控类的时间序列,比如云监控的时间序列。In addition, the time series data in the embodiments of this specification are first introduced here. The time series data may be reported by a monitoring device, and the time series data may refer to data arranged in the order of time reported, and may be represented by a one-dimensional array. The one-dimensional array may include data from left to right. The data on the right corresponds to the reported data arranged in chronological order. The time series data can be regarded as a time series, which is a sequence of data points arranged in the order of time occurrence. Wherein, each element in the one-dimensional array can be a data point (corresponding to the data reported once), the rightmost (last) data point in the one-dimensional array can be a detection data point; other data points can be historical data points. The interval of data points may be constant, because the interval of reporting may be constant, such as 10 seconds, 1 minute, 5 minutes, and so on. The time series here can refer to the time series of monitoring, such as the time series of cloud monitoring.
本申请的异常检测是针对检测数据点的异常检测,比如数据点的突发上升或下降、偏离正常值的波动等。在将当前上报数据作为检测数据点时,即是对当前上报数据的异常检测。Anomaly detection in the present application refers to anomaly detection of detected data points, such as sudden rise or fall of data points, fluctuations deviating from normal values, and the like. When the currently reported data is used as the detection data point, it is the abnormal detection of the currently reported data.
本说明书实施例中,时序数据可以是历史数据点和检测数据点组成的。在一个示例中,可以如图2所示,时序数据的一维数组为[第一历史数据点;第二历史数据点;第三历史数据点;检测数据点]。其中,检测数据点为当前的20180810的10:00点对应的检测数据点,该10:00为检测时间点xt;第三历史数据点可以包括检测数据点之前的预设时长k内的历史数据点:[xt-k,xt)内的数据点;第二历史数据点可以包括前一天(例如20180809)中在检测时间点相同的时间(yt)之前和之后的预设时长k内的历史数据点:[yt-k,yt+k]内的数据点;第一历史数据点可以包括上周某一天中在检测时间点相同的时间(zt)之前和之后的预设时长k内的历史数据点:[zt-k,zt+k]内的数据点。该上周某一天的日期可以是与检测数据点对应的日期相差7天,例如20180803。其中,k可以为3个小时,本申请对此不作限定。In the embodiment of this specification, the time series data may be composed of historical data points and detected data points. In one example, as shown in FIG. 2 , the one-dimensional array of time series data is [first historical data point; second historical data point; third historical data point; detection data point]. Wherein, the detection data point is the detection data point corresponding to 10:00 of the current 20180810, and the 10:00 is the detection time point xt ; the third historical data point may include the historical data in the preset duration k before the detection data point Data points: data points within [xtk , xt ); the second historical data points may include data points within a preset duration k before and after the same time (yt ) as the detection time point in the previous day (eg, 20180809). Historical data points: data points within [ytk , yt+k ]; the first historical data point may include a preset duration k before and after the same detection time point (zt ) on a certain day in the last week Historical data points for : data points within [ztk , zt+k ]. The date of a certain day in the last week may be 7 days different from the date corresponding to the detection data point, for example, 20180803. Wherein, k may be 3 hours, which is not limited in this application.
需要说明的是,图2仅仅是一个示例,检测数据点可以是当前时间点对应的当前上报数据,也可以是需要检测的数据点。本申请对此不作限定,只要是时序数据的最后一个数据点,该最后一个数据点即为检测数据点。历史数据点可以仅包括第三历史数据点,或者历史数据点可以包括第三历史数据点和第一历史数据点或第三历史数据点和第二历史数据点。或者历史数据点也可以基于检测数据点对应的检测时间点,选择其它的历史数据点,本申请对此不作限定,只要选择的历史数据点结合检测数据点能够表征时序数据的基本特征信息即可。It should be noted that FIG. 2 is only an example, and the detected data point may be the currently reported data corresponding to the current time point, or may be the data point to be detected. This application does not limit this, as long as it is the last data point of the time series data, the last data point is the detection data point. The historical data points may include only the third historical data point, or the historical data points may include the third historical data point and the first historical data point or the third historical data point and the second historical data point. Alternatively, other historical data points may be selected based on the detection time point corresponding to the detection data point, which is not limited in this application, as long as the selected historical data point combined with the detection data point can represent the basic feature information of the time series data. .
本说明书实施例中,时序数据可以包括不同指标类型的数据。总体可以分为基础监控指标类型和业务监控指标类型。基础指标类型可以是指对基础机器、数据库等偏低层服务的监控指标类型,基础监控指标类型的数据,例如CPU使用率、内存使用率、网络带宽等;业务监控指标类型可以是指对高层级服务的监控指标类型,业务监控指标类型的数据,例如接口的成功率、访问网页的成功率、直播视频的卡顿率、APP(Application,应用程序)的在线用户数等。对于每一个时序数据来说,每一个时刻,对应唯一值。In the embodiment of this specification, the time series data may include data of different index types. Generally, it can be divided into basic monitoring indicator types and business monitoring indicator types. Basic indicator types can refer to monitoring indicator types for low-level services such as basic machines and databases, and data of basic monitoring indicator types, such as CPU usage, memory usage, network bandwidth, etc.; business monitoring indicator types can refer to high-level monitoring indicators. Types of monitoring indicators for high-level services, and data on types of business monitoring indicators, such as the success rate of interfaces, the success rate of accessing web pages, the freeze rate of live video, and the number of online users of APPs (Applications). For each time series data, each moment corresponds to a unique value.
通过云监控系统提供的时序数据,对时序数据进行异常检测,可以及时的对不同指标类型的数据对应的服务状态进行快速且准确的检测,并可以触发告警以通知给机器运维人员去进行核查、处理和修复,从而能保证提供稳定的服务。Through the time series data provided by the cloud monitoring system, the abnormal detection of the time series data can quickly and accurately detect the service status corresponding to the data of different index types in a timely manner, and can trigger an alarm to notify the machine operation and maintenance personnel for verification. , processing and repairing to ensure stable service.
具体地,图3示出根据本申请一实施例的异常检测模型的训练方法的流程图。如图3所示,所述方法可以包括:Specifically, FIG. 3 shows a flowchart of a training method for an anomaly detection model according to an embodiment of the present application. As shown in Figure 3, the method may include:
S301,获取样本时序数据集,所述样本时序数据集包括样本时序数据和对应的标签。S301. Obtain a sample time series data set, where the sample time series data set includes sample time series data and corresponding labels.
本说明书实施例中,可以获取大量的时序数据,并可以对该大量的时序数据进行预处理,比如清洗、插值处理,从而得到样本时序数据集。一个样本时序数据即为一个一维数组;标签可以包括正常和异常。In the embodiment of the present specification, a large amount of time series data can be acquired, and the large amount of time series data can be preprocessed, such as cleaning and interpolation processing, so as to obtain a sample time series data set. A sample time series data is a one-dimensional array; labels can include normal and abnormal.
在一个示例中,对该大量的时序数据进行预处理,可以包括:In one example, preprocessing the large amount of time series data may include:
对该大量的时序数据进行数据校验。比如对时序数据中的数据进行大小校验、缺失值校验、NAN(Not a Number,非数)值校验、非法值校验等。Data verification is performed on the large amount of time series data. For example, size check, missing value check, NAN (Not a Number, not a number) value check, and illegal value check are performed on the data in time series data.
对时序数据进行数据清洗。例如,若时序数据存在缺失值的,可以通过插值处理进行缺失值的补充;若时序数据具有NAN值,可以通过插值处理或者均值处理以去掉NAN值。若时序数据具有非法值(比如字符等),可以直接返回检测失败码。Data cleaning for time series data. For example, if there are missing values in the time series data, interpolation processing can be used to supplement the missing values; if the time series data has NAN values, the NAN values can be removed by interpolation processing or mean processing. If the time series data has illegal values (such as characters, etc.), the detection failure code can be directly returned.
可以对数据清洗后的时序数据进行标准化处理。比如,对数据清洗后的时序数据进行归一化处理,使得时序数据中的数据可以统一到[0,1]之间。The time series data after data cleaning can be standardized. For example, normalize the time series data after data cleaning, so that the data in the time series data can be unified into [0,1].
S303,从每一样本时序数据中提取样本基础特征信息。S303, extract basic feature information of samples from each sample time series data.
在一个可能的实现方式中,该S303可以通过下面方式实现,即该S303可以包括:In a possible implementation manner, the S303 may be implemented in the following manner, that is, the S303 may include:
将样本时序数据集输入基础特征提取模型中进行基础特征提取处理,获取样本时序数据集中每一样本时序数据的基础特征信息。该基础特征提取模型可以是预先训练好的机器学习模型。例如,机器学习模型可以是N-sigma模型,N的值可以根据实际需要设置。The sample time series data set is input into the basic feature extraction model to perform basic feature extraction processing, and the basic feature information of each sample time series data in the sample time series data set is obtained. The basic feature extraction model may be a pre-trained machine learning model. For example, the machine learning model can be an N-sigma model, and the value of N can be set according to actual needs.
或者,可以对每一样本时序数据进行统计处理或拟合处理,提取出每一样本时序数据的基础特征信息。对于统计处理和拟合处理的具体方法,本申请不作限定。例如,对于统计处理的方式,可以对每一样本时序数据进行统计,将统计得到的方差作为波动信息;可以基于检测时间点之前半小时内的检测数据点的上升或下降趋势,提取出趋势信息;并可以根据统计分析得到每一样本时序数据的周期性信息,该周期性信息可以包括是否有周期性信息、周期之间是否存在差异的信息。Alternatively, statistical processing or fitting processing may be performed on each sample time series data to extract basic feature information of each sample time series data. The specific methods of statistical processing and fitting processing are not limited in this application. For example, for the statistical processing method, each sample time series data can be counted, and the variance obtained by the statistics can be used as fluctuation information; the trend information can be extracted based on the rising or falling trend of the detected data points within half an hour before the detection time point. and the periodic information of each sample time series data can be obtained according to statistical analysis, and the periodic information can include information on whether there is periodic information and whether there is a difference between the periods.
S305,确定所述样本基础特征信息对应的特征类型。S305: Determine the feature type corresponding to the basic feature information of the sample.
本说明书实施例中,可以获取基础特征信息与特征类型的对应关系,然后通过查找到样本基础特征信息匹配的基础特征信息,从而可以确定样本基础特征信息对应的特征类型。例如,可以根据样本基础特征信息,查找上述表1,通过匹配的方式,确定样本基础特征信息对应的特征类型。In the embodiment of this specification, the corresponding relationship between the basic feature information and the feature type can be obtained, and then the basic feature information matched with the sample basic feature information can be found, so that the feature type corresponding to the sample basic feature information can be determined. For example, the above-mentioned Table 1 can be searched according to the basic feature information of the sample, and the feature type corresponding to the basic feature information of the sample can be determined by means of matching.
S307,基于每一样本时序数据对应的特征类型,将所述样本时序数据集划分为与特征类型对应的子样本时序数据集。也就是说,可以将样本时序数据集中具有相同特征类型的样本时序数据划分到同一个子样本时序数据集中,从而将样本时序数据集划分为与特征类型对应的子样本时序数据集。S307 , based on the feature type corresponding to each sample time series data, divide the sample time series data set into sub-sample time series data sets corresponding to the feature types. That is, the sample time series data with the same feature type in the sample time series data set can be divided into the same subsample time series data set, thereby dividing the sample time series data set into subsample time series data sets corresponding to the feature types.
可选地,也可以直接从大量的时序数据中,获取与特征类型对应的子样本时序数据集,即可以直接从大量的时序数据中,逐一的获取每一特征类型对应的子样本时序数据集。Optionally, subsample time series datasets corresponding to feature types can also be obtained directly from a large amount of time series data, that is, subsample time series datasets corresponding to each feature type can be obtained directly from a large amount of time series data one by one. .
S309,基于所述与特征类型对应的子样本时序数据集,对预设机器学习模型进行机器学习训练,至满足预设条件,得到与特征类型对应的异常检测模型。S309, based on the sub-sample time series data set corresponding to the feature type, perform machine learning training on a preset machine learning model until a preset condition is satisfied, and obtain an anomaly detection model corresponding to the feature type.
本说明书实施例中,特征类型可以包括如表1所示的5种特征类型,由于异常检测模型包括非深度学习模型和深度学习模型两种,而平稳类型不需要深度学习模型,因此5种特征类型可以对应9个异常检测模型。可以基于特征类型对应的子样本时序数据集,分别对对预设机器学习模型进行机器学习训练,至满足预设条件,得到与特征类型对应的异常检测模型。该预设条件可以是预设迭代次数或预设误差阈值等。In the embodiment of this specification, the feature types may include five feature types as shown in Table 1. Since the anomaly detection model includes two types of non-deep learning models and deep learning models, and the stationary type does not require a deep learning model, the five types of features Type can correspond to 9 anomaly detection models. Based on the sub-sample time series data set corresponding to the feature type, machine learning training can be performed on the preset machine learning model respectively, until the preset conditions are met, and an anomaly detection model corresponding to the feature type is obtained. The preset condition may be a preset number of iterations or a preset error threshold or the like.
可选地,对于决策树模型,S309可以包括:Optionally, for the decision tree model, S309 may include:
从子样本时序数据集中的子样本时序数据中提取样本检测特征信息。这里可以基于特征工程,从子样本时序数据集中的子样本时序数据中提取样本检测特征信息。样本检测特征信息可以是用于异常检测分类的特征信息。作为一个示例,样本检测特征信息可以包括子样本时序数据中的最小值、最大值等,本申请对此不作限定。The sample detection feature information is extracted from the subsample time series data in the subsample time series dataset. Here, sample detection feature information can be extracted from the subsample time series data in the subsample time series data set based on feature engineering. The sample detection feature information may be feature information for anomaly detection and classification. As an example, the sample detection feature information may include a minimum value, a maximum value, etc. in the subsample time series data, which is not limited in this application.
基于特征类型对应的子样本时序数据集的样本检测特征信息,对预设决策树模型进行机器学习训练,至满足预设条件,得到与特征类型对应的异常检测模型。作为一个示例,预设决策树模型可以包括GBDT模型或者xgboost模型。本申请对此不作限定。Based on the sample detection feature information of the sub-sample time series data set corresponding to the feature type, machine learning training is performed on the preset decision tree model until the preset conditions are met, and an anomaly detection model corresponding to the feature type is obtained. As an example, the preset decision tree model may include a GBDT model or an xgboost model. This application does not limit this.
图4示出根据本申请一实施例的异常检测方法的流程图。如图4所示,该方法可以包括:FIG. 4 shows a flowchart of an abnormality detection method according to an embodiment of the present application. As shown in Figure 4, the method may include:
S401,获取至少一个待检测时序数据。S401: Acquire at least one time series data to be detected.
本说明书实施例中,待检测时序数据可以是指需要进行异常检测的时序数据。例如,可以获取监控设备上报的当前数据点,将当前数据点结合选择的历史数据点作为待检测时序数据。基于这种方式,可以获取至少一个待检测时序数据。In the embodiment of the present specification, the time series data to be detected may refer to the time series data that needs to be detected abnormally. For example, the current data point reported by the monitoring device may be acquired, and the current data point combined with the selected historical data point may be used as the time series data to be detected. Based on this method, at least one time series data to be detected can be acquired.
S403,从所述至少一个待检测时序数据中提取基础特征信息;S403, extract basic feature information from the at least one time series data to be detected;
S405,确定与所述基础特征信息对应的异常检测模型。S405: Determine an anomaly detection model corresponding to the basic feature information.
上述步骤S403、S405的实现方式可以参见步骤S303、S305,在此不再赘述。For the implementation manner of the above steps S403 and S405, reference may be made to steps S303 and S305, and details are not repeated here.
S407,将所述至少一个待检测时序数据输入对应的异常检测模型中,进行异常检测处理,得到所述至少一个待检测时序数据对应的异常检测结果。S407: Input the at least one time series data to be detected into a corresponding abnormality detection model, perform abnormality detection processing, and obtain an abnormality detection result corresponding to the at least one time series data to be detected.
本说明书实施例中,是通过待检测数据的基础特征信息对应的异常检测模型对该待检测数据进行异常检测处理,从而可以得到待检测时序数据对应的异常检测结果,比如正常或异常。该异常检测模型可以包括上述表1中的异常检测模型。In the embodiment of this specification, anomaly detection processing is performed on the to-be-detected data through an anomaly detection model corresponding to the basic feature information of the to-be-detected data, so that anomaly detection results corresponding to the to-be-detected time series data, such as normal or abnormal, can be obtained. The anomaly detection model may include the anomaly detection models in Table 1 above.
S409,获取异常检测结果为异常的待检测时序数据作为目标时序数据以及获取所述目标时序数据对应的业务类型。S409, acquiring the time series data to be detected whose abnormality detection result is abnormal as the target time series data, and acquiring the service type corresponding to the target time series data.
本说明书实施例中,经过异常检测模型的筛选,可以筛选出异常检测结果为异常的待检测时序数据,并可以将该筛选出的异常检测结果为异常的待检测时序数据作为目标时序数据。In the embodiment of the present specification, through the screening of the abnormality detection model, the time series data to be detected whose abnormality detection result is abnormal can be screened, and the filtered time series data to be detected whose abnormality detection result is abnormal can be used as the target time series data.
可选地,由于异常检测模型的异常检测仅针对待检测时序数据本身,即异常检测模型对待检测时序数据的异常检测是从业务场景中抽离的,待检测时序数据本身的异常检测和待检测数据在业务场景中的异常检测是分离的。这样提高了异常检测模型的泛化能力,但待检测时序数据是否异常还与业务类型有关。例如:对于成功率指标的待检测数据,业务场景中的异常可以是指检测数据点为趋势下降。对于失败率指标的待检测数据,业务场景中的异常可以是指检测数据点为趋势上升。因此选择获取目标时序数据对应的业务类型,从而能够基于业务类型对异常检测结果进行再次验证(检测),以保证异常检测的准确性。Optionally, since the anomaly detection of the anomaly detection model is only for the time series data to be detected itself, that is, the anomaly detection of the time series data to be detected by the anomaly detection model is extracted from the business scenario, and the anomaly detection of the time series data to be detected itself is the same as the one to be detected. Anomaly detection of data in business scenarios is separated. This improves the generalization ability of the anomaly detection model, but whether the time series data to be detected is abnormal is also related to the business type. For example, for the data to be detected of the success rate indicator, the abnormality in the business scenario may mean that the detected data points are trending down. For the data to be detected of the failure rate indicator, the abnormality in the business scenario may mean that the detected data points are trending upward. Therefore, the service type corresponding to the acquired target time series data is selected, so that the abnormality detection result can be verified (detected) again based on the service type, so as to ensure the accuracy of the abnormality detection.
S411,基于所述目标时序数据对应的业务类型,对所述目标时序数据进行验证,确定所述目标时序数据对应的目标异常检测结果。S411 , based on the service type corresponding to the target time series data, verify the target time series data, and determine a target abnormality detection result corresponding to the target time series data.
本说明书实施例中,业务类型可以是指时序数据的指标类型。In the embodiment of this specification, the service type may refer to an indicator type of time series data.
在一个示例中,可以设置业务类型对应的异常阈值,比如,接口成功率的异常阈值为30%,若低于该30%,认为异常。若目标时序数据的业务类型为接口成功率业务类型,可以获取目标时序数据中检测数据点的值是否低于该接口成功率的异常阈值,若是,可以确定目标时序数据对应的目标异常检测结果为异常;若否,可以确定目标时序数据对应的目标异常检测结果为正常。其中,本申请对每一业务类型对应的异常阈值不作限定,可以根据实际需求设置。In an example, an abnormal threshold corresponding to the service type may be set. For example, the abnormal threshold of the interface success rate is 30%. If it is lower than the 30%, it is considered abnormal. If the service type of the target time series data is the interface success rate service type, you can obtain whether the value of the detected data point in the target time series data is lower than the abnormal threshold of the interface success rate. If so, it can be determined that the target abnormality detection result corresponding to the target time series data is Abnormal; if not, it can be determined that the target abnormality detection result corresponding to the target time series data is normal. Wherein, this application does not limit the abnormality threshold corresponding to each service type, which can be set according to actual needs.
通过从待检测时序数据中提取基础特征信息、将待检测时序数据输入对应的异常检测模型中,进行异常检测处理,以及基于目标时序数据对应的业务类型,对目标时序数据进行验证,确定目标时序数据对应的目标异常检测结果。使得本申请的异常检测处理,不需要人为的设定和维护检测阈值,人力成本低;也不需要技术大量的特征,只需要提取基础特征信息,避免了大量特征工程的工作,异常检测处理更加扁平化,耗时低,可以达到毫秒级;并且,本申请的异常检测模型从业务类型中抽离出来,使得异常检测模型泛化能力强,可以只对时序数据的本身形态进行检测,通用性更高,更易进行异常检测模型的拓展。另外,通过将待检测时序数据输入对应的异常检测模型,进行异常检测处理,可以实现异常检测的并行处理,进一步地提高了异常检测的高效性,并且实现了异常检测的精细化。By extracting basic feature information from the time series data to be detected, inputting the time series data to be detected into the corresponding anomaly detection model, performing abnormal detection processing, and verifying the target time series data based on the business type corresponding to the target time series data, and determining the target time series The target anomaly detection result corresponding to the data. The abnormality detection processing of the present application does not require manual setting and maintenance of detection thresholds, and the labor cost is low; it does not require a large number of technical features, and only needs to extract basic feature information, avoiding a large number of feature engineering work, and abnormality detection processing is more efficient. Flat, low time consumption, can reach millisecond level; and, the anomaly detection model of this application is extracted from the business type, so that the anomaly detection model has strong generalization ability, and can only detect the form of time series data itself, universal Higher, it is easier to expand the anomaly detection model. In addition, by inputting the time series data to be detected into a corresponding anomaly detection model and performing anomaly detection processing, parallel processing of anomaly detection can be realized, which further improves the efficiency of anomaly detection and realizes refinement of anomaly detection.
图5示出根据本申请一实施例的所述基于所述目标时序数据对应的业务类型,对所述目标时序数据进行验证,确定所述目标时序数据对应的目标异常检测结果的方法流程图。如图5所示,可以包括:5 shows a flowchart of the method for verifying the target time series data based on the service type corresponding to the target time series data, and determining the target abnormality detection result corresponding to the target time series data according to an embodiment of the present application. As shown in Figure 5, it can include:
S501,获取所述目标时序数据的基础特征信息以及所述目标时序数据对应的业务类型的预设异常信息。S501. Acquire basic feature information of the target time series data and preset exception information of a service type corresponding to the target time series data.
本说明书实施例中,该S501中“获取所述目标时序数据的基础特征信息”的具体实现方式可以参见S303,在此不再赘述。或者可以从S403中获取,S403中已经提取了至少一个待检测时序数据的基础特征信息,可以确定目标时序数据对应的待检测时序数据,从而可以获取目标时序数据的基础特征信息。In the embodiment of this specification, for a specific implementation manner of "obtaining the basic feature information of the target time series data" in S501, reference may be made to S303, which will not be repeated here. Alternatively, it can be obtained from S403, in which at least one basic feature information of the time series data to be detected has been extracted, and the time series data to be detected corresponding to the target time series data can be determined, so that the basic feature information of the target time series data can be obtained.
本说明书实施例中,预设异常信息可以与业务类型对应的、能够表征时序数据是否异常的指标信息。比如,预设异常信息可以包括异常阈值、异常趋势信息等。本申请对此不作限定,可以根据实际需要或业务经验进行设置。可以基于目标时序数据对应的业务类型以及业务类型对应的预设异常信息,获取对应的预设异常信息。In the embodiment of the present specification, the preset abnormality information may correspond to the indicator information corresponding to the service type and can represent whether the time series data is abnormal. For example, the preset abnormality information may include abnormality threshold, abnormality trend information, and the like. This application does not limit this, and can be set according to actual needs or business experience. The corresponding preset exception information may be acquired based on the service type corresponding to the target time series data and the preset exception information corresponding to the service type.
S503,根据所述目标时序数据的基础特征信息和所述目标时序数据对应的业务类型的预设异常信息,确定所述目标时序数据对应的目标异常检测结果。S503: Determine a target abnormality detection result corresponding to the target time series data according to the basic feature information of the target time series data and the preset abnormality information of the service type corresponding to the target time series data.
在一个示例中,比如是成功率业务类型,该成功率业务类型对应的预设异常信息可以是趋势下降。从而可以验证目标时序数据的基础特征信息中的趋势信息是否为趋势下降,如果是趋势下降,可以确定目标时序数据对应的目标异常检测结果为异常;如果是趋势上升,可以确定目标时序数据对应的目标异常检测结果为正常。从而可以基于业务类型来对异常检测结果进行进一步验证。In an example, for example, it is a service type with a success rate, and the preset abnormal information corresponding to the service type with a success rate may be a decreasing trend. In this way, it can be verified whether the trend information in the basic feature information of the target time series data is a downward trend. If the trend is downward, it can be determined that the target abnormality detection result corresponding to the target time series data is abnormal; if the trend is upward, it can be determined that the target time series data corresponds to The target anomaly detection result is normal. Thereby, the abnormality detection result can be further verified based on the service type.
本说明书实施例中,在得到目标异常检测结果为异常时,可以触发异常告警。在一种可能的实现方式中,可以参见图6,图6示出根据本申请一实施例的异常检测方法的流程图。该方法还可以包括:In the embodiment of this specification, when the target abnormality detection result is abnormal, an abnormality alarm may be triggered. In a possible implementation manner, reference may be made to FIG. 6 , which shows a flowchart of an abnormality detection method according to an embodiment of the present application. The method may also include:
S601,从所述目标时序数据中,获取目标异常检测结果为异常的目标时序数据作为异常时序数据以及获取所述异常时序数据对应的基础特征信息。该步骤可以参见S409以及S403,在此不再赘述。S601. From the target time series data, acquire target time series data whose target abnormality detection result is abnormal as abnormal time series data, and acquire basic feature information corresponding to the abnormal time series data. For this step, reference may be made to S409 and S403, and details are not repeated here.
S603,生成所述异常时序数据对应的告警信息以及所述异常时序数据对应的时间序列图。S603. Generate alarm information corresponding to the abnormal time series data and a time series diagram corresponding to the abnormal time series data.
本说明书实施例中,告警信息可以包括检测数据点对应的检测时间点(即发生异常的时间点)。可以基于异常时序数据,生成对应的时间序列图,如图7a和7b所示,以图的形式直观的呈现异常时序数据。In the embodiment of this specification, the alarm information may include a detection time point corresponding to the detection data point (ie, a time point when an abnormality occurs). A corresponding time series graph can be generated based on the abnormal time series data, as shown in Figures 7a and 7b, and the abnormal time series data can be visually presented in the form of a graph.
S605,发送所述告警信息、所述异常时序数据对应的时间序列图以及所述异常时序数据的基础特征信息至终端。S605: Send the alarm information, the time sequence diagram corresponding to the abnormal time sequence data, and the basic feature information of the abnormal time sequence data to the terminal.
本说明书实施例中,可以发送告警信息、异常时序数据对应的时间序列图以及异常时序数据的基础特征信息至终端,以使终端可以显示这些信息,从而可以展示给用户,使得用户不仅可以直观的获知异常时序数据,还可以通过基础特征信息,很好的辅助用户了解异常的原因。提升了异常检测的可解释性。In the embodiment of this specification, the alarm information, the time sequence diagram corresponding to the abnormal time sequence data, and the basic feature information of the abnormal time sequence data can be sent to the terminal, so that the terminal can display these information, so that it can be displayed to the user, so that the user can not only intuitively Knowing abnormal time series data can also help users understand the cause of abnormality through basic feature information. Improved interpretability of anomaly detection.
本说明书实施例中,在上述将异常时序数据展现给用户时,用户可以进行反馈操作,如图7b所示的ping不可达事件的时序数据的异常检测中,在发送告警信息、异常时序数据对应的时间序列图以及异常时序数据对应的基础特征信息至终端时,还可以发送用于反馈的操作信息,比如可以包括标注为异常、标注为正常、更多反馈等操作信息,以使用户可以进行相应的反馈操作,从而可以基于反馈操作进行异常检测的优化和提升。基于此,可以增加反馈机制,在一种可能的实现方式中,如图8所示,图8示出根据本申请一实施例的异常检测方法的流程图。异常检测方法还可以包括:In the embodiment of this specification, when the abnormal time series data is displayed to the user, the user can perform a feedback operation. In the abnormal detection of the time series data of the ping unreachable event as shown in FIG. When the time series diagram and the basic feature information corresponding to the abnormal time series data are sent to the terminal, operation information for feedback can also be sent, such as operation information marked as abnormal, marked as normal, more feedback, etc., so that the user can Corresponding feedback operation, so that the optimization and improvement of anomaly detection can be carried out based on the feedback operation. Based on this, a feedback mechanism can be added. In a possible implementation manner, as shown in FIG. 8 , FIG. 8 shows a flowchart of an abnormality detection method according to an embodiment of the present application. Anomaly detection methods can also include:
S801,获取对所述异常时序数据的反馈信息。S801. Obtain feedback information on the abnormal time series data.
本说明书实施例中,如图7b所示,如果用户进行了反馈操作,可以获取对异常时序数据的反馈信息。该反馈信息中可以包括异常时序数据的标识、异常信息或正常信息等。In the embodiment of the present specification, as shown in FIG. 7b, if the user performs a feedback operation, the feedback information on the abnormal time series data can be obtained. The feedback information may include an identifier of abnormal time series data, abnormal information or normal information, and the like.
S803,根据所述反馈信息,将所述异常时序数据添加到样本时序数据集。S803, according to the feedback information, add the abnormal time series data to the sample time series data set.
本说明书实施例中,可以将反馈信息中包括异常信息对应的异常时序数据添加到样本时序数据集,即将用户反馈确认的异常时序数据添加到样本时序数据集,以丰富样本时序数据集,用于后续异常检测模型的优化,并且可以节省对样本时序数据的标注过程,就能够获取更多的样本时序数据。从而可以形成本说明书实施例的异常检测技术架构,如图9所示,可以包括样本时序数据集、待检测时序数据的获取、异常检测模型的选择、基于业务类型的验证、告警触发和用户反馈。In the embodiment of this specification, the abnormal time series data corresponding to the abnormal information included in the feedback information can be added to the sample time series data set, that is, the abnormal time series data confirmed by the user feedback can be added to the sample time series data set, so as to enrich the sample time series data set and be used for Subsequent optimization of the anomaly detection model can save the labeling process of sample time series data, and more sample time series data can be obtained. Thus, the anomaly detection technology framework of the embodiment of this specification can be formed, as shown in FIG. 9 , which can include sample time series data sets, acquisition of time series data to be detected, selection of anomaly detection models, verification based on service types, alarm triggering, and user feedback .
可选地,在获取异常数据的反馈信息时,还可以获取该异常时序数据对应的目标特征类型;根据所述反馈信息,将所述异常时序数据添加到所述目标特征类型对应的样本时序数据集。也就是说,可以直接将异常时序数据添加到对应的子样本时序数据集。Optionally, when the feedback information of the abnormal data is obtained, the target feature type corresponding to the abnormal time series data can also be obtained; according to the feedback information, the abnormal time series data is added to the sample time series data corresponding to the target feature type. set. That is, abnormal time series data can be directly added to the corresponding subsample time series dataset.
在一种可能的实现方式中,所述确定与所述基础特征信息对应的异常检测模型,可以包括:In a possible implementation manner, the determining an anomaly detection model corresponding to the basic feature information may include:
确定所述基础特征信息对应的特征类型;determining the feature type corresponding to the basic feature information;
若所述特征类型为平稳型,确定与所述基础特征信息对应的异常检测模型为西格玛模型;If the feature type is stationary, determine that the anomaly detection model corresponding to the basic feature information is a sigma model;
若特征类型为第一非平稳类型,确定与所述基础特征信息对应的异常检测模型为决策树模型;If the feature type is the first non-stationary type, determine that the anomaly detection model corresponding to the basic feature information is a decision tree model;
若特征类型为第二非平稳类型,确定与所述基础特征信息对应的异常检测模型为移动平均类算法模型;If the feature type is the second non-stationary type, determine that the anomaly detection model corresponding to the basic feature information is a moving average algorithm model;
若特征类型为第三非平稳类型,确定与所述基础特征信息对应的异常检测模型为多项式拟合算法模型和变点检测算法模型。If the feature type is the third non-stationary type, it is determined that the abnormality detection model corresponding to the basic feature information is a polynomial fitting algorithm model and a change point detection algorithm model.
本说明书实施例中,可以基于表1中特征类型与异常检测模型的对应关系确定对应的异常检测模型。In the embodiment of the present specification, the corresponding abnormality detection model may be determined based on the corresponding relationship between the feature type and the abnormality detection model in Table 1.
在一种可能的实现方式中,图10示出根据本申请一实施例的异常检测方法的流程图。如图10所示,所述异常检测模型为决策树模型时,在将所述至少一个待检测时序数据输入对应的异常检测模型中,进行异常检测处理,得到所述至少一个待检测时序数据对应的异常检测结果之前,所述方法还可以包括:In a possible implementation manner, FIG. 10 shows a flowchart of an abnormality detection method according to an embodiment of the present application. As shown in FIG. 10 , when the abnormality detection model is a decision tree model, the at least one time series data to be detected is input into the corresponding abnormality detection model, and abnormality detection processing is performed to obtain the at least one time series data to be detected corresponding to Before the anomaly detection result, the method may further include:
S1001,从所述至少一个待检测时序数据中提取目标检测特征信息;S1001, extracting target detection feature information from the at least one time series data to be detected;
S1003,所述将所述至少一个待检测时序数据输入对应的异常检测模型中,进行异常检测处理,得到所述至少一个待检测时序数据对应的异常检测结果,包括:将所述目标检测特征信息输入决策树模型,进行异常检测处理,得到所述至少一个待检测时序数据对应的异常检测结果。S1003, inputting the at least one time series data to be detected into a corresponding abnormality detection model, performing abnormality detection processing, and obtaining an abnormality detection result corresponding to the at least one time series data to be detected, including: adding the target detection feature information The decision tree model is input, and anomaly detection processing is performed to obtain an anomaly detection result corresponding to the at least one time series data to be detected.
该步骤S1001和S1003的实现方式可以参见S309中决策树模型的相应部分,在此不再赘述。For the implementation of the steps S1001 and S1003, reference may be made to the corresponding part of the decision tree model in S309, which will not be repeated here.
在一种可能的实现方式中,所述从所述至少一个待检测时序数据中提取基础特征信息,可以包括:In a possible implementation manner, the extracting basic feature information from the at least one time series data to be detected may include:
将所述至少一个待检测时序数据输入基础特征提取模型中进行基础特征提取处理,获取所述至少一个待检测时序数据的基础特征信息;Inputting the at least one time series data to be detected into a basic feature extraction model to perform basic feature extraction processing, and acquiring basic feature information of the at least one time series data to be detected;
或者,or,
对所述至少一个待检测时序数据进行统计处理或拟合处理,提取出所述至少一个待检测时序数据的基础特征信息。Statistical processing or fitting processing is performed on the at least one time series data to be detected, and basic feature information of the at least one time series data to be detected is extracted.
这里的实现方式具体可以参见步骤S303,在此不再赘述。For details of the implementation here, refer to step S303, which is not repeated here.
图11示出根据本申请一实施例的异常检测装置的框图。如图11所示,该装置可以包括:FIG. 11 shows a block diagram of an abnormality detection apparatus according to an embodiment of the present application. As shown in Figure 11, the apparatus may include:
待检测时序数据获取模块1101,用于获取至少一个待检测时序数据;A to-be-detected sequence
基础特征信息提取模块1103,用于从所述至少一个待检测时序数据中提取基础特征信息;A basic feature
异常检测模型确定模块1105,用于确定与所述基础特征信息对应的异常检测模型;an anomaly detection
异常检测结果获取模块1107,用于将所述至少一个待检测时序数据输入对应的异常检测模型中,进行异常检测处理,得到所述至少一个待检测时序数据对应的异常检测结果;An abnormality detection
目标时序数据和业务类型获取模块1109,用于获取异常检测结果为异常的待检测时序数据作为目标时序数据以及获取所述目标时序数据对应的业务类型;The target time series data and service
目标异常检测结果确定模块1111,用于基于所述目标时序数据对应的业务类型,对所述目标时序数据进行验证,确定所述目标时序数据对应的目标异常检测结果。The target abnormality detection
通过从待检测时序数据中提取基础特征信息、将待检测时序数据输入对应的异常检测模型中,进行异常检测处理,以及基于目标时序数据对应的业务类型,对目标时序数据进行验证,确定目标时序数据对应的目标异常检测结果。使得本申请的异常检测处理,不需要人为的设定和维护检测阈值,人力成本低;也不需要技术大量的特征,只需要提取基础特征信息,避免了大量特征工程的工作,异常检测处理更加扁平化,耗时低,可以达到毫秒级;并且,本申请的异常检测模型从业务类型中抽离出来,使得异常检测模型泛化能力强,可以只对时序数据的本身形态进行检测,通用性更高,更易进行异常检测模型的拓展。另外,通过将待检测时序数据输入对应的异常检测模型,进行异常检测处理,可以实现异常检测的并行处理,进一步地提高了异常检测的高效性,并且实现了异常检测的精细化。By extracting basic feature information from the time series data to be detected, inputting the time series data to be detected into the corresponding anomaly detection model, performing abnormal detection processing, and verifying the target time series data based on the business type corresponding to the target time series data, and determining the target time series The target anomaly detection result corresponding to the data. The abnormality detection processing of the present application does not require manual setting and maintenance of detection thresholds, and the labor cost is low; it does not require a large number of technical features, and only needs to extract basic feature information, avoiding a large number of feature engineering work, and abnormality detection processing is more efficient. Flat, low time consumption, can reach millisecond level; and, the anomaly detection model of this application is extracted from the business type, so that the anomaly detection model has strong generalization ability, and can only detect the form of time series data itself, universal Higher, it is easier to expand the anomaly detection model. In addition, by inputting the time series data to be detected into a corresponding anomaly detection model and performing anomaly detection processing, parallel processing of anomaly detection can be realized, which further improves the efficiency of anomaly detection and realizes refinement of anomaly detection.
在一种可能的实现方式中,目标异常检测结果确定模块1111可以包括:In a possible implementation manner, the target abnormality detection
基础特征信息和预设异常信息获取单元,用于获取所述目标时序数据的基础特征信息以及所述目标时序数据对应的业务类型的预设异常信息;a basic feature information and preset abnormal information acquisition unit, configured to acquire the basic feature information of the target time series data and the preset abnormal information of the service type corresponding to the target time series data;
目标异常检测结果确定单元,用于根据所述目标时序数据的基础特征信息和所述目标时序数据对应的预设异常信息,确定所述目标时序数据对应的目标异常检测结果。The target abnormality detection result determination unit is configured to determine the target abnormality detection result corresponding to the target time series data according to the basic feature information of the target time series data and the preset abnormality information corresponding to the target time series data.
在一种可能的实现方式中,该装置还可以包括:In a possible implementation, the apparatus may further include:
异常时序数据的基础特征信息获取模块,用于从所述目标时序数据中,获取目标异常检测结果为异常的目标时序数据作为异常时序数据以及获取所述异常时序数据的基础特征信息;A basic feature information acquisition module for abnormal time series data, configured to obtain, from the target time series data, the target time series data whose target abnormality detection result is abnormal as abnormal time series data and to obtain basic feature information of the abnormal time series data;
时间序列图生成模块,用于生成所述异常时序数据对应的告警信息以及所述异常时序数据对应的时间序列图;a time series diagram generation module, configured to generate alarm information corresponding to the abnormal time series data and a time series diagram corresponding to the abnormal time series data;
告警发送模块,用于发送所述告警信息、所述异常时序数据对应的时间序列图以及所述异常时序数据的基础特征信息至终端。An alarm sending module is configured to send the alarm information, the time sequence diagram corresponding to the abnormal time sequence data, and the basic feature information of the abnormal time sequence data to the terminal.
在一种可能的实现方式中,异常检测模型确定模块1105可以包括:In a possible implementation, the anomaly detection
特征类型确定单元,用于确定所述基础特征信息对应的特征类型;a feature type determination unit, configured to determine the feature type corresponding to the basic feature information;
异常检测模型确定单元,用于若所述特征类型为平稳型,确定与所述基础特征信息对应的异常检测模型为西格玛模型;若特征类型为第一非平稳类型,确定与所述基础特征信息对应的异常检测模型为决策树模型;若特征类型为第二非平稳类型,确定与所述基础特征信息对应的异常检测模型为移动平均类算法模型;若特征类型为第三非平稳类型,确定与所述基础特征信息对应的异常检测模型为多项式拟合算法模型和变点检测算法模型。An anomaly detection model determining unit, configured to determine that the anomaly detection model corresponding to the basic feature information is a sigma model if the feature type is a stationary type; if the feature type is the first non-stationary type, determine that the basic feature information The corresponding anomaly detection model is a decision tree model; if the feature type is the second non-stationary type, determine that the anomaly detection model corresponding to the basic feature information is a moving average algorithm model; if the feature type is the third non-stationary type, determine The anomaly detection models corresponding to the basic feature information are a polynomial fitting algorithm model and a change point detection algorithm model.
在一种可能的实现方式中,所述异常检测模型为决策树模型时;所述装置还可以包括:In a possible implementation, when the anomaly detection model is a decision tree model; the device may further include:
目标检测特征信息提取模块,用于从所述至少一个待检测时序数据中提取目标检测特征信息;a target detection feature information extraction module, configured to extract target detection feature information from the at least one time series data to be detected;
异常检测结果获取模块1107还可以用于将所述目标检测特征信息输入决策树模型,进行异常检测处理,得到所述至少一个待检测时序数据对应的异常检测结果。The abnormality detection
在一种可能的实现方式中,基础特征信息提取模块1103可以包括:In a possible implementation manner, the basic feature
基础特征信息提取单元,用于将所述至少一个待检测时序数据输入基础特征提取模型中进行基础特征提取处理,获取所述至少一个待检测时序数据的基础特征信息;或者,a basic feature information extraction unit, configured to input the at least one time series data to be detected into a basic feature extraction model to perform basic feature extraction processing, and obtain basic feature information of the at least one time series data to be detected; or,
对所述至少一个待检测时序数据进行统计处理或拟合处理,提取出所述至少一个待检测时序数据的基础特征信息。Statistical processing or fitting processing is performed on the at least one time series data to be detected, and basic feature information of the at least one time series data to be detected is extracted.
在一种可能的实现方式中,该装置还可以包括:In a possible implementation, the apparatus may further include:
样本时序数据集获取模块,用于获取样本时序数据集,所述样本时序数据集包括样本时序数据和对应的标签;a sample time series data set acquisition module, configured to obtain a sample time series data set, the sample time series data set includes sample time series data and corresponding labels;
样本基础特征信息提取模块,用于从每一样本时序数据中提取样本基础特征信息;The sample basic feature information extraction module is used to extract sample basic feature information from each sample time series data;
特征类型确定模块,用于确定所述样本基础特征信息对应的特征类型;a feature type determination module, used to determine the feature type corresponding to the basic feature information of the sample;
子样本时序数据集划分模块,用于基于每一样本时序数据对应的特征类型,将所述样本时序数据集划分为与特征类型对应的子样本时序数据集;a subsample time series data set division module, configured to divide the sample time series data set into subsample time series data sets corresponding to the feature types based on the feature type corresponding to each sample time series data;
异常检测模型获取模块,用于基于所述与特征类型对应的子样本时序数据集,对预设机器学习模型进行机器学习训练,至满足预设条件,得到与特征类型对应的异常检测模型。The anomaly detection model acquisition module is configured to perform machine learning training on the preset machine learning model based on the sub-sample time series data set corresponding to the feature type, until the preset conditions are met, and an anomaly detection model corresponding to the feature type is obtained.
在一种可能的实现方式中,该装置还可以包括:In a possible implementation, the apparatus may further include:
反馈信息获取模块,用于获取对所述异常时序数据的反馈信息;a feedback information acquisition module, used for acquiring feedback information on the abnormal time series data;
样本时序数据集更新模块,用于根据所述反馈信息,将所述异常时序数据添加到样本时序数据集。A sample time series data set update module, configured to add the abnormal time series data to the sample time series data set according to the feedback information.
关于上述实施例中的装置,其中各个模块和单元执行操作的具体方式已经在有关该方法的实施例中进行了详细描述,此处将不做详细阐述说明。Regarding the apparatus in the above-mentioned embodiment, the specific manner in which each module and unit performs operations has been described in detail in the embodiment of the method, and will not be described in detail here.
另一方面,本申请提供了一种计算机程序产品或计算机程序,该计算机程序产品或计算机程序包括计算机指令,该计算机指令存储在计算机可读存储介质中。计算机设备的处理器从计算机可读存储介质读取该计算机指令,处理器执行该计算机指令,使得该计算机设备执行上述的各种可选实现方式中提供的异常检测方法。In another aspect, the present application provides a computer program product or computer program comprising computer instructions stored in a computer-readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device executes the abnormality detection methods provided in the various optional implementations described above.
图12是根据一示例性实施例示出的一种用于异常检测装置1200的框图。例如,装置1200可以被提供为一服务器。参照图12,装置1200包括处理组件1222,其进一步包括一个或多个处理器,以及由存储器1232所代表的存储器资源,用于存储可由处理组件1222的执行的指令,例如应用程序。存储器1232中存储的应用程序可以包括一个或一个以上的每一个对应于一组指令的模块。此外,处理组件1222被配置为执行指令,以执行上述方法。FIG. 12 is a block diagram of an
装置1200还可以包括一个电源组件1226被配置为执行装置1200的电源管理,一个有线或无线网络接口1250被配置为将装置1200连接到网络,和一个输入输出(I/O)接口1258。装置1200可以操作基于存储在存储器1232的操作系统,例如Windows ServerTM,MacOS XTM,UnixTM,LinuxTM,FreeBSDTM或类似。The
在示例性实施例中,还提供了一种非易失性计算机可读存储介质,例如包括计算机程序指令的存储器1232,上述计算机程序指令可由装置1200的处理组件1222执行以完成上述方法。In an exemplary embodiment, a non-volatile computer-readable storage medium, such as
本申请可以是系统、方法和/或计算机程序产品。计算机程序产品可以包括计算机可读存储介质,其上载有用于使处理器实现本申请的各个方面的计算机可读程序指令。The present application may be a system, method and/or computer program product. The computer program product may include a computer-readable storage medium having computer-readable program instructions loaded thereon for causing a processor to implement various aspects of the present application.
计算机可读存储介质可以是可以保持和存储由指令执行设备使用的指令的有形设备。计算机可读存储介质例如可以是――但不限于――电存储设备、磁存储设备、光存储设备、电磁存储设备、半导体存储设备或者上述的任意合适的组合。计算机可读存储介质的更具体的例子(非穷举的列表)包括:便携式计算机盘、硬盘、随机存取存储器(RAM)、只读存储器(ROM)、可擦式可编程只读存储器(EPROM或闪存)、静态随机存取存储器(SRAM)、便携式压缩盘只读存储器(CD-ROM)、数字多功能盘(DVD)、记忆棒、软盘、机械编码设备、例如其上存储有指令的打孔卡或凹槽内凸起结构、以及上述的任意合适的组合。这里所使用的计算机可读存储介质不被解释为瞬时信号本身,诸如无线电波或者其他自由传播的电磁波、通过波导或其他传输媒介传播的电磁波(例如,通过光纤电缆的光脉冲)、或者通过电线传输的电信号。A computer-readable storage medium may be a tangible device that can hold and store instructions for use by the instruction execution device. The computer-readable storage medium may be, for example, but not limited to, an electrical storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. More specific examples (non-exhaustive list) of computer readable storage media include: portable computer disks, hard disks, random access memory (RAM), read only memory (ROM), erasable programmable read only memory (EPROM) or flash memory), static random access memory (SRAM), portable compact disk read only memory (CD-ROM), digital versatile disk (DVD), memory sticks, floppy disks, mechanically coded devices, such as printers with instructions stored thereon Hole cards or raised structures in grooves, and any suitable combination of the above. Computer-readable storage media, as used herein, are not to be construed as transient signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (eg, light pulses through fiber optic cables), or through electrical wires transmitted electrical signals.
这里所描述的计算机可读程序指令可以从计算机可读存储介质下载到各个计算/处理设备,或者通过网络、例如因特网、局域网、广域网和/或无线网下载到外部计算机或外部存储设备。网络可以包括铜传输电缆、光纤传输、无线传输、路由器、防火墙、交换机、网关计算机和/或边缘服务器。每个计算/处理设备中的网络适配卡或者网络接口从网络接收计算机可读程序指令,并转发该计算机可读程序指令,以供存储在各个计算/处理设备中的计算机可读存储介质中。The computer readable program instructions described herein may be downloaded to various computing/processing devices from a computer readable storage medium, or to an external computer or external storage device over a network such as the Internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, gateway computers, and/or edge servers. A network adapter card or network interface in each computing/processing device receives computer-readable program instructions from a network and forwards the computer-readable program instructions for storage in a computer-readable storage medium in each computing/processing device .
用于执行本申请操作的计算机程序指令可以是汇编指令、指令集架构(ISA)指令、机器指令、机器相关指令、微代码、固件指令、状态设置数据、或者以一种或多种编程语言的任意组合编写的源代码或目标代码,所述编程语言包括面向对象的编程语言—诸如Smalltalk、C++等,以及常规的过程式编程语言—诸如“C”语言或类似的编程语言。计算机可读程序指令可以完全地在用户计算机上执行、部分地在用户计算机上执行、作为一个独立的软件包执行、部分在用户计算机上部分在远程计算机上执行、或者完全在远程计算机或服务器上执行。在涉及远程计算机的情形中,远程计算机可以通过任意种类的网络—包括局域网(LAN)或广域网(WAN)—连接到用户计算机,或者,可以连接到外部计算机(例如利用因特网服务提供商来通过因特网连接)。在一些实施例中,通过利用计算机可读程序指令的状态信息来个性化定制电子电路,例如可编程逻辑电路、现场可编程门阵列(FPGA)或可编程逻辑阵列(PLA),该电子电路可以执行计算机可读程序指令,从而实现本申请的各个方面。Computer program instructions for carrying out the operations of the present application may be assembly instructions, instruction set architecture (ISA) instructions, machine instructions, machine-dependent instructions, microcode, firmware instructions, state setting data, or instructions in one or more programming languages. Source or object code, written in any combination, including object-oriented programming languages, such as Smalltalk, C++, etc., and conventional procedural programming languages, such as the "C" language or similar programming languages. The computer readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer, or entirely on the remote computer or server implement. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a local area network (LAN) or a wide area network (WAN), or may be connected to an external computer (eg, using an Internet service provider through the Internet connect). In some embodiments, custom electronic circuits, such as programmable logic circuits, field programmable gate arrays (FPGAs), or programmable logic arrays (PLAs), can be personalized by utilizing state information of computer readable program instructions. Computer readable program instructions are executed to implement various aspects of the present application.
这里参照根据本申请实施例的方法、装置(系统)和计算机程序产品的流程图和/或框图描述了本申请的各个方面。应当理解,流程图和/或框图的每个方框以及流程图和/或框图中各方框的组合,都可以由计算机可读程序指令实现。Aspects of the present application are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the present application. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer readable program instructions.
这些计算机可读程序指令可以提供给通用计算机、专用计算机或其它可编程数据处理装置的处理器,从而生产出一种机器,使得这些指令在通过计算机或其它可编程数据处理装置的处理器执行时,产生了实现流程图和/或框图中的一个或多个方框中规定的功能/动作的装置。也可以把这些计算机可读程序指令存储在计算机可读存储介质中,这些指令使得计算机、可编程数据处理装置和/或其他设备以特定方式工作,从而,存储有指令的计算机可读介质则包括一个制造品,其包括实现流程图和/或框图中的一个或多个方框中规定的功能/动作的各个方面的指令。These computer readable program instructions may be provided to a processor of a general purpose computer, special purpose computer or other programmable data processing apparatus to produce a machine that causes the instructions when executed by the processor of the computer or other programmable data processing apparatus , resulting in means for implementing the functions/acts specified in one or more blocks of the flowchart and/or block diagrams. These computer readable program instructions can also be stored in a computer readable storage medium, these instructions cause a computer, programmable data processing apparatus and/or other equipment to operate in a specific manner, so that the computer readable medium on which the instructions are stored includes An article of manufacture comprising instructions for implementing various aspects of the functions/acts specified in one or more blocks of the flowchart and/or block diagrams.
也可以把计算机可读程序指令加载到计算机、其它可编程数据处理装置、或其它设备上,使得在计算机、其它可编程数据处理装置或其它设备上执行一系列操作步骤,以产生计算机实现的过程,从而使得在计算机、其它可编程数据处理装置、或其它设备上执行的指令实现流程图和/或框图中的一个或多个方框中规定的功能/动作。Computer readable program instructions can also be loaded onto a computer, other programmable data processing apparatus, or other equipment to cause a series of operational steps to be performed on the computer, other programmable data processing apparatus, or other equipment to produce a computer-implemented process , thereby causing instructions executing on a computer, other programmable data processing apparatus, or other device to implement the functions/acts specified in one or more blocks of the flowcharts and/or block diagrams.
附图中的流程图和框图显示了根据本申请的多个实施例的系统、方法和计算机程序产品的可能实现的体系架构、功能和操作。在这点上,流程图或框图中的每个方框可以代表一个模块、程序段或指令的一部分,所述模块、程序段或指令的一部分包含一个或多个用于实现规定的逻辑功能的可执行指令。在有些作为替换的实现中,方框中所标注的功能也可以以不同于附图中所标注的顺序发生。例如,两个连续的方框实际上可以基本并行地执行,它们有时也可以按相反的顺序执行,这依所涉及的功能而定。也要注意的是,框图和/或流程图中的每个方框、以及框图和/或流程图中的方框的组合,可以用执行规定的功能或动作的专用的基于硬件的系统来实现,或者可以用专用硬件与计算机指令的组合来实现。The flowchart and block diagrams in the Figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more functions for implementing the specified logical function(s) executable instructions. In some alternative implementations, the functions noted in the blocks may occur out of the order noted in the figures. For example, two blocks in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It is also noted that each block of the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented in dedicated hardware-based systems that perform the specified functions or actions , or can be implemented in a combination of dedicated hardware and computer instructions.
以上已经描述了本申请的各实施例,上述说明是示例性的,并非穷尽性的,并且也不限于所披露的各实施例。在不偏离所说明的各实施例的范围和精神的情况下,对于本技术领域的普通技术人员来说许多修改和变更都是显而易见的。本文中所用术语的选择,旨在最好地解释各实施例的原理、实际应用或对市场中的技术的改进,或者使本技术领域的其它普通技术人员能理解本文披露的各实施例。Various embodiments of the present application have been described above, and the foregoing descriptions are exemplary, not exhaustive, and not limiting of the disclosed embodiments. Numerous modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein was chosen to best explain the principles of the various embodiments, the practical application or improvement over the technology in the marketplace, or to enable others of ordinary skill in the art to understand the various embodiments disclosed herein.
Claims (10)
Translated fromChinesePriority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010862378.8ACN112084056A (en) | 2020-08-25 | 2020-08-25 | Abnormality detection method, apparatus, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010862378.8ACN112084056A (en) | 2020-08-25 | 2020-08-25 | Abnormality detection method, apparatus, device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112084056Atrue CN112084056A (en) | 2020-12-15 |
Family
ID=73728600
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010862378.8APendingCN112084056A (en) | 2020-08-25 | 2020-08-25 | Abnormality detection method, apparatus, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112084056A (en) |
Cited By (32)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112712113A (en)* | 2020-12-29 | 2021-04-27 | 广州品唯软件有限公司 | Alarm method and device based on indexes and computer system |
| CN112783972A (en)* | 2020-12-31 | 2021-05-11 | 武汉工程大学 | Method and system for synchronizing image characteristic value data |
| CN112817955A (en)* | 2021-02-02 | 2021-05-18 | 中国人民解放军海军航空大学青岛校区 | Regression model-based data cleaning method |
| CN112860524A (en)* | 2021-03-31 | 2021-05-28 | 中国工商银行股份有限公司 | Abnormal behavior detection method, device and equipment |
| CN112905671A (en)* | 2021-03-24 | 2021-06-04 | 北京必示科技有限公司 | Time series exception handling method and device, electronic equipment and storage medium |
| CN112988443A (en)* | 2021-03-16 | 2021-06-18 | 上海哔哩哔哩科技有限公司 | Method and device for processing business exception |
| CN113064796A (en)* | 2021-04-13 | 2021-07-02 | 上海浦东发展银行股份有限公司 | Unsupervised index abnormality detection method |
| CN113094284A (en)* | 2021-04-30 | 2021-07-09 | 中国工商银行股份有限公司 | Application fault detection method and device |
| CN113127305A (en)* | 2021-04-22 | 2021-07-16 | 北京百度网讯科技有限公司 | Abnormality detection method and apparatus |
| CN113342610A (en)* | 2021-06-11 | 2021-09-03 | 北京奇艺世纪科技有限公司 | Time sequence data anomaly detection method and device, electronic equipment and storage medium |
| CN113434498A (en)* | 2021-05-14 | 2021-09-24 | 国网河北省电力有限公司衡水供电分公司 | Method and device for monitoring data abnormity of database of power system and electronic equipment |
| CN113536066A (en)* | 2021-07-16 | 2021-10-22 | 全球能源互联网研究院有限公司 | Data anomaly detection algorithm determination method and device and computer equipment |
| CN113568950A (en)* | 2021-07-29 | 2021-10-29 | 北京字节跳动网络技术有限公司 | Index detection method, device, equipment and medium |
| CN113595240A (en)* | 2021-06-21 | 2021-11-02 | 深圳供电局有限公司 | Power data detection method, device, equipment and storage medium |
| CN114048244A (en)* | 2021-11-03 | 2022-02-15 | 腾讯科技(深圳)有限公司 | Data processing method, data processing device, storage medium and electronic equipment |
| CN114169456A (en)* | 2021-12-13 | 2022-03-11 | 恒安嘉新(北京)科技股份公司 | Data processing method, device, equipment and medium based on 5G terminal security |
| CN114338284A (en)* | 2021-12-24 | 2022-04-12 | 深圳尊悦智能科技有限公司 | 5G intelligent gateway of Internet of things |
| CN114358540A (en)* | 2021-12-23 | 2022-04-15 | 京东科技信息技术有限公司 | Anomaly detection method, device, device and storage medium for index time series data |
| CN114385472A (en)* | 2022-01-19 | 2022-04-22 | 中国农业银行股份有限公司 | A kind of abnormal data detection method, device, equipment and storage medium |
| CN114416467A (en)* | 2021-12-22 | 2022-04-29 | 新华三大数据技术有限公司 | Anomaly detection method and device |
| CN114662977A (en)* | 2022-04-11 | 2022-06-24 | 树根互联股份有限公司 | Method and system for detecting abnormity of motion state of offshore drilling platform and electronic equipment |
| CN115080348A (en)* | 2022-06-24 | 2022-09-20 | 平安银行股份有限公司 | An intelligent alarm method and platform based on AI analysis |
| CN115766507A (en)* | 2022-11-16 | 2023-03-07 | 支付宝(杭州)信息技术有限公司 | Business anomaly detection method and device |
| CN115858633A (en)* | 2023-02-27 | 2023-03-28 | 广州汇通国信科技有限公司 | Time sequence data analysis method and device based on data lake |
| CN116010897A (en)* | 2023-02-07 | 2023-04-25 | 富途网络科技(深圳)有限公司 | Method and device for detecting data abnormality, electronic equipment and storage medium |
| CN116108086A (en)* | 2023-02-27 | 2023-05-12 | 广州汇通国信科技有限公司 | Time sequence data evaluation method and device, electronic equipment and storage medium |
| CN117216597A (en)* | 2023-09-12 | 2023-12-12 | 康键信息技术(深圳)有限公司 | Data anomaly detection method and device, storage medium and computer equipment |
| CN117520410A (en)* | 2023-11-03 | 2024-02-06 | 华青融天(北京)软件股份有限公司 | Service data processing method, device, electronic equipment and computer readable medium |
| CN117807545A (en)* | 2024-02-28 | 2024-04-02 | 广东优信无限网络股份有限公司 | Abnormality detection method and system based on data mining |
| CN118513269A (en)* | 2024-07-25 | 2024-08-20 | 威海三元塑胶科技有限公司 | Injection mold surface flatness measurement method and system |
| CN119720057A (en)* | 2025-02-27 | 2025-03-28 | 杭州网之易创新科技有限公司 | Abnormal discharge detection method, device, program product and electronic equipment |
| WO2025139239A1 (en)* | 2023-12-26 | 2025-07-03 | 中国电信股份有限公司 | Time series data anomaly detection method and apparatus, and non-volatile storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108804703A (en)* | 2018-06-19 | 2018-11-13 | 北京焦点新干线信息技术有限公司 | A kind of data exception detection method and device |
| CN109784042A (en)* | 2018-12-29 | 2019-05-21 | 北京奇安信科技有限公司 | The detection method of abnormal point, device, electronic equipment and storage medium in time series |
| CN110837874A (en)* | 2019-11-18 | 2020-02-25 | 上海新炬网络信息技术股份有限公司 | Service data abnormity detection method based on time series classification |
| CN111400126A (en)* | 2020-02-19 | 2020-07-10 | 中国平安人寿保险股份有限公司 | Network service abnormal data detection method, device, equipment and medium |
- 2020
- 2020-08-25CNCN202010862378.8Apatent/CN112084056A/enactivePending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108804703A (en)* | 2018-06-19 | 2018-11-13 | 北京焦点新干线信息技术有限公司 | A kind of data exception detection method and device |
| CN109784042A (en)* | 2018-12-29 | 2019-05-21 | 北京奇安信科技有限公司 | The detection method of abnormal point, device, electronic equipment and storage medium in time series |
| CN110837874A (en)* | 2019-11-18 | 2020-02-25 | 上海新炬网络信息技术股份有限公司 | Service data abnormity detection method based on time series classification |
| CN111400126A (en)* | 2020-02-19 | 2020-07-10 | 中国平安人寿保险股份有限公司 | Network service abnormal data detection method, device, equipment and medium |
Cited By (44)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112712113A (en)* | 2020-12-29 | 2021-04-27 | 广州品唯软件有限公司 | Alarm method and device based on indexes and computer system |
| CN112712113B (en)* | 2020-12-29 | 2024-04-09 | 广州品唯软件有限公司 | An indicator-based alarm method, device and computer system |
| CN112783972A (en)* | 2020-12-31 | 2021-05-11 | 武汉工程大学 | Method and system for synchronizing image characteristic value data |
| CN112817955A (en)* | 2021-02-02 | 2021-05-18 | 中国人民解放军海军航空大学青岛校区 | Regression model-based data cleaning method |
| CN112817955B (en)* | 2021-02-02 | 2022-07-01 | 中国人民解放军海军航空大学青岛校区 | Regression model-based data cleaning method |
| CN112988443A (en)* | 2021-03-16 | 2021-06-18 | 上海哔哩哔哩科技有限公司 | Method and device for processing business exception |
| CN112905671A (en)* | 2021-03-24 | 2021-06-04 | 北京必示科技有限公司 | Time series exception handling method and device, electronic equipment and storage medium |
| CN112860524B (en)* | 2021-03-31 | 2024-12-03 | 中国工商银行股份有限公司 | Abnormal behavior detection method, device and equipment |
| CN112860524A (en)* | 2021-03-31 | 2021-05-28 | 中国工商银行股份有限公司 | Abnormal behavior detection method, device and equipment |
| CN113064796A (en)* | 2021-04-13 | 2021-07-02 | 上海浦东发展银行股份有限公司 | Unsupervised index abnormality detection method |
| CN113064796B (en)* | 2021-04-13 | 2022-08-12 | 上海浦东发展银行股份有限公司 | Unsupervised index abnormality detection method |
| CN113127305A (en)* | 2021-04-22 | 2021-07-16 | 北京百度网讯科技有限公司 | Abnormality detection method and apparatus |
| CN113127305B (en)* | 2021-04-22 | 2024-02-13 | 北京百度网讯科技有限公司 | Abnormal detection method and device |
| CN113094284A (en)* | 2021-04-30 | 2021-07-09 | 中国工商银行股份有限公司 | Application fault detection method and device |
| CN113434498A (en)* | 2021-05-14 | 2021-09-24 | 国网河北省电力有限公司衡水供电分公司 | Method and device for monitoring data abnormity of database of power system and electronic equipment |
| CN113342610A (en)* | 2021-06-11 | 2021-09-03 | 北京奇艺世纪科技有限公司 | Time sequence data anomaly detection method and device, electronic equipment and storage medium |
| CN113342610B (en)* | 2021-06-11 | 2023-10-13 | 北京奇艺世纪科技有限公司 | Time sequence data anomaly detection method and device, electronic equipment and storage medium |
| CN113595240A (en)* | 2021-06-21 | 2021-11-02 | 深圳供电局有限公司 | Power data detection method, device, equipment and storage medium |
| CN113595240B (en)* | 2021-06-21 | 2024-01-19 | 深圳供电局有限公司 | Method, device, equipment and storage medium for detecting electric power data |
| CN113536066A (en)* | 2021-07-16 | 2021-10-22 | 全球能源互联网研究院有限公司 | Data anomaly detection algorithm determination method and device and computer equipment |
| CN113568950A (en)* | 2021-07-29 | 2021-10-29 | 北京字节跳动网络技术有限公司 | Index detection method, device, equipment and medium |
| CN114048244B (en)* | 2021-11-03 | 2025-09-12 | 腾讯科技(深圳)有限公司 | Data processing method, device, storage medium and electronic device |
| CN114048244A (en)* | 2021-11-03 | 2022-02-15 | 腾讯科技(深圳)有限公司 | Data processing method, data processing device, storage medium and electronic equipment |
| CN114169456A (en)* | 2021-12-13 | 2022-03-11 | 恒安嘉新(北京)科技股份公司 | Data processing method, device, equipment and medium based on 5G terminal security |
| CN114416467A (en)* | 2021-12-22 | 2022-04-29 | 新华三大数据技术有限公司 | Anomaly detection method and device |
| CN114358540A (en)* | 2021-12-23 | 2022-04-15 | 京东科技信息技术有限公司 | Anomaly detection method, device, device and storage medium for index time series data |
| CN114338284A (en)* | 2021-12-24 | 2022-04-12 | 深圳尊悦智能科技有限公司 | 5G intelligent gateway of Internet of things |
| CN114385472A (en)* | 2022-01-19 | 2022-04-22 | 中国农业银行股份有限公司 | A kind of abnormal data detection method, device, equipment and storage medium |
| CN114662977A (en)* | 2022-04-11 | 2022-06-24 | 树根互联股份有限公司 | Method and system for detecting abnormity of motion state of offshore drilling platform and electronic equipment |
| CN115080348A (en)* | 2022-06-24 | 2022-09-20 | 平安银行股份有限公司 | An intelligent alarm method and platform based on AI analysis |
| CN115766507A (en)* | 2022-11-16 | 2023-03-07 | 支付宝(杭州)信息技术有限公司 | Business anomaly detection method and device |
| CN116010897A (en)* | 2023-02-07 | 2023-04-25 | 富途网络科技(深圳)有限公司 | Method and device for detecting data abnormality, electronic equipment and storage medium |
| CN115858633B (en)* | 2023-02-27 | 2023-10-20 | 广州汇通国信科技有限公司 | Time sequence data analysis method and device based on data lake |
| CN116108086B (en)* | 2023-02-27 | 2023-09-26 | 广州汇通国信科技有限公司 | Time sequence data evaluation method and device, electronic equipment and storage medium |
| CN116108086A (en)* | 2023-02-27 | 2023-05-12 | 广州汇通国信科技有限公司 | Time sequence data evaluation method and device, electronic equipment and storage medium |
| CN115858633A (en)* | 2023-02-27 | 2023-03-28 | 广州汇通国信科技有限公司 | Time sequence data analysis method and device based on data lake |
| CN117216597A (en)* | 2023-09-12 | 2023-12-12 | 康键信息技术(深圳)有限公司 | Data anomaly detection method and device, storage medium and computer equipment |
| CN117520410A (en)* | 2023-11-03 | 2024-02-06 | 华青融天(北京)软件股份有限公司 | Service data processing method, device, electronic equipment and computer readable medium |
| WO2025139239A1 (en)* | 2023-12-26 | 2025-07-03 | 中国电信股份有限公司 | Time series data anomaly detection method and apparatus, and non-volatile storage medium |
| CN117807545A (en)* | 2024-02-28 | 2024-04-02 | 广东优信无限网络股份有限公司 | Abnormality detection method and system based on data mining |
| CN117807545B (en)* | 2024-02-28 | 2024-05-31 | 广东优信无限网络股份有限公司 | Abnormality detection method and system based on data mining |
| CN118513269A (en)* | 2024-07-25 | 2024-08-20 | 威海三元塑胶科技有限公司 | Injection mold surface flatness measurement method and system |
| CN119720057A (en)* | 2025-02-27 | 2025-03-28 | 杭州网之易创新科技有限公司 | Abnormal discharge detection method, device, program product and electronic equipment |
| CN119720057B (en)* | 2025-02-27 | 2025-06-06 | 杭州网之易创新科技有限公司 | Abnormal discharge detection method, device, program product and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112084056A (en) | Abnormality detection method, apparatus, device and storage medium | |
| US20240396936A1 (en) | Rapid predictive analysis of very large data sets using the distributed computational graph | |
| US12039415B2 (en) | Debugging and profiling of machine learning model training | |
| US11295262B2 (en) | System for fully integrated predictive decision-making and simulation | |
| US20210067527A1 (en) | Structural graph neural networks for suspicious event detection | |
| US11321085B2 (en) | Meta-indexing, search, compliance, and test framework for software development | |
| US11586972B2 (en) | Tool-specific alerting rules based on abnormal and normal patterns obtained from history logs | |
| US11294754B2 (en) | System and method for contextual event sequence analysis | |
| US20210089917A1 (en) | Heuristic Inference of Topological Representation of Metric Relationships | |
| US20200287923A1 (en) | Unsupervised learning to simplify distributed systems management | |
| US20240214429A1 (en) | Complex it process annotation, tracing, analysis, and simulation | |
| US20230274160A1 (en) | Automatically training and implementing artificial intelligence-based anomaly detection models | |
| US20170154280A1 (en) | Incremental Generation of Models with Dynamic Clustering | |
| US11449798B2 (en) | Automated problem detection for machine learning models | |
| US20210124663A1 (en) | Device Temperature Impact Management Using Machine Learning Techniques | |
| US20180053109A1 (en) | Confidence intervals for anomalies in computer log data | |
| US11212162B2 (en) | Bayesian-based event grouping | |
| CN110309193B (en) | Compare time series data using context-based similarity | |
| US11372904B2 (en) | Automatic feature extraction from unstructured log data utilizing term frequency scores | |
| US11836621B2 (en) | Anonymized time-series generation from recurrent neural networks | |
| CN114503132B (en) | Debugging and profiling machine learning model training | |
| CN113313134B (en) | Cluster fault repair method and model training method, device and server | |
| US20220147816A1 (en) | Divide-and-conquer framework for quantile regression | |
| US20250094271A1 (en) | Log representation learning for automated system maintenance | |
| US20250062951A1 (en) | Unsupervised multi-modal causal structure learning for root cause analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |