CN113051307A - Alarm signal analysis method, equipment, storage medium and device - Google Patents
Alarm signal analysis method, equipment, storage medium and device Download PDFInfo
- Publication number
- CN113051307A CN113051307A CN201911387407.3A CN201911387407A CN113051307A CN 113051307 A CN113051307 A CN 113051307A CN 201911387407 A CN201911387407 A CN 201911387407A CN 113051307 A CN113051307 A CN 113051307A
- Authority
- CN
- China
- Prior art keywords
- information
- alarm
- alarm information
- time sequence
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 90
- 238000012795 verification Methods 0.000 claims abstract description 49
- 238000000034 method Methods 0.000 claims abstract description 40
- 238000012546 transfer Methods 0.000 claims description 25
- 238000012545 processing Methods 0.000 claims description 19
- 238000005315 distribution function Methods 0.000 claims description 18
- 238000001914 filtration Methods 0.000 claims description 9
- 238000012216 screening Methods 0.000 claims description 9
- 239000011159 matrix material Substances 0.000 claims description 8
- 238000009499 grossing Methods 0.000 claims description 3
- 230000001364 causal effect Effects 0.000 description 15
- 230000000694 effects Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 238000004891 communication Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 238000012047 cause and effect analysis Methods 0.000 description 4
- 230000003111 delayed effect Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000012423 maintenance Methods 0.000 description 4
- 238000007781 pre-processing Methods 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 3
- 230000011218 segmentation Effects 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000000546 chi-square test Methods 0.000 description 2
- 238000007405 data analysis Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000012300 Sequence Analysis Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000013432 robust analysis Methods 0.000 description 1
- 238000013024 troubleshooting Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
- G06F16/215—Improving data quality; Data cleansing, e.g. de-duplication, removing invalid entries or correcting typographical errors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2462—Approximate or statistical queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2474—Sequence data queries, e.g. querying versioned data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
- H04L41/064—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis involving time analysis
Abstract
The invention relates to the technical field of alarm information root cause analysis and discloses an alarm signal analysis method, equipment, a storage medium and a device. The method comprises the steps of acquiring a time sequence alarm information set to be analyzed; selecting a plurality of reference information groups from the reference information groups, wherein the reference information groups comprise reference root source alarm information and corresponding reference result alarm information, and the reference result alarm information lags behind the corresponding reference root source alarm information in time; verifying each reference information group by respectively adopting a preset voting analysis model; and taking the reference root alarm information in the reference information group with the verification result of passing the verification as the actual root alarm information, thereby realizing the root cause analysis of the alarm information by presetting the reference root alarm information and the reference result alarm information, then verifying the supposed reference root alarm information and the reference result alarm information by a preset voting analysis model, and accurately positioning the target root alarm information in the alarm information to be analyzed.
Description
Technical Field
The present invention relates to the technical field of alarm information root cause analysis, and in particular, to an alarm signal analysis method, device, storage medium, and apparatus.
Background
At present, with the rapid expansion of operation and maintenance scale, more and more monitoring tools are used for system operation and maintenance, but this simultaneously means that the amount of alarms generated by various systems also increases explosively. A monitoring tool will send hundreds of alarms each day, only less than 15% of which are statistically valid alarms. For example, for a network-level fault, when one device in the network fails, the device can generate a plurality of corresponding alarms; then, each monitoring index of other equipment is abnormal in a chain mode, and a corresponding alarm is generated. Obviously, such an alarm storm would pose a significant challenge to the rapid troubleshooting of the operation and maintenance personnel.
Therefore, a technology for discriminating the root cause alarm from the alarm signal in the alarm storm is indispensable for operation and maintenance teams. For alarm root cause analysis, the existing technologies use association algorithms such as association rule algorithm Apriori and Frequent Pattern Tree (FP-Growth) to automatically calculate the association degree between alarms, but the applicant finds that these existing technologies only consider the association between alarms, even only perform simple time segment segmentation, and do not consider the time sequence of alarm signals within the time segment at all, so the association rules obtained by these existing technologies cannot completely represent the causality between alarm signals, and are prone to deviation when alarm combination and root cause analysis are performed.
Disclosure of Invention
The invention mainly aims to provide an analysis method, equipment, a storage medium and a device of an alarm signal, and aims to solve the technical problem of how to improve the accuracy of root cause analysis of the alarm signal.
In order to achieve the above object, the present invention provides an analysis method of an alarm signal, including the steps of:
acquiring a time sequence alarm information set to be analyzed;
selecting a plurality of reference information groups from the time sequence alarm information set to be analyzed, wherein each reference information group comprises reference root alarm information and corresponding reference result alarm information, and the reference result alarm information lags behind the corresponding reference root alarm information in time;
verifying each reference information group by adopting a preset voting analysis model respectively to obtain a verification result of each reference information group;
and taking the reference root alarm information in the reference information group with the verification result of passing the verification as the actual root alarm information.
Preferably, before the selecting a plurality of reference information groups from the time-series alarm information set to be analyzed, the method further includes:
acquiring the continuity of each time sequence alarm information to be analyzed in the time sequence alarm information set to be analyzed, and segmenting the time sequence alarm information to be analyzed according to the continuity to obtain the segmented time sequence alarm information to be analyzed;
counting alarm quantity information and duration information of the segmented time sequence alarm information to be analyzed;
comparing the alarm quantity information with a quantity threshold value to obtain a first comparison result;
comparing the duration information with a time threshold value to obtain a second comparison result;
determining an alarm storm time sequence information set in the segmented time sequence alarm information to be analyzed according to the first comparison result and the second comparison result;
the selecting a plurality of reference information groups from the time sequence alarm information set to be analyzed comprises:
and selecting a plurality of reference information groups from the alarm storm time sequence information set.
Preferably, the preset voting analysis model is a granger model;
the verifying each reference information group by respectively adopting a preset voting analysis model to obtain the verification result of each reference information group comprises the following steps:
establishing a binary linear autoregressive model for each reference root source alarm information and corresponding reference result alarm information in each reference information group based on the Glanberg model;
obtaining coefficient information of reason time sequence items corresponding to the reference root source alarm information according to the binary linear autoregressive model;
judging whether the coefficient information is a preset coefficient value or not;
and obtaining the verification result of each reference information group according to the judgment result.
Preferably, the preset voting analysis model is a transfer entropy model;
the verifying each reference information group by respectively adopting a preset voting analysis model to obtain the verification result of each reference information group comprises the following steps:
acquiring a reason probability distribution function corresponding to each reference root source alarm information, a result probability distribution function corresponding to the reference result alarm information and a joint distribution function according to each reference root source alarm information and the corresponding reference result alarm information in each reference information group;
obtaining a first transfer entropy of the reference root alarm information to the reference result alarm information according to the reason probability distribution function, the result probability distribution function and the joint distribution function;
acquiring reference variable information, and introducing the reference variable information into the reference root source alarm information and the reference result alarm information to obtain the introduced reference root source alarm information and the reference result alarm information;
obtaining a second transfer entropy according to the introduced reference root source alarm information and the reference result alarm information;
and comparing the first transfer entropy with the second transfer entropy, and obtaining the verification result of each reference information group according to the comparison result.
Preferably, the acquiring a time sequence alarm information set to be analyzed includes:
acquiring reference time sequence alarm information;
denoising the reference time sequence warning information to obtain denoised reference time sequence warning information;
and adding the denoised reference time sequence alarm information to a time sequence alarm information set to be analyzed.
Preferably, the denoising processing of the reference time sequence warning information to obtain denoised reference time sequence warning information includes:
traversing first sample information in the reference time sequence alarm information, and counting alarm quantity information and alarm interval length information in the first sample information;
obtaining alarm density information according to the alarm quantity information and the alarm interval length information;
acquiring density threshold information, and comparing the alarm density information with the density threshold information;
and screening the reference time sequence alarm information according to the comparison result to obtain the denoised reference time sequence alarm information.
Preferably, the denoising processing of the reference time sequence warning information to obtain denoised reference time sequence warning information includes:
traversing second sample information in the reference time sequence warning information, and judging whether warning information exists in a statistical interval with a preset time length in the second sample information;
and screening the reference time sequence alarm information according to the judgment result to obtain the denoised reference time sequence alarm information.
Preferably, the denoising processing of the reference time sequence warning information to obtain denoised reference time sequence warning information includes:
traversing third sample information in the reference time sequence warning information, and obtaining K neighbors among the warning information of the third sample information by adopting a K neighbor replacement algorithm;
and screening the reference time sequence alarm information according to the K neighbor to obtain the denoised reference time sequence alarm information.
Preferably, the denoising processing of the reference time sequence warning information to obtain denoised reference time sequence warning information includes:
converting the reference time sequence warning information into one-dimensional time sequence warning information, and smoothing the one-dimensional time sequence warning information by adopting Gaussian filtering to obtain fourth time sequence warning information;
and carrying out binarization processing on the fourth time sequence alarm information to obtain the denoised reference time sequence alarm information.
Preferably, before the acquiring the reference timing alarm information, the method further includes:
obtaining initial alarm information through a preset interface;
loading the initial alarm information through interface coding information and timestamp information to obtain two-dimensional alarm matrix information;
and taking the two-dimensional alarm matrix information as reference time sequence alarm information.
In addition, in order to achieve the above object, the present invention also provides an apparatus for analyzing an alarm signal, including: a memory, a processor and an analysis program stored on the memory and running an alarm signal on the processor, the analysis program of the alarm signal implementing the steps of the method of analysis of an alarm signal as described above when executed by the processor.
In addition, to achieve the above object, the present invention further provides a storage medium, on which an analysis program of an alarm signal is stored, and the analysis program of the alarm signal implements the steps of the alarm signal analysis method as described above when executed by a processor.
In addition, in order to achieve the above object, the present invention further provides an apparatus for analyzing an alarm signal, including:
the acquisition module is used for acquiring a time sequence alarm information set to be analyzed;
the selection module is used for selecting a plurality of reference information groups from the time sequence alarm information set to be analyzed, wherein each reference information group comprises reference root alarm information and corresponding reference result alarm information, and the reference result alarm information lags behind the corresponding reference root alarm information in time;
the verification module is used for verifying each reference information group by respectively adopting a preset voting analysis model to obtain a verification result of each reference information group;
the obtaining module is further configured to use the reference root alarm information in the reference information group with the verification result that the verification passes as the actual root alarm information.
According to the technical scheme provided by the invention, a time sequence alarm information set to be analyzed is obtained; selecting a plurality of reference information groups from the time sequence alarm information set to be analyzed, wherein each reference information group comprises reference root alarm information and corresponding reference result alarm information, and the reference result alarm information lags behind the corresponding reference root alarm information in time; verifying each reference information group by adopting a preset voting analysis model respectively to obtain a verification result of each reference information group; and taking the reference root alarm information in the reference information group with the verification result of passing the verification as the actual root alarm information, thereby realizing the root cause analysis of the alarm information by presetting the reference root alarm information and the reference result alarm information, then verifying the supposed reference root alarm information and the reference result alarm information by a preset voting analysis model, and accurately positioning the target root alarm information in the alarm information to be analyzed.
Drawings
FIG. 1 is a schematic diagram of an analysis device for an alarm signal of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flow chart illustrating an exemplary method for analyzing an alarm signal according to the present invention;
FIG. 3 is a diagram of an alarm timing root cause analysis system according to an embodiment of an alarm signal analysis method of the present invention;
FIG. 4 is a flow chart illustrating an exemplary method for analyzing an alarm signal according to another embodiment of the present invention;
FIG. 5 is a schematic diagram of a noise signal according to an embodiment of the method for analyzing an alarm signal of the present invention;
FIG. 6 is a schematic diagram of a K-nearest neighbor replacement algorithm based on an embodiment of the method for analyzing an alarm signal according to the present invention;
FIG. 7 is a flowchart illustrating a method for analyzing an alarm signal according to yet another embodiment of the present invention;
FIG. 8 is a block diagram of an embodiment of an apparatus for analyzing an alarm signal according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of an analysis device for an alarm signal of a hardware operating environment according to an embodiment of the present invention.
As shown in fig. 1, the apparatus for analyzing the alarm signal may include: a processor 1001, such as a Central Processing Unit (CPU), a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), the optional user interface 1003 may also include a standard wired interface and a wireless interface, and the wired interface of the user interface 1003 may be a Universal Serial Bus (USB) interface in the present invention. The network interface 1004 may optionally include a standard wired interface as well as a wireless interface (e.g., WI-FI interface). The Memory 1005 may be a high speed Random Access Memory (RAM); or a stable Memory, such as a Non-volatile Memory (Non-volatile Memory), and may be a disk Memory. The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the configuration shown in fig. 1 does not constitute a limitation of the analysis device of the alert signal and may include more or fewer components than those shown, or some components in combination, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a kind of computer storage medium, may include therein an operating system, a network communication module, a user interface module, and an analysis program of an alarm signal.
In the apparatus for analyzing an alarm signal shown in fig. 1, the network interface 1004 is mainly used for connecting to a background server and performing data communication with the background server; the user interface 1003 is mainly used for connecting peripheral equipment; the analysis device of the alarm signal calls an analysis program of the alarm signal stored in the memory 1005 through the processor 1001 and executes the analysis method of the alarm signal provided by the embodiment of the present invention.
Based on the hardware structure, the embodiment of the alarm signal analysis method is provided.
Referring to fig. 2, fig. 2 is a flowchart illustrating an embodiment of an alarm signal analysis method according to the present invention.
In the embodiment of fig. 2, the method for analyzing the alarm signal includes the following steps:
step S10: and acquiring a time sequence alarm information set to be analyzed.
It should be noted that, the execution subject of the present embodiment is an analysis device of an alarm signal, and may also be other devices that can implement the same or similar functions, such as a server, for example, which is not limited in this embodiment.
Step S20: and selecting a plurality of reference information groups from the time sequence alarm information set to be analyzed, wherein each reference information group comprises reference root alarm information and corresponding reference result alarm information, and the reference result alarm information lags behind the corresponding reference root alarm information in time.
In this embodiment, the reference root alarm information is represented as reason alarm information, and the corresponding reference result alarm information is represented as result alarm information, that is, the reference root alarm information and the reference result alarm information in the time sequence alarm information to be analyzed are a reason alarm time sequence and a result alarm time sequence assumed in advance, and the time sequence of the reference result alarm information is delayed by the preset time length of the reference root alarm information, wherein the delay is that the time sequence of the reference result alarm information is later than that of the reference root alarm information, so that the result alarm time sequence is delayed by the reason alarm time sequence, and the accuracy of the root cause analysis is ensured.
In the specific implementation, reasonable time lag is set according to specific service conditions, causality among different alarm signal time sequences is calculated, the result time sequence is ensured to lag behind the reason time sequence for a certain time length, and the time sequence is ensured, so that the problem that the time sequence among variables is not considered in the prior art is solved.
Step S30: and verifying each reference information group by adopting a preset voting analysis model respectively to obtain a verification result of each reference information group.
In this embodiment, the preset voting analysis model is an integrated voting analysis model, the integrated voting analysis model integrates a granger model and a transfer entropy model, and may also integrate other models that can implement causal analysis.
Step S40: and taking the reference root alarm information in the reference information group with the verification result of passing the verification as the actual root alarm information.
In the specific implementation, root cause verification is firstly carried out through a Glange model and a transfer entropy model, whether the association relation between the previously assumed reference root cause alarm information and the reference result alarm information is correct or not is judged, and final determination is carried out in a voting mode according to the verification results of the Glange model and the transfer entropy model respectively, so that the accuracy of assumption is ensured through various model verification modes.
It should be noted that the final result of the preset voting analysis model may be confirmed in a minority majority-compliant manner, and may also be finally confirmed in other manners, which is not limited in this embodiment.
As shown in fig. 3, the alarm time sequence root cause analysis system includes a data reading module, a data preprocessing module, an alarm storm analysis module and a cause and effect analysis module, wherein the data reading module reads CSV data, database data and Excel data through a data reading controller, the data preprocessing module performs density denoising, duration denoising, K neighbor denoising and gaussian filtering denoising, the alarm storm analysis module performs event segmentation and alarm storm judgment, and if the alarm storm is an alarm storm, glange analysis or transmission entropy analysis is performed through a cause and effect molecular voter in the cause and effect analysis module, and finally a cause and effect association rule is obtained.
According to the scheme, the time sequence alarm information set to be analyzed is acquired; selecting a plurality of reference information groups from the time sequence alarm information set to be analyzed, wherein each reference information group comprises reference root alarm information and corresponding reference result alarm information, and the reference result alarm information lags behind the corresponding reference root alarm information in time; verifying each reference information group by adopting a preset voting analysis model respectively to obtain a verification result of each reference information group; and taking the reference root alarm information in the reference information group with the verification result of passing the verification as the actual root alarm information, thereby realizing the root cause analysis of the alarm information by presetting the reference root alarm information and the reference result alarm information, then verifying the supposed reference root alarm information and the reference result alarm information by a preset voting analysis model, and accurately positioning the target root alarm information in the alarm information to be analyzed.
Referring to fig. 4, fig. 4 is a flowchart illustrating another embodiment of the method for analyzing an alarm signal according to the present invention, and based on the embodiment illustrated in fig. 2, another embodiment of the method for analyzing an alarm signal according to the present invention is provided, where the step S10 includes:
acquiring reference time sequence alarm information; denoising the reference time sequence warning information to obtain denoised reference time sequence warning information; and adding the denoised reference time sequence alarm information to a time sequence alarm information set to be analyzed.
It should be noted that the denoising process includes at least one of density denoising, duration denoising, K-neighbor denoising, or gaussian filtering denoising.
Traversing first sample information in the reference time sequence warning information during density denoising, and counting warning quantity information and warning interval length information in the first sample information; obtaining alarm density information according to the alarm quantity information and the alarm interval length information; acquiring density threshold information, and comparing the alarm density information with the density threshold information; and screening the reference time sequence alarm information according to the comparison result to obtain the denoised reference time sequence alarm information.
It can be understood that the alarm signal timing data after loading often causes false alarm signals due to factors such as measurement noise, interference or jitter. Obviously, the false alarm has negative influence on the result of the subsequent causal analysis, so data is denoised before data analysis. Considering that the real alarm distribution characteristics are necessarily centralized and continuous, the alarm signal time sequence data can be denoised according to the alarm distribution characteristics. As shown in fig. 5, both the isolated alarm signal at 8 minutes and the missing alarm signal at 63 minutes are noise, and need to be preprocessed, so that in order to obtain the authenticity of the sample data, the sample data needs to be denoised, so as to achieve the purpose of data analysis efficiency.
In the embodiment, in order to perform denoising processing based on density, first, each sample point on an alarm signal time sequence is traversed, the alarm signal density of the sample point is considered, the alarm density is defined as the alarm amount/the length of a statistical interval, a density threshold is set, when the alarm density is lower than the density threshold, it is considered that no alarm actually exists in the current sample point, and the alarm signal of the current sample point is forced to be set to zero.
Further, the denoising processing on the reference time sequence warning information to obtain denoised reference time sequence warning information includes:
traversing second sample information in the reference time sequence warning information, and judging whether warning information exists in a statistical interval with a preset time length in the second sample information; and screening the reference time sequence alarm information according to the judgment result to obtain the denoised reference time sequence alarm information.
In the specific implementation, in order to perform denoising processing based on duration, first, each sample point on a warning signal time sequence is traversed, a statistical interval with the length of w before and after the sample point is considered, when no other warning signal exists in the statistical interval, it is considered that no warning actually exists in the current sample point, and the warning signal of the current sample point is forced to be set to zero, wherein the statistical interval can be flexibly adjusted according to requirements, so that the authenticity of a sample is ensured, and the accuracy of data processing is improved.
Further, the denoising processing on the reference time sequence warning information to obtain denoised reference time sequence warning information includes:
traversing third sample information in the reference time sequence warning information, and obtaining K neighbors among the warning information of the third sample information by adopting a K neighbor replacement algorithm; and screening the reference time sequence alarm information according to the K neighbor to obtain the denoised reference time sequence alarm information.
In specific implementation, in order to perform denoising processing based on a K nearest neighbor replacement algorithm, first, each sample point on an alarm signal time sequence is traversed, a statistical interval with a length of w before and after the sample point is considered, when no other alarm signal exists in the statistical interval, it is considered that no alarm actually exists in the current sample point, and the alarm signal of the current sample point is forced to be set to zero, wherein the statistical interval can be flexibly adjusted according to requirements, as shown in a schematic diagram based on the K nearest neighbor replacement algorithm shown in fig. 6, where ω 1, ω 2, and ω 3 respectively represent sample information, Xu represents a reference point, and distance information between the reference point and each sample is obtained, so that abnormal noise point information is identified, authenticity of the sample is guaranteed, and accuracy of data processing is improved.
Further, the denoising processing on the reference time sequence warning information to obtain denoised reference time sequence warning information includes:
converting the reference time sequence warning information into one-dimensional time sequence warning information, and smoothing the one-dimensional time sequence warning information by adopting Gaussian filtering to obtain fourth time sequence warning information; and carrying out binarization processing on the fourth time sequence alarm information to obtain the denoised reference time sequence alarm information.
In the specific implementation, in order to perform denoising processing based on gaussian filtering, the alarm signal time sequence is used as one-dimensional data to be smoothed by using gaussian filtering, and the smoothed alarm signal is subjected to binarization processing, so that denoised alarm signal time sequence data is finally obtained, thereby ensuring the authenticity of a sample and improving the accuracy of data processing.
Further, before the obtaining of the reference timing alarm information, the method further includes:
and step S101, obtaining initial alarm information through a preset interface.
In the embodiment, in order to adapt to different types of data sources, a data access mechanism based on an interface is used, so that the alarm information is effectively managed according to the interface information.
And S102, loading the initial alarm information through interface coding information and timestamp information to obtain two-dimensional alarm matrix information.
In this embodiment, different data access modes are realized by different subclasses, and finally, the time sequence data of all the alarm signals are loaded into the memory to form a two-dimensional matrix. As shown in the data structure of the alarm information in table 1, the column index of the matrix is the time stamp of the time series, and the row index is the identification number ID of different alarm signals, where T represents the time stamp information, and ID represents the alarm identification code information.
And step S103, taking the two-dimensional alarm matrix information as reference time sequence alarm information.
| Time stamp | Alarm ID1 | Alarm ID2 | ... | Alarm |
| T0 | ||||
| 0 | 0 | ... | 0 | |
| |
0 | 1 | ... | 0 |
| |
1 | 0 | ... | 0 |
| |
1 | 0 | ... | 0 |
| ... | ... | ... | ... | ... |
| |
0 | 0 | ... | 1 |
TABLE 1
According to the scheme provided by the embodiment, the noise removal is carried out on different scenes by adopting the modes of density-based, duration-based, K neighbor replacement algorithm-based, Gaussian filtering and the like, so that the accuracy of the alarm information is ensured.
Referring to fig. 7, fig. 7 is a flowchart illustrating a method for analyzing an alarm signal according to another embodiment of the present invention, and based on the embodiment illustrated in fig. 2, a further embodiment of the method for analyzing an alarm signal according to the present invention is provided, where before the step S20, the method further includes:
step S201, obtaining the continuity of each time sequence alarm information to be analyzed in the time sequence alarm information set to be analyzed, and segmenting the time sequence alarm information to be analyzed according to the continuity to obtain the segmented time sequence alarm information to be analyzed.
It should be noted that, no matter the time complexity of the Granger causal analysis model or the transfer entropy algorithm is high, the direct use consumes a large amount of computing resources, and meanwhile, considering that the alarm signals are distributed very sparsely in a complete time interval, the causal analysis operation performed in a large amount of time intervals without alarm signals is meaningless and may cause false causality determination, so that the alarm storm information is obtained through alarm storm detection, and only the alarm signal time sequence data in the time period in which the alarm storm occurs is analyzed, so that the time complexity of the system is greatly reduced on one hand, and the false causality possibly brought in long time sequence analysis is also avoided on the other hand.
In a specific implementation, the cutting algorithm is based on the discontinuity degree of the alarm signal, the discontinuity degree is defined as the distance between the first subsequent alarm signal and the current alarm signal sample point, and when the discontinuity degree is higher than a certain set threshold value, the fault event is considered to be ended, wherein the current alarm signal sample point is an acquisition point in the discrete data.
Step S202, counting the alarm quantity information and the duration information of the segmented time sequence alarm information to be analyzed.
In this embodiment, after the current fault event completes the preliminary cutting, it is further necessary to determine whether the fault event meets the criteria of an alarm storm, and the criteria of the alarm storm includes two conditions: the amount of alarm information and the duration of the fault event.
Step S203, comparing the alarm quantity information with a quantity threshold value to obtain a first comparison result.
Step S204, comparing the duration information with a time threshold value to obtain a second comparison result.
Step S205, determining an alarm storm time sequence information set in the segmented time sequence alarm information to be analyzed according to the first comparison result and the second comparison result.
For the above conditions, the embodiment sets a corresponding threshold, where the specific threshold has a certain adjustment space according to the specific service type, and when the conditions of the fault event all satisfy the criteria of an alarm storm, the system determines that the fault event is an effective alarm storm.
The step S20 includes:
and selecting a plurality of reference information groups from the alarm storm time sequence information set.
Further, the preset voting analysis model is a granger model; the step S30 includes:
establishing a binary linear autoregressive model for each reference root source alarm information and corresponding reference result alarm information in each reference information group based on the Glanberg model; obtaining coefficient information of reason time sequence items corresponding to the reference root source alarm information according to the binary linear autoregressive model; judging whether the coefficient information is a preset coefficient value through F test or chi-square test; and obtaining the verification result of each reference information group according to the judgment result.
It should be noted that, after the alarm signal time sequence passes through the alarm storm detector, the alarm storm time period division information is obtained. Therefore, complete alarm signal time sequence data of each alarm storm can be obtained, and then causal analysis among all the internal alarm signals can be carried out on each alarm storm. The feasible causal analysis algorithm adopts an integrated voting algorithm to obtain a more robust analysis result, and combines a plurality of causal analysis algorithms, wherein the causal analysis algorithms comprise a Granger causal analysis model and a transfer entropy.
In a specific implementation, the Granger causal analysis model is based on a binary linear autoregressive model between a cause time sequence and an effect time sequence, whether coefficients of cause time sequence items in a vector autoregressive model are all 0 is checked through an F test scheme or a chi-square test scheme and the like to confirm the causal strength between the cause time sequence and the effect time sequence, if the coefficients are 0, the assumed causal relationship between the reference root alarm information and the reference effect alarm information does not exist, and if the coefficients are not 0, the assumed causal relationship between the reference root alarm information and the reference effect alarm information is established.
Further, the preset voting analysis model is a transfer entropy model; the step S30 includes:
acquiring a reason probability distribution function corresponding to each reference root source alarm information, a result probability distribution function corresponding to the reference result alarm information and a joint distribution function according to each reference root source alarm information and the corresponding reference result alarm information in each reference information group; obtaining a first transfer entropy of the reference root alarm information to the reference result alarm information according to the reason probability distribution function, the result probability distribution function and the joint distribution function; acquiring reference variable information, and introducing the reference variable information into the reference root source alarm information and the reference result alarm information to obtain the introduced reference root source alarm information and the reference result alarm information; obtaining a second transfer entropy according to the introduced reference root source alarm information and the reference result alarm information; and comparing the first transfer entropy with the second transfer entropy, and obtaining the verification result of each reference information group according to the comparison result.
In a specific implementation, the difference of the conditional entropy under two conditions of considering and not considering the reason time sequence is defined by considering the asymmetry between the detection time sequence and the time sequence brought by the conditional probability distribution through the transfer entropy. The practical meaning is that the improvement of the certainty of the information of the result time sequence is considered after the reason time sequence is introduced, so that the root cause analysis of the alarm signal is realized.
According to the scheme provided by the embodiment, the causal relationship verification is performed through the preset voting analysis model, wherein the preset voting analysis model comprises a granger model, a transfer entropy model and the like, so that the accuracy of root cause analysis of the alarm signal is improved.
In addition, an embodiment of the present invention further provides a storage medium, where an analysis program of an alarm signal is stored on the storage medium, and the analysis program of the alarm signal is executed by a processor to implement the steps of the terminal network accessing method described above.
Since the storage medium adopts all technical solutions of all the embodiments, at least all the beneficial effects brought by the technical solutions of the embodiments are achieved, and no further description is given here.
In addition, referring to fig. 8, an embodiment of the present invention further provides an apparatus for analyzing an alarm signal, where the apparatus for analyzing an alarm signal includes:
the acquiring module 10 is configured to acquire a time sequence alarm information set to be analyzed.
A selecting module 20, configured to select a plurality of reference information groups from the time sequence alarm information set to be analyzed, where each reference information group includes reference root alarm information and corresponding reference result alarm information, and the reference result alarm information lags behind the corresponding reference root alarm information in time.
In this embodiment, the reference root alarm information is represented as reason alarm information, and the corresponding reference result alarm information is represented as result alarm information, that is, the reference root alarm information and the reference result alarm information in the time sequence alarm information to be analyzed are a reason alarm time sequence and a result alarm time sequence assumed in advance, and the time sequence of the reference result alarm information is delayed by the preset time length of the reference root alarm information, wherein the delay is that the time sequence of the reference result alarm information is later than that of the reference root alarm information, so that the result alarm time sequence is delayed by the reason alarm time sequence, and the accuracy of the root cause analysis is ensured.
In the specific implementation, reasonable time lag is set according to specific service conditions, causality among different alarm signal time sequences is calculated, the result time sequence is ensured to lag behind the reason time sequence for a certain time length, and the time sequence is ensured, so that the problem that the time sequence among variables is not considered in the prior art is solved.
And the verification module 30 is configured to verify each reference information group by using a preset voting analysis model, and obtain a verification result of each reference information group.
In this embodiment, the preset voting analysis model is an integrated voting analysis model, the integrated voting analysis model integrates a granger model and a transfer entropy model, and may also integrate other models that can implement causal analysis.
The obtaining module 10 is further configured to use the reference root alarm information in the reference information group with the verification result that the verification is passed as the actual root alarm information.
In the specific implementation, root cause verification is firstly carried out through a Glange model and a transfer entropy model, whether the association relation between the previously assumed reference root cause alarm information and the reference result alarm information is correct or not is judged, and final determination is carried out in a voting mode according to the verification results of the Glange model and the transfer entropy model respectively, so that the accuracy of assumption is ensured through various model verification modes.
It should be noted that the final result of the preset voting analysis model may be confirmed in a minority majority-compliant manner, and may also be finally confirmed in other manners, which is not limited in this embodiment.
As shown in fig. 3, the alarm time sequence root cause analysis system includes a data reading module, a data preprocessing module, an alarm storm analysis module and a cause and effect analysis module, wherein the data reading module reads CSV data, database data and Excel data through a data reading controller, the data preprocessing module performs density denoising, duration denoising, K neighbor denoising and gaussian filtering denoising, the alarm storm analysis module performs event segmentation and alarm storm judgment, and if the alarm storm is an alarm storm, glange analysis or transmission entropy analysis is performed through a cause and effect molecular voter in the cause and effect analysis module, and finally a cause and effect association rule is obtained.
According to the scheme, the time sequence alarm information set to be analyzed is acquired; selecting a plurality of reference information groups from the time sequence alarm information set to be analyzed, wherein each reference information group comprises reference root alarm information and corresponding reference result alarm information, and the reference result alarm information lags behind the corresponding reference root alarm information in time; verifying each reference information group by adopting a preset voting analysis model respectively to obtain a verification result of each reference information group; and taking the reference root alarm information in the reference information group with the verification result of passing the verification as the actual root alarm information, thereby realizing the root cause analysis of the alarm information by presetting the reference root alarm information and the reference result alarm information, then verifying the supposed reference root alarm information and the reference result alarm information by a preset voting analysis model, and accurately positioning the target root alarm information in the alarm information to be analyzed.
The alarm signal analysis device of the present invention adopts all the technical solutions of all the above embodiments, so that the device at least has all the beneficial effects brought by the technical solutions of the above embodiments, and details are not repeated herein.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, third, etc. do not denote any order, but rather the words first, second, third, etc. are to be interpreted as names.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as a read-only memory, a RAM, a magnetic disk, and an optical disk), and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (13)
1. A method for analyzing an alarm signal, the method comprising the steps of:
acquiring a time sequence alarm information set to be analyzed;
selecting a plurality of reference information groups from the time sequence alarm information set to be analyzed, wherein each reference information group comprises reference root alarm information and corresponding reference result alarm information, and the reference result alarm information lags behind the corresponding reference root alarm information in time;
verifying each reference information group by adopting a preset voting analysis model respectively to obtain a verification result of each reference information group;
and taking the reference root alarm information in the reference information group with the verification result of passing the verification as the actual root alarm information.
2. The method for analyzing an alarm signal according to claim 1, wherein before the selecting a plurality of reference information groups from the time-series alarm information set to be analyzed, the method further comprises:
acquiring the continuity of each time sequence alarm information to be analyzed in the time sequence alarm information set to be analyzed, and segmenting the time sequence alarm information to be analyzed according to the continuity to obtain the segmented time sequence alarm information to be analyzed;
counting alarm quantity information and duration information of the segmented time sequence alarm information to be analyzed;
comparing the alarm quantity information with a quantity threshold value to obtain a first comparison result;
comparing the duration information with a time threshold value to obtain a second comparison result;
determining an alarm storm time sequence information set in the segmented time sequence alarm information to be analyzed according to the first comparison result and the second comparison result;
the selecting a plurality of reference information groups from the time sequence alarm information set to be analyzed comprises:
and selecting a plurality of reference information groups from the alarm storm time sequence information set.
3. The method for analyzing an alarm signal according to claim 1, wherein the predetermined voting analysis model is a granger model;
the verifying each reference information group by respectively adopting a preset voting analysis model to obtain the verification result of each reference information group comprises the following steps:
establishing a binary linear autoregressive model for each reference root source alarm information and corresponding reference result alarm information in each reference information group based on the Glanberg model;
obtaining coefficient information of reason time sequence items corresponding to the reference root source alarm information according to the binary linear autoregressive model;
judging whether the coefficient information is a preset coefficient value or not;
and obtaining the verification result of each reference information group according to the judgment result.
4. The method for analyzing an alarm signal according to claim 1, wherein the predetermined voting analysis model is a transfer entropy model;
the verifying each reference information group by respectively adopting a preset voting analysis model to obtain the verification result of each reference information group comprises the following steps:
acquiring a reason probability distribution function corresponding to each reference root source alarm information, a result probability distribution function corresponding to the reference result alarm information and a joint distribution function according to each reference root source alarm information and the corresponding reference result alarm information in each reference information group;
obtaining a first transfer entropy of the reference root alarm information to the reference result alarm information according to the reason probability distribution function, the result probability distribution function and the joint distribution function;
acquiring reference variable information, and introducing the reference variable information into the reference root source alarm information and the reference result alarm information to obtain the introduced reference root source alarm information and the reference result alarm information;
obtaining a second transfer entropy according to the introduced reference root source alarm information and the reference result alarm information;
and comparing the first transfer entropy with the second transfer entropy, and obtaining the verification result of each reference information group according to the comparison result.
5. The method for analyzing an alarm signal according to any one of claims 1 to 4, wherein the obtaining of the set of time-series alarm information to be analyzed includes:
acquiring reference time sequence alarm information;
denoising the reference time sequence warning information to obtain denoised reference time sequence warning information;
and adding the denoised reference time sequence alarm information to a time sequence alarm information set to be analyzed.
6. The method for analyzing an alarm signal according to claim 5, wherein the denoising the reference timing alarm information to obtain denoised reference timing alarm information comprises:
traversing first sample information in the reference time sequence alarm information, and counting alarm quantity information and alarm interval length information in the first sample information;
obtaining alarm density information according to the alarm quantity information and the alarm interval length information;
acquiring density threshold information, and comparing the alarm density information with the density threshold information;
and screening the reference time sequence alarm information according to the comparison result to obtain the denoised reference time sequence alarm information.
7. The method for analyzing an alarm signal according to claim 5, wherein the denoising the reference timing alarm information to obtain denoised reference timing alarm information comprises:
traversing second sample information in the reference time sequence warning information, and judging whether warning information exists in a statistical interval with a preset time length in the second sample information;
and screening the reference time sequence alarm information according to the judgment result to obtain the denoised reference time sequence alarm information.
8. The method for analyzing an alarm signal according to claim 5, wherein the denoising the reference timing alarm information to obtain denoised reference timing alarm information comprises:
traversing third sample information in the reference time sequence warning information, and obtaining K neighbors among the warning information of the third sample information by adopting a K neighbor replacement algorithm;
and screening the reference time sequence alarm information according to the K neighbor to obtain the denoised reference time sequence alarm information.
9. The method for analyzing an alarm signal according to claim 5, wherein the denoising the reference timing alarm information to obtain denoised reference timing alarm information comprises:
converting the reference time sequence warning information into one-dimensional time sequence warning information, and smoothing the one-dimensional time sequence warning information by adopting Gaussian filtering to obtain fourth time sequence warning information;
and carrying out binarization processing on the fourth time sequence alarm information to obtain the denoised reference time sequence alarm information.
10. The method for analyzing an alarm signal according to claim 5, wherein before the obtaining the reference timing alarm information, the method further comprises:
obtaining initial alarm information through a preset interface;
loading the initial alarm information through interface coding information and timestamp information to obtain two-dimensional alarm matrix information;
and taking the two-dimensional alarm matrix information as reference time sequence alarm information.
11. An apparatus for analyzing an alarm signal, comprising: memory, processor and analysis program stored on the memory and running on the processor of an alarm signal, the analysis program of an alarm signal implementing the steps of the method of analysis of an alarm signal according to any one of claims 1 to 10 when executed by the processor.
12. A storage medium, characterized in that it has stored thereon a program for analysis of an alarm signal, which program, when executed by a processor, carries out the steps of a method for analysis of an alarm signal according to any one of claims 1 to 10.
13. An apparatus for analyzing an alarm signal, the apparatus comprising:
the acquisition module is used for acquiring a time sequence alarm information set to be analyzed;
the selection module is used for selecting a plurality of reference information groups from the time sequence alarm information set to be analyzed, wherein each reference information group comprises reference root alarm information and corresponding reference result alarm information, and the reference result alarm information lags behind the corresponding reference root alarm information in time;
the verification module is used for verifying each reference information group by respectively adopting a preset voting analysis model to obtain a verification result of each reference information group;
the obtaining module is further configured to use the reference root alarm information in the reference information group with the verification result that the verification passes as the actual root alarm information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911387407.3A CN113051307A (en) | 2019-12-27 | 2019-12-27 | Alarm signal analysis method, equipment, storage medium and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911387407.3A CN113051307A (en) | 2019-12-27 | 2019-12-27 | Alarm signal analysis method, equipment, storage medium and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113051307A true CN113051307A (en) | 2021-06-29 |
Family
ID=76507648
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911387407.3A Pending CN113051307A (en) | 2019-12-27 | 2019-12-27 | Alarm signal analysis method, equipment, storage medium and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113051307A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115460098A (en) * | 2022-09-15 | 2022-12-09 | 中国人民解放军军事科学院***工程研究院 | Network management system fault model establishing method based on time interval distribution characteristics |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107301119A (en) * | 2017-06-28 | 2017-10-27 | 北京优特捷信息技术有限公司 | The method and device of IT failure root cause analysis is carried out using timing dependence |
| CN107633307A (en) * | 2017-09-08 | 2018-01-26 | 国家计算机网络与信息安全管理中心 | Power supply-distribution system Root alarm detection method, device, terminal and computer-readable storage medium |
| CN110457184A (en) * | 2018-05-07 | 2019-11-15 | 中国石油化工股份有限公司 | Associated chemical industry exception causality analysis and figure methods of exhibiting are fluctuated based on timing |
| CN110462536A (en) * | 2017-03-23 | 2019-11-15 | Asml荷兰有限公司 | The system of such as lithography system is modeled or is executed the predictive maintenance of system method and associated lithography system |
| CN110502590A (en) * | 2019-08-27 | 2019-11-26 | 紫荆智维智能科技研究院(重庆)有限公司 | The method for verifying building industrial equipment fault relationship based on Granger causality |
-
2019
- 2019-12-27 CN CN201911387407.3A patent/CN113051307A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110462536A (en) * | 2017-03-23 | 2019-11-15 | Asml荷兰有限公司 | The system of such as lithography system is modeled or is executed the predictive maintenance of system method and associated lithography system |
| CN107301119A (en) * | 2017-06-28 | 2017-10-27 | 北京优特捷信息技术有限公司 | The method and device of IT failure root cause analysis is carried out using timing dependence |
| CN107633307A (en) * | 2017-09-08 | 2018-01-26 | 国家计算机网络与信息安全管理中心 | Power supply-distribution system Root alarm detection method, device, terminal and computer-readable storage medium |
| CN110457184A (en) * | 2018-05-07 | 2019-11-15 | 中国石油化工股份有限公司 | Associated chemical industry exception causality analysis and figure methods of exhibiting are fluctuated based on timing |
| CN110502590A (en) * | 2019-08-27 | 2019-11-26 | 紫荆智维智能科技研究院(重庆)有限公司 | The method for verifying building industrial equipment fault relationship based on Granger causality |
Non-Patent Citations (1)
| Title |
|---|
| 李鉴增: "《宽带网络技术》", 北京:中国广播电视出版社, pages: 285 - 286 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115460098A (en) * | 2022-09-15 | 2022-12-09 | 中国人民解放军军事科学院***工程研究院 | Network management system fault model establishing method based on time interval distribution characteristics |
| CN115460098B (en) * | 2022-09-15 | 2023-04-07 | 中国人民解放军军事科学院***工程研究院 | Network management system fault model establishing method based on time interval distribution characteristics |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110839016B (en) | Abnormal flow monitoring method, device, equipment and storage medium | |
| CN111178760B (en) | Risk monitoring method, risk monitoring device, terminal equipment and computer readable storage medium | |
| CN111177505A (en) | Training method, recommendation method and device of index anomaly detection model | |
| CN110457175B (en) | Service data processing method and device, electronic equipment and medium | |
| CN113037595B (en) | Abnormal device detection method and device, electronic device and storage medium | |
| CN111796957A (en) | Transaction abnormal root cause analysis method and system based on application log | |
| CN112529061A (en) | Identification method and device for photovoltaic power abnormal data and terminal equipment | |
| CN111064719B (en) | Method and device for detecting abnormal downloading behavior of file | |
| CN114880312B (en) | Flexibly-set application system service data auditing method | |
| CN112612680A (en) | Message warning method, system, computer equipment and storage medium | |
| CN114429256A (en) | Data monitoring method and device, electronic equipment and storage medium | |
| CN113051307A (en) | Alarm signal analysis method, equipment, storage medium and device | |
| CN111371581A (en) | Method, device, equipment and medium for detecting business abnormity of Internet of things card | |
| CN115658443B (en) | Log filtering method and device | |
| CN116074215B (en) | Network quality detection method, device, equipment and storage medium | |
| KR101984257B1 (en) | Cloud service based big data analysing system and method therein | |
| CN116108376A (en) | Monitoring system and method for preventing electricity stealing, electronic equipment and medium | |
| CN114860543A (en) | Anomaly detection method, device, equipment and computer readable storage medium | |
| CN111798237B (en) | Abnormal transaction diagnosis method and system based on application log | |
| CN111724048A (en) | Characteristic extraction method for finished product library scheduling system performance data based on characteristic engineering | |
| CN117216170A (en) | Asset identification method, device, electronic equipment and storage medium | |
| US11829122B2 (en) | Industrial network behavior analysis method, apparatus and system, and computer-readable medium | |
| CN112445641B (en) | Operation maintenance method and system for big data cluster | |
| CN113778868A (en) | Method and device for data detection based on data buried points | |
| CN112950055A (en) | Automatic entry method for system management in ISO system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210629 |