Security devices produce huge number of logs which are far beyond the processing speed of human beings. This paper introduces an unsupervised approach to detecting anomalous behavior in large scale security logs. We propose a novel feature extracting mechanism and could precisely characterize the features of malicious behaviors. We design a LSTM-based anomaly detection approach and could successfully identify attacks on two widely-used datasets. Our approach outperforms three popular anomaly detection algorithms, one-class SVM, GMM and Principal Components Analysis, in terms of accuracy and efficiency.

中文翻译：

---

基于LSTM的日志分析异常检测模型

安全设备生成大量的日志，远远超出了人类的处理速度。本文介绍了一种无监督的方法来检测大型安全日志中的异常行为。我们提出了一种新颖的特征提取机制，可以精确地描述恶意行为的特征。我们设计了一种基于LSTM的异常检测方法，可以成功地识别对两个广泛使用的数据集的攻击。在准确性和效率方面，我们的方法优于三种流行的异常检测算法，即一类SVM，GMM和主成分分析。