改进加权方法的告警关联分析算法

吉林大学学报(信息科学版) ›› 2023, Vol. 41 ›› Issue (1): 57-66.

改进加权方法的告警关联分析算法

朱圳^1a , 张引发2 , 刘立芳^1a , 齐小刚^1b

(1. 西安电子科技大学 a. 计算机科学与技术学院; b. 数学与统计学院, 西安 710071;2. 国防科技大学信息通信学院, 长沙 210023)

收稿日期:2022-04-11 出版日期:2023-02-08 发布日期:2023-02-09
作者简介:朱圳(1997— ), 男, 安徽阜阳人, 西安电子科技大学硕士研究生, 主要从事数据分析、数据挖掘和通信网络研究, (Tel)86-13866261447(E-mail)zz123456wzq@ 163. com; 刘立芳(1972— ), 女, 兰州人, 西安电子科技大学教授, 硕士生导师,主要从事计算智能与网络优化, 数据处理与故障诊断研究, (Tel)86-18392691929(E-mail)lfliu@ mail. xidian. edu。
基金资助:
国家自然科学基金资助项目(61877067)

Analysis Algorithm of Alarm Correlation Based on Improved Weighting Method

ZHU Zhen^1a , ZHANG Yinfa ², LIU Lifang ^1a , QI Xiaogang^1b

(1a. School of Computer Science and Technology; 1b. School of Mathematics and Statistics, Xidian University, Xi'an 710071, China; 2. School of Information and Communication, University of National Defense Science and Technology, Changsha 210023, China)

Received:2022-04-11 Online:2023-02-08 Published:2023-02-09

摘要/Abstract

摘要： 以往告警关联分析算法中将告警重要性视为相同, 为区分不同告警的重要性差异, 以及告警中包含信息量的差异性, 提出一种改进加权方法的告警关联分析算法。首先将告警信息中有关告警重要性的属性量化, 并使用极端梯度提升(XGBoost: extreme Gradient Boosting)集成学习模型训练, 得到告警属性的权重值, 并对告警数据赋予权重; 然后, 将网络拓扑数据加入滑动窗口中, 改进传统滑动窗口划分事务存在的问题, 改进后的滑动窗口划分的事务集更加真实可靠; 最终将加权后的告警事务集使用加权 FP-Growth ( Frequent Pattern Growth)算法挖掘频繁告警和关联规则。通过实验验证了该改进加权方法的告警关联分析算法在挖掘频繁告警、重要关联规则和时间上都有很好的性能。

Abstract: In the previous alarm correlation analysis algorithms, the alarm importance is regarded as the same. In order to distinguish the difference in importance of different alarms and the difference in the amount of information contained in the alarms, an alarm correlation analysis algorithm with improved weighting method is proposed. First, the attributes related to alarm importance in the alarm information are quantified, and the XGBoost(eXtreme Gradient Boosting) integrated learning model is used to train them to obtain the weight value of the alarm attribute, and the weight assigned to the alarm data. Then, the network topology data is added to the sliding window to improve the problems in the division of transactions by the sliding window. The improved transaction set divided by the sliding window is more realistic and reliable. Finally, the weighted alarm transaction set is used to mine frequent alarms and association rules by using the weighted FP-Growth(Frequent
Pattern Growth ) algorithm. Experiments show that the alarm correlation analysis algorithm with improved weighting method has good performance in mining frequent alarms, important association rules and time.

Key words: alarm correlation analysis, communications network, extreme gradient boosting ( XGBoost ) algorithm, weighted alarm analysis, frequent pattern growth(FP-Growth) algorithm

中图分类号:

TP131

朱圳 , 张引发 , 刘立芳 , 齐小刚. 改进加权方法的告警关联分析算法[J]. 吉林大学学报(信息科学版), 2023, 41(1): 57-66.

ZHU Zhen , ZHANG Yinfa , LIU Lifang , QI Xiaogang . Analysis Algorithm of Alarm Correlation Based on Improved Weighting Method[J]. Journal of Jilin University (Information Science Edition), 2023, 41(1): 57-66.

[1]	孙铁刚, 李志军, 刘丹. 虚实结合的光通信网络实验教学改革与实践[J]. 吉林大学学报(信息科学版), 2021, 39(6): 669-674.
[2]	房悦, 李国齐. 延时约束下的异构通信网络稳定性控制技术[J]. 吉林大学学报(信息科学版), 2020, 38(6): 656-661.
[3]	朱艳茹，范亚芹，赵洋. 基于知识图谱的自适应学习系统知识模型构建[J]. 吉林大学学报(信息科学版), 2018, 36(3): 345-350.
[4]	董立岩, 隋鹏, 辛晓华, 田耕. 基于Android的智能家居终端控制系统[J]. 吉林大学学报(信息科学版), 2014, 32(3): 303-307.