CN113268370B - Root cause alarm analysis method, system, equipment and storage medium - Google Patents

Root cause alarm analysis method, system, equipment and storage medium Download PDF

Info

Publication number
CN113268370B
CN113268370B CN202110513431.8A CN202110513431A CN113268370B CN 113268370 B CN113268370 B CN 113268370B CN 202110513431 A CN202110513431 A CN 202110513431A CN 113268370 B CN113268370 B CN 113268370B
Authority
CN
China
Prior art keywords
alarm
root cause
node
alarms
edge
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110513431.8A
Other languages
Chinese (zh)
Other versions
CN113268370A (en
Inventor
杨树森
田晓慧
杨煜乾
薛江
孙建永
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian Jiaotong University
Original Assignee
Xian Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian Jiaotong University filed Critical Xian Jiaotong University
Priority to CN202110513431.8A priority Critical patent/CN113268370B/en
Publication of CN113268370A publication Critical patent/CN113268370A/en
Application granted granted Critical
Publication of CN113268370B publication Critical patent/CN113268370B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/079Root cause analysis, i.e. error or fault diagnosis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • G06F18/2415Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on parametric or probabilistic models, e.g. based on likelihood ratio or false acceptance rate versus a false rejection rate
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Biomedical Technology (AREA)
  • Evolutionary Computation (AREA)
  • Computing Systems (AREA)
  • Molecular Biology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computational Linguistics (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Biophysics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Quality & Reliability (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a root cause alarm analysis method, a system, equipment and a storage medium, comprising the following steps: preprocessing alarm data, mining the alarm data based on an SR-ASM algorithm to obtain an alarm sequence, and converting the alarm sequence into an alarm relation diagram; according to the alarm relation diagram and the alarm self characteristics, the root alarm is identified by utilizing the root alarm identification model SGC-RAI, and the identified root alarm is recommended.

Description

Root cause alarm analysis method, system, equipment and storage medium
Technical Field
The invention belongs to the field of alarm analysis, and relates to a root cause alarm analysis method, a root cause alarm analysis system, root cause alarm analysis equipment and a storage medium.
Background
Tens of thousands of alarm logs constitute an alarm flood. Among the alarms, some alarms occur frequently and are repeatedly reported, and some alarms have complex association relations. If the alarms are not processed, the alarms are compressed and the direct alarm log is pushed to the manager, the processing efficiency of each alarm is quite low, and the processing effect is positively related to the experience of the manager. Therefore, the most important task of the network alarm analysis is to use an algorithm to greatly reduce the alarm quantity presented to the operation and maintenance personnel of the management center, and push only root cause alarms. In the past root cause analysis research, a great deal of work is to research the association and causal relationship of alarms, then compress the alarms based on the association and causal relationship, and predict the alarms by root cause positioning. The method in this aspect is mainly divided into two categories, alarm correlation analysis and root cause analysis. The alarm correlation analysis is mainly realized by a data mining correlation algorithm, and mainly comprises a clustering algorithm, a frequent item mining algorithm, a time sequence relation mining algorithm and the like. There are many different approaches to alert root cause analysis, of which rule-based root cause analysis systems are more common in applications. The rules in such systems are expert-experienced crystallization, with the feature of being less sophisticated. However, in the increasingly complex network system, such methods require significant costs in terms of rule formulation, maintenance and updating. Along with the development of big data technology and data mining technology, some students put forward the concept of intelligent operation and maintenance, and a machine learning algorithm is applied to the tasks of root cause and fault analysis, so that the accuracy of root cause positioning is improved, and the operation and maintenance cost is effectively reduced. Such methods are the main trend in the future, however no specific process is given at the present stage.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provide a root cause alarm analysis method, a system, equipment and a storage medium.
In order to achieve the above object, the root cause alarm analysis method of the present invention includes:
preprocessing alarm data, mining the alarm data by using an SR-ASM algorithm to obtain an alarm sequence, and converting the alarm sequence into an alarm relation diagram;
and according to the alarm relation diagram, the root cause alarm is identified by utilizing a root cause alarm identification model SGC-RAI, and the identified root cause alarm is recommended.
Further comprises: further judging the two-way edges in the alarm relation graph and giving weight to each pair of relations on the graph according to the confidence and the lifting degree.
The process of preprocessing the alarm data comprises the following steps: and carrying out de-duplication, sequencing and grouping according to network elements and time windows on the alarm data.
According to the alarm relation diagram and the alarm characteristics, the specific operation process of carrying out root cause alarm analysis by utilizing the root cause alarm identification model SGC-RAI is as follows:
for a group of alarm sequences of root cause alarms to be analyzed, vectorizing text features of the alarms to obtain the features of each alarm, extracting the relation features of the alarms according to an alarm relation graph, performing supervised training on a root cause alarm identification model SGC-RAI by using the self features and the relation features of the alarms, and then performing root cause alarm identification by using the trained root cause alarm identification model SGC-RAI.
And de-duplicating the alarm group, training a GloVe model and a TF-IDF model by taking text information of all alarms as a corpus, inputting the word segmentation of the alarm name into the trained GloVe model for one alarm log to obtain word vector characteristics of the word segmentation of the alarm name, and weighting the word vector characteristics by using the trained TF-IDF model to obtain the characteristics of the alarm itself and obtaining the association information of the alarm according to an alarm relation diagram.
The root cause alarm identification model SGC-RAI comprises two layers of airspace map convolution layers, a pooling layer and a full-connection layer, wherein local information is aggregated by the two layers of airspace map convolution layers, all fault information is extracted by the pooling layer through element-wise maximum pooling operation, the fault information is injected into an alarm to obtain new alarm representation, finally, the characteristics of the alarm are converted into a value through the shared full-connection layer, the root cause score of the alarm is obtained through Softmax normalization, and the alarm with the largest root cause score is taken as the root cause alarm.
The operation process (inspired by relation graph convolution) of the two airspace graph convolution layers is as follows:
Figure BDA0003061166390000031
Figure BDA0003061166390000032
where v is the alarm in the alarm sequence and k is the kth layer.
Figure BDA0003061166390000033
For the output of the k-th layer->
Figure BDA0003061166390000034
For the acquired neighborhood information->
Figure BDA0003061166390000035
Is a learnable linearityAnd (5) transforming. N (N) 1 (v) And N 2 (v) Respectively representing a set of two classes of neighbors of node v. N (N) 1 ) The node in v) is connected with the node v by an edge, and the direction of the edge is pointed by the node v to the neighbor node, N 2 (v) The node in (a) is connected with the node v by an edge, and the direction of the edge is pointed to the node v by a neighbor node. w (v, u) represents the corresponding prior weight of the edge from node v to neighbor node u in the alarm correlation graph, and w (u, v) represents the corresponding prior weight of the edge from neighbor node u to node v in the alarm correlation graph.
The operation of aggregating global information is:
Figure BDA0003061166390000041
Figure BDA0003061166390000042
wherein G is a correlation diagram formed by the whole alarm sequence:
the root cause alarm prediction is calculated as:
Figure BDA0003061166390000043
Figure BDA0003061166390000044
a root cause alert analysis system comprising:
the mining module is used for preprocessing the alarm data, mining the alarm data by using an SR-ASM algorithm to obtain an alarm sequence, and converting the alarm sequence into an alarm relation diagram;
and the identification module is used for identifying the root cause alarm by utilizing the root cause alarm identification model SGC-RAI according to the alarm relation diagram and the text characteristics of the alarm, and recommending the identified root cause alarm. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the root cause alert analysis method when the computer program is executed.
A computer readable storage medium storing a computer program which when executed by a processor implements the steps of the root cause alert analysis method.
The invention has the following beneficial effects:
the root cause alarm analysis method, system, equipment and storage medium of the invention excavate alarm data based on the increasing reliability and SR-ASM algorithm to obtain alarm sequence, convert the alarm sequence into alarm relation diagram, avoid missing valuable alarm related information, improve the accuracy of identification, then utilize root cause alarm identification model SGC-RAI to identify root cause alarm, effectively reduce dependence on expert experience, reduce operation and maintenance cost, and improve identification efficiency.
Drawings
FIG. 1 is a graph of judgment logic for pattern growth in an SR-ASM algorithm;
FIG. 2 is a flow chart of alarm correlation mining in accordance with the present invention;
FIG. 3 is a frame diagram of the invention based on alarm recognition;
FIG. 4 is a schematic diagram of a root cause alert recognition model in the present invention;
Detailed Description
In order to make the present invention better understood by those skilled in the art, the following description will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments, but not intended to limit the scope of the present disclosure. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
The root cause alarm analysis method of the invention comprises the following steps:
1) Discovering associations between alarms based on sequence pattern mining;
mining alarm data based on an SR-ASM algorithm to obtain an alarm sequence, converting the alarm sequence into an alarm relation diagram, further judging the direction of a bidirectional edge in the alarm relation diagram, and giving a weight to each pair of relations according to the confidence level and the lifting level;
in particular, in consideration of large occurrence frequency difference of different alarms, the invention only depends on the support index to mine the alarm data and easily omits valuable alarm related information, so the invention modifies the traditional frequent sequence pattern mining algorithm prefix span to provide a concept of increasing reliability and a valuable alarm sequence in the alarm sequence mining algorithm SR-ASM for mining the alarm data, wherein the SR-ASM takes an alarm sequence database as input and valuable alarm sequences as output.
2) And identifying root cause alarms based on the graph network.
And according to the alarm relation diagram, carrying out root cause alarm analysis by utilizing a root cause alarm identification model SGC-RAI.
Specifically, the invention utilizes the method of the graph neural network to extract the characteristics of the alarm and judge the root cause alarm. The invention applies the ideas of space domain diagram convolution and pooling to provide a root cause alarm identification model SGC-RAI, wherein the SGC-RAI model can enable each alarm to aggregate local and global information so as to obtain more distinguishing characteristics, and finally the characteristics are transformed and normalized to obtain root cause scores.
Referring to fig. 1, the core details of the SR-ASM, the SR-ASM is an algorithm proposed based on PrefixSpan, and the prefix pattern growing method is also adopted to mine all valuable alarm sequences, when the prefix grows, the invention proposes the concept of growing the reliability GR, wherein given the prefix α, a new sequence s formed by combining the item b on the basis of the prefix α is combined to form the reliability of the valuable prefix, and the reliability of the valuable prefix is obtained by:
Figure BDA0003061166390000071
the original PreFixSpan algorithm only carries out mode growth judgment through the support degree, if the minimum support degree requirement is met, the prefix continues to grow, when the prefix grows, the support degree and the growth reliability are considered, the prefix growth judgment logic as shown in figure 1 is provided, the support degree and the growth reliability GR are used for judging the mode continues to grow together, and two indexes can continue to grow when meeting one mode.
SR-ASM algorithm idea
Similar to the PrefixSpan algorithm, the SR-ASM continuously performs prefix growth by a recursive method, specifically, first, starting from 1-prefix (k=1), performing projection on each 1-prefix to obtain a database composed of all suffixes, and counting the support degree of each item b in the database;
when the support degree of b is more than or equal to the minimum support degree, continuously increasing the prefix into (k+1) -prefix, and then performing recursion mining;
and when the support degree of b is less than the minimum support degree, calculating the growth reliability GR, if GR is more than or equal to min_GR, continuously growing the prefix into (k+1) -prefix, and then recursively mining, otherwise, stopping growing.
And so on, recursion is performed until the projected database is empty or the sequence length constraint is reached.
When the program is started, the prefix is empty, special treatment is needed in the SR-ASM algorithm, the invention sets a lower support limit t, and when the support of the items in the database reaches t, the prefix is 1-prefix.
Fig. 2 is an alarm correlation mining flow adopted by the present invention, and the specific process is:
1a) Building an alarm sequence database:
and grouping, sorting, de-duplication and serializing massive and discrete alarm records, wherein the input of the link is the original alarm log record, and the output is the constructed alarm sequence database S.
2a) Mining valuable alarm sequences:
the database S is used as input, and an SR-ASM algorithm is executed to obtain a valuable alarm sequence and the support degree thereof.
3a) Generating an alarm relationship network:
and (3) representing the relation among alarms by adopting the form of a network diagram to the alarm sequence obtained in the step (2 a), wherein the alarms are used as nodes on the network diagram, and the sequence is used as a path on the network diagram. If there are two-way sides on the constructed graph and the support degree in one direction is more than two times of the support degree in the other direction, deleting the side with lower support degree, otherwise deleting both sides.
Calculating the weight of each Edge, wherein the weights Edge (A-B) of the corresponding edges from the alarm A to the alarm B are calculated weight The method comprises the following steps:
Figure BDA0003061166390000081
/>
referring to fig. 3, when it is required to determine the root cause alarm in a set of alarm sequences, two types of features are used as input of an identification model, wherein the two types of features are text features of the alarms and associated features between the alarms respectively, and output of the identification model is the root cause alarm. Because the alarm log is in the form of text, the invention adopts the idea of text vectorization in the natural language processing task. The method of combining the GloVe model and the TF-IDF model is adopted to represent the alarm, the GloVe model and the TF-IDF model are trained by taking the alarm log as a corpus, the vector length is 50, and the vector of the characteristics of one alarm is expressed as follows:
Figure BDA0003061166390000091
referring to FIG. 4, the root cause alert identification model SGC-RAI uses a set of alert features X ε R N*D And its relation matrix A epsilon R N*N As input, N represents the number of alarms in the sequence and D represents the dimension of the alarm feature. The root cause alarm recognition model SGC-RAI is divided into 3 parts from left to right, local information is first aggregated by using 2-layer space domain graph convolution, then all fault information is extracted by using element-wise maximum pooling operation, the fault information is injected into an alarm, node information is updated again, and finally alarm characteristics are converted into root cause scores by shared full-connection layers and normalization operation.
The convolution operation (inspired by the relation graph convolution) in the invention is as follows:
Figure BDA0003061166390000092
Figure BDA0003061166390000093
where v is the alarm in the alarm sequence and k is the kth layer.
Figure BDA0003061166390000094
For the output of the k-th layer->
Figure BDA0003061166390000095
For the acquired neighborhood information->
Figure BDA0003061166390000096
Is a learnable linear transformation. N (N) 1 (v) And N 2 (v) Respectively representing a set of two classes of neighbors of node v. N (N) 1 (v) The node in the tree is connected with the node v by an edge, the direction of the edge is pointed to the neighbor node by the node v, N 2 (v) The node in (a) is connected with the node v by an edge, and the direction of the edge is pointed to the node v by a neighbor node. w (v, u) represents the corresponding prior weight of the edge from node v to neighbor node u in the alarm correlation graph, w (u, v) representsThe corresponding prior weights of the edges from the neighbor node u to the node v in the alarm association graph.
The operation of aggregating global information is:
Figure BDA0003061166390000097
Figure BDA0003061166390000098
wherein G is a correlation diagram formed by the whole alarm sequence:
the root cause alarm prediction is calculated as:
Figure BDA0003061166390000101
Figure BDA0003061166390000102
a root cause alert analysis system comprising:
the mining module is used for preprocessing the alarm data, mining the alarm data by using the proposed SR-ASM algorithm to obtain an alarm sequence, and converting the alarm sequence into an alarm relation diagram;
and the identification module is used for identifying the root cause alarm by utilizing the proposed root cause alarm identification model SGC-RAI according to the alarm relation diagram and the text characteristics of the alarm, and recommending the identified root cause alarm. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the root cause alert analysis method when the computer program is executed.
A computer readable storage medium storing a computer program which when executed by a processor implements the steps of the root cause alert analysis method.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart 1 flowchart and/or block diagram 1 or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart 1 flowchart and/or block diagram 1 or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart 1 flowchart and/or block diagram 1 or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical aspects of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the above embodiments, it should be understood by those of ordinary skill in the art that: modifications and equivalents may be made to the specific embodiments of the invention without departing from the spirit and scope of the invention, which is intended to be covered by the claims.

Claims (8)

1. A root cause alert analysis method, comprising:
preprocessing alarm data, mining the alarm data by using an SR-ASM algorithm to obtain an alarm sequence, and converting the alarm sequence into an alarm relation diagram;
according to the alarm relation diagram and the characteristics of the alarms, the root cause alarms are identified by utilizing a root cause alarm identification model SGC-RAI, and the identified root cause alarms are recommended;
the root cause alarm identification model SGC-RAI comprises two layers of airspace map convolution layers, a pooling layer and a full-connection layer, wherein local information is aggregated by the two layers of airspace map convolution layers, global fault information is extracted by the pooling layer by using element-wise maximum pooling operation, the fault information is injected into an alarm to obtain new alarm representation, the characteristics of the alarm are converted into numerical values by the shared full-connection layer, the root cause score of the alarm is obtained by using Softmax normalization, and the alarm with the largest root cause score is taken as the root cause alarm;
the operation process of the two airspace map convolution layers is as follows:
Figure QLYQS_1
Figure QLYQS_2
where v is the alarm in the alarm sequence, k is the kth layer,
Figure QLYQS_3
for the output of the k-th layer->
Figure QLYQS_4
In order to obtain the neighborhood information,
Figure QLYQS_5
as a learnable linear transformation, N 1 (v) And N 2 (v) Respectively representing a set of two types of neighbors of node v, N 1 (v) The node in the tree is connected with the node v by an edge, the direction of the edge is pointed to the neighbor node by the node v, N 2 (v) The node in the alarm correlation graph is connected with the node v by an edge, the direction of the edge is pointed to the node v by a neighbor node, w (v, u) represents the corresponding prior weight of the edge from the node v to the neighbor node u in the alarm correlation graph, w (u, v) represents the corresponding prior weight of the edge from the neighbor node u to the node v in the alarm correlation graph, and the operation of aggregating global information is as follows:
Figure QLYQS_6
Figure QLYQS_7
wherein G is a correlation diagram formed by the whole alarm sequence:
the root cause alarm prediction is calculated as:
Figure QLYQS_8
Figure QLYQS_9
2. the root cause alert analysis method of claim 1, further comprising: and judging the directions of the two-way edges in the alarm relation diagram, and giving weight to each pair of relations on the alarm relation diagram according to the confidence and the lifting degree.
3. The root cause alert analysis method of claim 1, wherein the preprocessing of alert data comprises: and carrying out de-duplication, sequencing and grouping according to network elements and time windows on the alarm data.
4. The root cause alarm analysis method according to claim 1, wherein the specific operation procedure of performing root cause alarm analysis by using a root cause alarm recognition model SGC-RAI according to the alarm relationship diagram and the alarm self characteristics is:
and vectorizing the text features of the alarms to obtain the characteristics of the alarms per se for a group of alarm sequences of the root cause alarms to be analyzed, extracting the relation features of the alarms according to the alarm relation graph, and performing supervised training on the root cause alarm identification model SGC-RAI by utilizing the characteristics of the alarms per se and the relation features, wherein the labels are the root cause alarms, and then performing root cause alarm identification by utilizing the trained root cause alarm identification model SGC-RAI.
5. The root cause alarm analysis method according to claim 1, wherein the alarm group is de-duplicated, text information of all alarms is used as a corpus to train a GloVe model and a TF-IDF model, wherein for an alarm log, the word segmentation of the alarm name is input into the trained GloVe model to obtain word vector features of the alarm name word segmentation, the trained TF-IDF model is used to weight the word vector features to obtain the features of the alarms, and the relevant information of the alarms is obtained according to an alarm relation diagram.
6. A root cause alert analysis system, comprising:
the mining module is used for preprocessing the alarm data, mining the alarm data by using an SR-ASM algorithm to obtain an alarm sequence, and converting the alarm sequence into an alarm relation diagram;
the identification module is used for identifying the root cause alarm by utilizing a root cause alarm identification model SGC-RAI according to the alarm relation diagram and the characteristics of the alarm per se, and recommending the identified root cause alarm;
the root cause alarm identification model SGC-RAI comprises two layers of airspace map convolution layers, a pooling layer and a full-connection layer, wherein local information is aggregated by the two layers of airspace map convolution layers, global fault information is extracted by the pooling layer by using element-wise maximum pooling operation, the fault information is injected into an alarm to obtain new alarm representation, the characteristics of the alarm are converted into numerical values by the shared full-connection layer, the root cause score of the alarm is obtained by using Softmax normalization, and the alarm with the largest root cause score is taken as the root cause alarm;
the operation process of the two airspace map convolution layers is as follows:
Figure QLYQS_10
Figure QLYQS_11
where v is the alarm in the alarm sequence, k is the kth layer,
Figure QLYQS_12
for the output of the k-th layer->
Figure QLYQS_13
In order to obtain the neighborhood information,
Figure QLYQS_14
as a learnable linear transformation, N 1 (v) And N 2 (v) Respectively representing a set of two types of neighbors of node v, N 1 (v) The node in the tree is connected with the node v by an edge, the direction of the edge is pointed to the neighbor node by the node v, N 2 (v) The node in the alarm association graph is connected with the node v by an edge, the direction of the edge points to the node v from the neighbor node, and w (v, u) represents the corresponding prior weight of the edge from the node v to the neighbor node u in the alarm association graphHeavy, w (u, v) represents the corresponding prior weight of the edge from the neighbor node u to the node v in the alarm association graph, and the operation of aggregating global information is as follows:
Figure QLYQS_15
Figure QLYQS_16
wherein G is a correlation diagram formed by the whole alarm sequence:
the root cause alarm prediction is calculated as:
Figure QLYQS_17
Figure QLYQS_18
7. a computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the root cause alert analysis method according to any one of claims 1 to 5 when the computer program is executed.
8. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the steps of the root cause alert analysis method according to any one of claims 1 to 5.
CN202110513431.8A 2021-05-11 2021-05-11 Root cause alarm analysis method, system, equipment and storage medium Active CN113268370B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110513431.8A CN113268370B (en) 2021-05-11 2021-05-11 Root cause alarm analysis method, system, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110513431.8A CN113268370B (en) 2021-05-11 2021-05-11 Root cause alarm analysis method, system, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN113268370A CN113268370A (en) 2021-08-17
CN113268370B true CN113268370B (en) 2023-05-23

Family

ID=77230486

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110513431.8A Active CN113268370B (en) 2021-05-11 2021-05-11 Root cause alarm analysis method, system, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113268370B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115022153B (en) * 2022-06-07 2024-04-23 中国工商银行股份有限公司 Fault root cause analysis method, device, equipment and storage medium
CN116233311B (en) * 2023-05-08 2023-07-14 天津金城银行股份有限公司 Automatic outbound testing method, device, computer equipment and storage medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111814967A (en) * 2020-09-11 2020-10-23 鹏城实验室 Method, apparatus and storage medium for calculating inferential computation of neural network model

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6393386B1 (en) * 1998-03-26 2002-05-21 Visual Networks Technologies, Inc. Dynamic modeling of complex networks and prediction of impacts of faults therein
CN113946461A (en) * 2018-06-15 2022-01-18 华为技术有限公司 Fault root cause analysis method and device
CN111897673B (en) * 2020-07-31 2022-10-21 平安科技(深圳)有限公司 Operation and maintenance fault root cause identification method and device, computer equipment and storage medium
CN112181758B (en) * 2020-08-19 2023-07-28 南京邮电大学 Fault root cause positioning method based on network topology and real-time alarm
CN112182387B (en) * 2020-09-29 2023-08-25 中国人民大学 Personalized search method with time information enhancement
CN112312443A (en) * 2020-10-13 2021-02-02 西安电子科技大学 Mass alarm data processing method, system, medium, computer equipment and application
CN112367678A (en) * 2020-10-15 2021-02-12 深圳力维智联技术有限公司 Micro base station monitoring method and device and storage medium

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111814967A (en) * 2020-09-11 2020-10-23 鹏城实验室 Method, apparatus and storage medium for calculating inferential computation of neural network model

Also Published As

Publication number Publication date
CN113268370A (en) 2021-08-17

Similar Documents

Publication Publication Date Title
WO2021103492A1 (en) Risk prediction method and system for business operations
CN111428054A (en) Construction and storage method of knowledge graph in network space security field
CN110597735A (en) Software defect prediction method for open-source software defect feature deep learning
CN113268370B (en) Root cause alarm analysis method, system, equipment and storage medium
CN112217674B (en) Alarm root cause identification method based on causal network mining and graph attention network
CN112100397A (en) Electric power plan knowledge graph construction method and system based on bidirectional gating circulation unit
CN110633366A (en) Short text classification method, device and storage medium
CN113779272A (en) Data processing method, device and equipment based on knowledge graph and storage medium
CN114816497B (en) Link generation method based on BERT pre-training model
CN114463596A (en) Small sample image identification method, device and equipment of hypergraph neural network
CN117010373A (en) Recommendation method for category and group to which asset management data of power equipment belong
CN111159328A (en) Information knowledge fusion system and method
CN116578336A (en) Software clone detection method based on plagiarism-detector countermeasure
CN116561264A (en) Knowledge graph-based intelligent question-answering system construction method
CN115841105A (en) Event extraction method, system and medium based on event type hierarchical relation
CN114036319A (en) Power knowledge extraction method, system, device and storage medium
CN117668259B (en) Knowledge-graph-based inside and outside data linkage analysis method and device
Lv et al. CEP rule extraction framework based on evolutionary algorithm
CN116431757B (en) Text relation extraction method based on active learning, electronic equipment and storage medium
CN117235646A (en) Abnormal transaction identification method and device
CN117669723A (en) Knowledge-graph-based space human factor information learning and reasoning method and device
CN116955560A (en) Data processing method and system based on thinking chain and knowledge graph
CN115757694A (en) Recruitment industry text recall method, system, device and medium
Zhang Research on Malicious Code Detection Techniques Based on Data Mining and Machine Learning
CN115827893A (en) Skill culture knowledge map generation method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant