CN104376365A - Method for constructing information system running rule libraries on basis of association rule mining - Google Patents
Method for constructing information system running rule libraries on basis of association rule mining Download PDFInfo
- Publication number
- CN104376365A CN104376365A CN201410708182.8A CN201410708182A CN104376365A CN 104376365 A CN104376365 A CN 104376365A CN 201410708182 A CN201410708182 A CN 201410708182A CN 104376365 A CN104376365 A CN 104376365A
- Authority
- CN
- China
- Prior art keywords
- rule
- storehouse
- association
- index
- rule storehouse
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a method for constructing information system running rule libraries on the basis of association rule mining. The method is characterized by comprising steps of S01, acquiring network topology architectures of information systems and dynamic monitoring indicators and static monitoring indicators of all devices; S02, generating network fault trees by the aid of the network topology architectures and the dynamic monitoring indicators and the static monitoring indicators of the devices and generating basic rule libraries by the aid of the network fault trees; S03, executing association rule mining algorithms on historical data of the information systems to acquire association rule libraries; S04, combining the basic rule libraries with the association rule libraries and generating extension rule libraries by means of reasoning. Retrieval priority of the basic rule libraries is superior to retrieval priority of the association rule libraries, and the retrieval priority of the association rule libraries is superior to retrieval priority of the extension rule libraries. The method has the advantages that the information system running rule libraries can be intelligently generated by the aid of fault tree technologies and association rule mining technologies, rules can be optimized by the aid of machine learning technologies, three-domain structures of the rules are further designed, and accordingly the rules can be automatically sorted and adjusted.
Description
Technical field
The present invention relates to a kind of building method of the infosystem operation rule storehouse based on association rule mining.
Background technology
For guarantee information security of system, stable, effective operation, State Grid Corporation of China started covering " comprehensive network management in 2008, desktop management, safety management, O&M is served " the construction of information O&M comprehensive monitoring system (hereinafter referred to as " IMS "), promote in completion system the whole network in 2011, and completed so that " in-depth gathers in 2012, equipment control, one single two tickets, alarm center, exhibition centre, green machine room " six large modules are the strengthened research building-up work of the IMS system of core, cover network comprehensively, the network equipment, main frame, database, middleware, desktop terminal, the real-time monitoring of the IT infrastructure devices such as safety equipment and operation system, for the infosystem operation maintenance work of the whole network provides technical support means.
But in operation monitoring rule settings and judgement, also there is following deficiency:
One, the runnability of IT infrastructure and operation system is monitored still needs operation maintenance personnel to set monitoring threshold rule according to history O&M experience and major field knowledge, can not the moving law of self-adaptation IT infrastructure and operation system, the monitoring threshold rule of solidifying within some time period does not meet practical operation situation, easily produces wrong report, fails to report;
Two, the operation monitoring rule of setting can not carry out rational judgement, cannot verify the practical operation situation of the operation monitoring of setting regular whether fit IT infrastructure and operation system;
The setting of three, operation monitoring rule does not have self-learning function, can not according to the history run adjusting and optimizing voluntarily of IT infrastructure and operation system.
Summary of the invention
For the problems referred to above, the invention provides a kind of building method of the infosystem operation rule storehouse based on association rule mining, utilize fault-tree technology and Association Rule Mining to carry out intelligent information generated system cloud gray model rule base, and adopt machine learning techniques to be optimized rule.Further, devise three domain structures of rule, achieve auto-sequencing and the adjustment automatically of rule.
For realizing above-mentioned technical purpose, reach above-mentioned technique effect, the present invention is achieved through the following technical solutions:
Based on the building method in the infosystem operation rule storehouse of association rule mining, it is characterized in that, comprise the steps:
S01: obtain the network topology architecture of infosystem and the dynamic monitoring index of all devices and static monitor control index;
S02: by the dynamic and static monitor control index generating network fault tree of network topology architecture and equipment, and generate primitive rule storehouse by network failure tree;
S03: association rules mining algorithm is performed to the historical data of infosystem, obtains correlation rule storehouse;
S04: carry out reasoning in conjunction with primitive rule storehouse and correlation rule storehouse and generate extension rule storehouse;
Wherein, the retrieval priority of each rule base is: > extension rule storehouse, > correlation rule storehouse, primitive rule storehouse.
Preferably, each rule in primitive rule storehouse is three domain structures, namely comprises,
Sequence of rules territory: the number of times that rule runs succeeded in the operational process of reality, performs failed number of times, the final counting of rule and rule compositor;
Rule identification field: the subordinate object being used for identifying this rule;
Regulatory body territory: for the detailed description to rule.
Preferably, system real-time executing rule sort algorithm Sum fanction flow algorithms carries out the refreshing of priority determination Sum fanction to rule.
Wherein, in each rule base, determine by the final counting index of the rule in sequence of rules territory the priority that rule is retrieved, wherein, the formula of the final counting of rule is:
F=R-0.5W
In formula, F is final counting, and R is the number of times that rule runs succeeded in actual moving process, and W is that rule performs failed number of times; If carry out machine learning to the failed scene of execution, to dependency rule through optimizing and solving relevant issues, then the failed number of times W of corresponding execution subtracts one.
Preferably, the regular flow algorithm in correlation rule storehouse is: in running process, as long as rule is once proved to be correct, directly moves to primitive rule storehouse; If this rule has be proved to be mistake twice, then delete this rule.
Preferably, the regular flow algorithm in extension rule storehouse is: use historical data to verify strictly all rules,
For success ratio in the rule of 80% ~ 100%, after using historical data to carry out machine learning, directly move to primitive rule storehouse;
For success ratio 60% ~ 80% rule, after using historical data to carry out machine learning, if success ratio is greater than 80%, move to primitive rule storehouse, otherwise continue to stay extension rule storehouse, and accept the machine learning of service data, until its success ratio is greater than 80%;
For success ratio in the rule of 50% ~ 60%, use historical data and service data to carry out machine learning, until its success ratio is greater than 80%, move to primitive rule storehouse, otherwise continue to stay extension rule storehouse;
Success ratio is less than to the rule of 50%, directly deletes.
The present invention realizes infosystem operation rule storehouse dynamic construction and optimization, can be applicable to company information O&M comprehensive supervision platform, make the foundation of monitoring alarm rule easier with maintenance, rule matching efficiency is higher, thus adapt to rapidly the various changes in infosystem object, running environment, running state data source, meet extensive INFORMATION SYSTEM PRECEPTS collection matching treatment requirement of real-time simultaneously, greatly improve the practicality of algorithm, promote information system monitoring warning, safety management, behavior auditing and conjunction rule management quality.
The invention has the beneficial effects as follows:
One, the compartmentalization structure of rule base: the rule base of the inventive method design has three subregions, and store primitive rule, correlation rule and extension rule respectively, wherein the priority of primitive rule is the highest, and correlation rule takes second place, and the priority of extension rule is minimum.By the subregion of rule base, the priority orders of the priority management determination rule search of rule can be passed through, and low area rule can be upgraded by continuous real-time machine study, implementation rule flowing from low to high.
Two, three domain structures of rule: three domain structures of rule comprise sequence of rules territory, regular identification field Sum fanction main body territory: the prioritization of sequence of rules territory means implementation rule by quantifying; Rule identification field is used for identifying the subordinate object of this rule, so that rule base self-adaptative adjustment when network topology architecture changes; Regulatory body territory stores the main part of rule, and this is the detailed description to rule.
Three, real-time adaptive threshold adjustment: system utility historical data and service data, analysis meter calculates the alarm threshold of applicable service operation Alerting requirements, improve the alarm self-learning capability for infosystem, adopt threshold value planning algorithm dynamic conditioning alarm threshold, accomplish to reduce volume of event from the source of event, improve the quality of monitoring alarm.
Four, the robotization analysis on its rationality of newly-increased rule warehouse-in: newly-increased rule can be generated automatically by system, also can manually add.For newly-increased rule, adopt historical data and real-time running data to carry out rationalization to rule and analyze, determine the availability of rule.
Five, the automatic adjusting and optimizing of rule: by real-time executing rule sort algorithm Sum fanction flow algorithms, carry out priority to rule to determine and the refreshing of priority or upgrading, guarantee that rule base is in optimum state, improve the accuracy of the recall precision Sum fanction of rule, thus improve system performance.
Accompanying drawing explanation
Fig. 1 is the process flow diagram of the building method in a kind of infosystem operation rule storehouse based on association rule mining of the present invention;
Fig. 2 is three domain structure figure of the rule in primitive rule storehouse of the present invention;
Fig. 3 is rule base three district of the present invention extension rule flow algorithms process flow diagram.
Embodiment
Below in conjunction with accompanying drawing and specific embodiment, technical solution of the present invention is described in further detail, can better understand the present invention to make those skilled in the art and can be implemented, but illustrated embodiment is not as a limitation of the invention.
Based on the building method in the infosystem operation rule storehouse of association rule mining, as shown in Figure 1, comprise the steps:
S01: obtain the network topology architecture of infosystem and the dynamic monitoring index of all devices and static monitor control index.
First network topology architecture is obtained by Topology Discovery technology, then to each network equipment in topological structure, gather corresponding dynamic monitoring index and static monitor control index, comprise the large class of network index, safety index, main frame index, database index, middleware index and operation system index six.
Network index comprises chain-circuit time delay, network equipment health runs duration, network device state, network equipment CPU usage, network equipment memory usage, accept packet loss, send packet loss, receive Packet Error Rate, send Packet Error Rate, interface flow, interface transmitted traffic, interface total flow and interface broad band availability; Safety index comprises security incident, the state (CPU, internal memory etc.) of safety equipment and compliance; Main frame index comprises Host Status, healthy operation duration, CPU usage, memory usage, disk space utilization rate, critical processes number and host configuration information.
Database index has SqlServer index, Oracle index and DB2 index.Wherein SqlServer index comprises the hit rate of SGA, available cache memory size, the hit rate of dictionary buffer, the hit rate of shared cache area, the hit rate in Redo log buffer district, number of sessions, available sessions quantity, transaction response time, table space available rate, table space rate of growth and MTS performance; Oracle index comprises number of sessions, available sessions quantity, transaction response time, table space available rate, table space rate of growth, shared drive utilization rate, shared drive hit rate and roll-back segment utilization rate; DB2 index comprises Process available rate, Buffer Pool (Bufferpool) available rate, Buffer Pool hit rate, table space available rate, table space rate of growth, sequence index (SortsPerTransaction), number of sessions and available sessions quantity.
Middleware index has Weblogic index and Websphere index.Wherein Weblogic index comprises JVM heap free quantity, JVM heap total amount, JVM heap utilization rate, the all execution durations called of Servlet, the single the longest execution duration called of Servlet, Servlet on average performs duration, Servlet performs number of times, JDBC pool max cap., JDBC Pool is flexibly connected the high-water line of number, JDBC Pool waits for the high-water line of linking number, linking number accumulative since JDBC Pool instantiation, JDBC Pool mean activity linking number, JDBC Pool on average connects time delay, the linking number that JDBC Pool leaks, the current capacities of JDBC pool, the failed number that JDBC Pool reconnects, the maximum available linking number of JDBC Pool, the maximum unavailable linking number of JDBCPool, JDBC Pool LEAKED linking number, available linking number in JDBC Pool, unavailable linking number in JDBC POOL, JDBC Pool utilization factor, current sessions number, maximum number of sessions and session occupancy, Websphere index comprises JVM internal memory free quantity, JVM memory amount, JVM memory usage, average session life cycle, the total sessions of current accessed, the total sessions of current survival, JDBC pool max cap., JDBC Pool mean activity linking number, JDBC Pool on average connects time delay, the linking number that JDBC Pool leaks, the current capacities of JDBC pool, the failed number that JDBC Pool reconnects, the maximum available linking number of JDBC Pool, the maximum unavailable linking number of JDBC Pool, JDBC Pool LEAKED linking number, available linking number in JDBC Pool, unavailable linking number in JDBC POOL and JDBC Pool utilization factor.
Operation system index comprise online user number, day login user number, service system running state, operation system Interface status and operation system health run duration.
S02: by the dynamic and static monitor control index generating network fault tree of network topology architecture and equipment, and generate primitive rule storehouse by network failure tree.By the structure of fault tree can be short and sweet each monitor control index of expression and each network equipment between relation.Wherein, the dependent thresholds in primitive rule storehouse is by determining with execution threshold value planning algorithm the machine learning of historical data.
For primitive rule, devise three domain structures of rule, as shown in Figure 2, comprise sequence of rules territory, regular identification field Sum fanction main body territory.
Sequence of rules territory be used for number of times that storage rule runs succeeded in the operational process of reality, perform failed number of times, rule and finally count and rule compositor.The object that sequence of rules territory exists is for the ease of sorting to the priority of rule, improves the recall precision of rule.
Rule identification field is used for identifying the subordinate object of this rule, and such as rule is the exclusive rule of certain network equipment, or rule is subordinated to certain subnet or whole network.The object that rule identification field exists is to identify every rule, when network topology structure changes, the rule of deletion and amendment can be needed by the identification field identification of rule, and the additions and deletions carrying out implementation rule by regenerating corresponding primitive rule to the topological structure of variation part change, intelligence structure adapts to the rule base of the new network architecture.
Regulatory body territory stores the main part of rule, and this is the detailed description to rule.Rule is exactly production rule, refers to a kind of fixed logic structural relation in people's thinking judgement.The structure of general production can be expressed as natural language form, in fact, in natural language expressing, people's widely used various " reason--result ", " condition-conclusion ", " prerequisite-operation ", " true-progress ", structures such as " situation-behaviors ", all can be summed up as the knowledge representation form of production.The citation form of rule: A → B or IF A THENB, A are the prerequisites (former piece) of production, for point out this production whether can condition.B is one group of conclusion or operation (consequent), when the condition for pointing out indicated by the current A of carrying meets, and the operation that the conclusion that should draw maybe should perform.The inference mode of production rule reasoning has forward reasoning, backward inference and bidirection reasoning three kinds.Three kinds of inference modes have corresponding advantage under different situation, consider when rule-based reasoning way selection.
S03: perform association rules mining algorithm to the historical data of infosystem, obtain correlation rule storehouse, correlation rule is generated by association rule mining, and by rule that historical data is checked.
Preferably, the Apriori algorithm based on the improvement of branch's screening and optimizing strategy and database single sweep operation technology is adopted to carry out the excavation of historical data correlation rule.Apriori algorithm is a kind of frequent item set algorithm of Mining Association Rules, and algorithm is divided into two stages: find frequent item set and by frequent item set mining correlation rule.Algorithm principle finds from data centralization the frequent item set meeting minimum support, and then produce correlation rule according to frequent item set.Apriori algorithm is a very classical association rules mining algorithm, but there are two drawbacks, produces a lot of Candidate Set, waste a large amount of counting yield and time, and need Multiple-Scan database, have a strong impact on efficiency of algorithm in the rally of searching frequent episode.For first problem, adopt Hash table and position container to filter Candidate Set, reduce algorithm and producing the consumption on Candidate Set.Because the main consumption of classic algorithm is in the generation of C1, L1, C2, L2, in the generation of C2, filter more branch, greatly can improve efficiency of algorithm.For Second Problem, classic algorithm calculates support at every turn and all needs to scan whole database, and the frequency calculating support in algorithm is very high, and this just needs frequent scan database, causes efficiency of algorithm not high.So by safeguarding that a Boolean matrix carrys out transaction informations all in database of record, only need run-down database just can build Boolean matrix, this Boolean matrix contains all data calculating support and need, just do not need again scan database later, substantially increase efficiency of algorithm.
By the Apriori algorithm improved, can carry out association rule mining to historical data, the result obtained, under the cooperation of threshold value planning algorithm, intelligence can generate correlation rule storehouse.Correlation rule excavates out from historical data, and have passed the inspection of historical data, Reliability ratio is higher, but correlation rule still exists some uncertainties, just must can upgrade to primitive rule by the inspection of service data.
Dependent thresholds in correlation rule storehouse is by determining with execution threshold value planning algorithm the machine learning of historical data.
Primitive rule storehouse and correlation rule storehouse are in the determination of threshold value, utility historical data, analysis meter calculates the alarm threshold of applicable service operation Alerting requirements, improve the alarm self-learning capability for infosystem, optimize alarm logic, dynamic conditioning alarm threshold, accomplishes to reduce volume of event from the source of event, improves the quality of monitoring alarm.
Preferably, the threshold value planning algorithm of certain index is:
Statistical study is carried out to the historical data of index under network normal operational condition, determines its maximal value, minimum value and median, then carry out definite threshold as follows:
In formula, T
ifor threshold value, D
ifor the index maximal value under network normal operational condition, X
ifor the index minimum value under network normal operational condition, M
ifor the maximal value of index Design, Z
ifor the index median under network normal operational condition.
After rule base puts into operation, under network normal operational condition, all effective values of this index can participate in calculating in real time, determine the threshold value of this index in real time.The self-adaptation of threshold value on-the-fly modifies the ability that improve threshold value adaptive system, is conducive to the raising of system performance.
S04: carry out reasoning in conjunction with primitive rule storehouse and correlation rule storehouse and generate extension rule storehouse.
Rule is exactly production rule, refers to a kind of fixed logic structural relation in people's thinking judgement.The citation form of rule: A → B or IF A THEN B, A are the prerequisites (former piece) of production, for point out this production whether can condition.B is one group of conclusion or operation (consequent), when the condition for pointing out indicated by the current A of carrying meets, and the operation that the conclusion that should draw maybe should perform.Use primitive rule and correlation rule directly can generate extension rule by rule-based reasoning.Illustrate to there is rule " A → B ", " B → C " and " A if deposited in primitive rule with correlation rule
d ", by rule-based reasoning, three extension rules " B → C " can be obtained, " D → B " " D → C ".
Extension rule by primitive rule and correlation rule reasoning out, inherently there is uncertainty in the reasoning of rule, so it is minimum for expanding Rules control, have to pass through strict checking (comprising the checking of historical data and the checking of service data), just can upgrade to primitive rule.
On the basis of the constructing technology in research information system operation monitoring alarm rule storehouse, from the type of monitoring, data, source, alarm time, alert mode, the aspects such as performance data are set about, by the analysis to monitoring historical data and relevant daily O&M work order fault type, from infosystem peak hours/period, the different time sections such as idle period are set out, the business hours of combining information system and portfolio, the tide bulge and fall of understanding business, utility historical data, analysis meter calculates the alarm threshold of applicable service operation Alerting requirements, improve the alarm self-learning capability for infosystem, dynamic conditioning alarm threshold, accomplish to reduce volume of event from the source of event, improve the quality of monitoring alarm.
Rule base can be divided into three subregions by us, stores dissimilar rule respectively, and such as a district stores primitive rule storehouse, and 2nd district store correlation rule storehouse, three district's Memory Extension rule bases.Wherein, the retrieval priority of each rule base is: > extension rule storehouse, > correlation rule storehouse, primitive rule storehouse.In the retrieving of rule, first retrieve the primitive rule in a district, if do not find corresponding rule, just the correlation rule in Hui Dui bis-district and the extension rule in 3rd district are retrieved.To the correlation rule in 2nd district and the extension rule in 3rd district by carrying out the automatic adjusting and optimizing of rule to the machine learning of historical data, in addition, dependency rule needs could be retained by the reasonablencess check of historical data, otherwise directly removes this rule.
In addition, in each rule base subregion, the priority of rule can be determined by rule compositor algorithm, the priority that rule is retrieved is determined particular by the final counting index of the rule in sequence of rules territory, the rule precedence retrieval that priority is high, the rule that priority is low postpones retrieval, can improve rule search efficiency like this.Wherein, the formula of the final counting of rule is:
F=R-0.5W
In formula, F is final counting, and R is the number of times that rule runs succeeded in actual moving process, and W is that rule performs failed number of times; If carry out machine learning to the failed scene of execution, to dependency rule through optimizing and solving relevant issues, then the failed number of times W of corresponding execution subtracts one.
By the inspection of historical data and service data, can find out in the strictly all rules of rule base which is rational, which is irrational, and the rationality of rule can be determined by the means of quantitative test, such as can carry out the rationality of quantizing rule by the final counting index in sequence of rules territory in three domain structures of rule.After the analysis on its rationality of rule, can intelligence rule is further processed, such as, some rule through checking, meet system requirements; Some regular rationality is general, needs just can be used through machine learning; The rationality of some rule is poor, may be just directly deleted.
Same, by the machine learning of historical data and service data, can constantly promote regular performance, make it higher with system matches, and provide corresponding performance optimization to adjust suggestion.Such as threshold value is not unalterable, can be carried out the self-adaptation real-time learning of rule, improve regular rationality by system operation data.
In the design of rule base, also allow the flowing of rule in rudimentary region to premium area.Rule is from rudimentary region to the flowing of premium area, and first is need the rational checking of rule, and second is need by machine learning, improves constantly the rationality of rule.In the operational process of reality, dynamically automatic adjusting and optimizing is carried out to rule by real-time service data: by rule compositor algorithm, carry out priority to the rule in rule base one district, 2nd district, 3rd district determine and sort, undertaken upgrading or refreshing by the rule in regular flow algorithm Lai Dui bis-district and 3rd district.
Wherein, the regular flow algorithm in correlation rule storehouse is: in running process, as long as rule is once proved to be correct, directly moves to primitive rule storehouse; If this rule has be proved to be mistake twice, then delete this rule.
The regular flow algorithm in extension rule storehouse is as shown in Figure 3: use historical data to verify strictly all rules,
For success ratio in the rule of 80% ~ 100%, after using historical data to carry out machine learning, directly move to primitive rule storehouse;
For success ratio 60% ~ 80% rule, after using historical data to carry out machine learning, if success ratio is greater than 80%, move to primitive rule storehouse, otherwise continue to stay extension rule storehouse, and accept the machine learning of service data, until its success ratio is greater than 80%;
For success ratio in the rule of 50% ~ 60%, use historical data and service data to carry out machine learning, until its success ratio is greater than 80%, move to primitive rule storehouse, otherwise continue to stay extension rule storehouse;
Success ratio is less than to the rule of 50%, directly deletes.
By carrying out priority adjustment in real time to rule, rule base can be allowed to be in optimum state, improving the accuracy of the recall precision Sum fanction of rule, thus improve system performance.The priority adjustment of rule is extremely important, and conventional rule and the higher rule of rationality ought to retrieved beforehand, and the rule be of little use and the lower rule of rationality can postpone retrieval, can improve the recall precision of rule like this, thus improve system performance.
In addition, can also carry out certain operations by manual type, such as system operation maintenance personnel can directly increase and deletion rule, and modifies to well-regulated association attributes.
The invention has the beneficial effects as follows:
One, the compartmentalization structure of rule base: the rule base of the inventive method design has three subregions, and store primitive rule, correlation rule and extension rule respectively, wherein the priority of primitive rule is the highest, and correlation rule takes second place, and the priority of extension rule is minimum.By the subregion of rule base, the priority orders of the priority management determination rule search of rule can be passed through, and low area rule can be upgraded by continuous real-time machine study, implementation rule flowing from low to high.
Two, three domain structures of rule: three domain structures of rule comprise sequence of rules territory, regular identification field Sum fanction main body territory: the prioritization of sequence of rules territory means implementation rule by quantifying; Rule identification field is used for identifying the subordinate object of this rule, so that rule base self-adaptative adjustment when network topology architecture changes; Regulatory body territory stores the main part of rule, and this is the detailed description to rule.
Three, real-time adaptive threshold adjustment: system utility historical data and service data, analysis meter calculates the alarm threshold of applicable service operation Alerting requirements, improve the alarm self-learning capability for infosystem, adopt threshold value planning algorithm dynamic conditioning alarm threshold, accomplish to reduce volume of event from the source of event, improve the quality of monitoring alarm.
Four, the robotization analysis on its rationality of newly-increased rule warehouse-in: newly-increased rule can be generated automatically by system, also can manually add.For newly-increased rule, adopt historical data and real-time running data to carry out rationalization to rule and analyze, determine the availability of rule.
Five, the automatic adjusting and optimizing of rule: by real-time executing rule sort algorithm Sum fanction flow algorithms, carry out priority to rule to determine and the refreshing of priority or upgrading, guarantee that rule base is in optimum state, improve the accuracy of the recall precision Sum fanction of rule, thus improve system performance.
The present invention realizes infosystem operation rule storehouse dynamic construction and optimization, can be applicable to company information O&M comprehensive supervision platform, make the foundation of monitoring alarm rule easier with maintenance, rule matching efficiency is higher, thus adapt to rapidly the various changes in infosystem object, running environment, running state data source, meet extensive INFORMATION SYSTEM PRECEPTS collection matching treatment requirement of real-time simultaneously, greatly improve the practicality of algorithm, promote information system monitoring warning, safety management, behavior auditing and conjunction rule management quality.
These are only the preferred embodiments of the present invention; not thereby the scope of the claims of the present invention is limited; every utilize instructions of the present invention and accompanying drawing content to do equivalent structure or equivalent flow process conversion; or be directly or indirectly used in the technical field that other are relevant, be all in like manner included in scope of patent protection of the present invention.
Claims (10)
1., based on the building method in the infosystem operation rule storehouse of association rule mining, it is characterized in that, comprise the steps:
S01: obtain the network topology architecture of infosystem and the dynamic monitoring index of all devices and static monitor control index;
S02: by the dynamic and static monitor control index generating network fault tree of network topology architecture and equipment, and generate primitive rule storehouse by network failure tree;
S03: association rules mining algorithm is performed to the historical data of infosystem, obtains correlation rule storehouse;
S04: carry out reasoning in conjunction with primitive rule storehouse and correlation rule storehouse and generate extension rule storehouse;
Wherein, the retrieval priority of each rule base is: > extension rule storehouse, > correlation rule storehouse, primitive rule storehouse.
2. the building method in a kind of infosystem operation rule storehouse based on association rule mining according to claim 1, it is characterized in that, each rule in primitive rule storehouse is three domain structures, namely comprise, sequence of rules territory: the number of times that rule runs succeeded in the operational process of reality, perform failed number of times, the final counting of rule and rule compositor;
Rule identification field: the subordinate object being used for identifying this rule;
Regulatory body territory: for the detailed description to rule.
3. the building method in a kind of infosystem operation rule storehouse based on association rule mining according to claim 1, it is characterized in that, the dependent thresholds in primitive rule storehouse and correlation rule storehouse is by the machine learning of historical data with perform threshold value planning algorithm and determine.
4. the building method in a kind of infosystem operation rule storehouse based on association rule mining according to claim 3, it is characterized in that, described threshold value planning algorithm is:
Statistical study is carried out to the historical data of index under network normal operational condition, determines its maximal value, minimum value and median, then carry out definite threshold as follows:
In formula, T
ifor threshold value, D
ifor the index maximal value under network normal operational condition, X
ifor the index minimum value under network normal operational condition, M
ifor the maximal value of index Design, Z
ifor the index median under network normal operational condition.
5. the building method in a kind of infosystem operation rule storehouse based on association rule mining according to claim 1, is characterized in that, system real-time executing rule sort algorithm Sum fanction flow algorithms is carried out priority determination Sum fanction to rule and refreshed.
6. the building method in a kind of infosystem operation rule storehouse based on association rule mining according to claim 5, it is characterized in that, in each rule base, the priority that rule is retrieved is determined by the final counting index of the rule in sequence of rules territory, wherein, the formula of the final counting of rule is:
F=R-0.5W
In formula, F is final counting, and R is the number of times that rule runs succeeded in actual moving process, and W is that rule performs failed number of times; If carry out machine learning to the failed scene of execution, to dependency rule through optimizing and solving relevant issues, then the failed number of times W of corresponding execution subtracts one.
7. the building method in a kind of infosystem operation rule storehouse based on association rule mining according to claim 5, it is characterized in that, the regular flow algorithm in correlation rule storehouse is:
In running process, as long as rule is once proved to be correct, directly move to primitive rule storehouse; If this rule has be proved to be mistake twice, then delete this rule.
8. the building method in a kind of infosystem operation rule storehouse based on association rule mining according to claim 5, it is characterized in that, the regular flow algorithm in extension rule storehouse is:
Use historical data to verify strictly all rules, for success ratio in the rule of 80% ~ 100%, after using historical data to carry out machine learning, directly move to primitive rule storehouse; For success ratio 60% ~ 80% rule, after using historical data to carry out machine learning, if success ratio is greater than 80%, move to primitive rule storehouse, otherwise continue to stay extension rule storehouse, and accept the machine learning of service data, until its success ratio is greater than 80%; For success ratio in the rule of 50% ~ 60%, use historical data and service data to carry out machine learning, until its success ratio is greater than 80%, move to primitive rule storehouse, otherwise continue to stay extension rule storehouse; Success ratio is less than to the rule of 50%, directly deletes.
9. the building method in a kind of infosystem operation rule storehouse based on association rule mining according to claim 1, it is characterized in that, in step S03, the Apriori algorithm based on the improvement of branch's screening and optimizing strategy and database single sweep operation technology is adopted to carry out the excavation of historical data correlation rule; Wherein, the Apriori algorithm of described improvement adopts Hash table and position container to filter Candidate Set, reduces algorithm and is producing the consumption on Candidate Set, and by safeguarding that a Boolean matrix carrys out transaction informations all in database of record.
10. the building method in a kind of infosystem operation rule storehouse based on association rule mining according to claim 1, it is characterized in that, system operation maintenance personnel can directly increase and deletion rule, and modifies to well-regulated association attributes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410708182.8A CN104376365B (en) | 2014-11-28 | 2014-11-28 | A kind of building method in the information system operation rule storehouse based on association rule mining |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410708182.8A CN104376365B (en) | 2014-11-28 | 2014-11-28 | A kind of building method in the information system operation rule storehouse based on association rule mining |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104376365A true CN104376365A (en) | 2015-02-25 |
| CN104376365B CN104376365B (en) | 2018-01-09 |
Family
ID=52555261
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410708182.8A Active CN104376365B (en) | 2014-11-28 | 2014-11-28 | A kind of building method in the information system operation rule storehouse based on association rule mining |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104376365B (en) |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105263147A (en) * | 2015-11-25 | 2016-01-20 | 中国联合网络通信集团有限公司 | Base station regulation method and equipment |
| CN105608135A (en) * | 2015-12-18 | 2016-05-25 | Tcl集团股份有限公司 | Data mining method and system based on Apriori algorithm |
| CN105930457A (en) * | 2016-04-21 | 2016-09-07 | 南开大学 | Distributed architecture-based data flow frequent item mining method |
| CN106127879A (en) * | 2016-06-24 | 2016-11-16 | 都城绿色能源有限公司 | Intelligent movable patrolling and checking management system and method for inspecting for generation of electricity by new energy equipment |
| CN106209893A (en) * | 2016-07-27 | 2016-12-07 | 中国人民解放军信息工程大学 | The inside threat detecting system excavated based on business process model and detection method thereof |
| CN106200615A (en) * | 2016-07-15 | 2016-12-07 | 国电南瑞科技股份有限公司 | A kind of intelligent track-traffic early warning system based on incidence relation and implementation method |
| CN106502857A (en) * | 2015-09-07 | 2017-03-15 | 上海隆通网络系统有限公司 | A kind of intellectual analysis interference method and system in IT operation management system |
| CN106897807A (en) * | 2015-12-18 | 2017-06-27 | 阿里巴巴集团控股有限公司 | A kind of business risk control method and equipment |
| CN106991141A (en) * | 2017-03-21 | 2017-07-28 | 北京邮电大学 | A kind of association rule mining method based on depth pruning strategy |
| CN107094096A (en) * | 2017-04-19 | 2017-08-25 | 北京云端智度科技有限公司 | A kind of adaptive CDN business diagnosis monitoring systems |
| CN108549653A (en) * | 2018-03-08 | 2018-09-18 | 金数信息科技(苏州)有限公司 | Sequence plot association rule mining method based on block chain Dynamic Programming |
| CN108696369A (en) * | 2017-04-06 | 2018-10-23 | 华为技术有限公司 | A kind of warning information processing equipment and method |
| CN109032872A (en) * | 2018-08-13 | 2018-12-18 | 广州供电局有限公司 | Equipment fault diagnosis method and system based on bayesian network |
| CN109697455A (en) * | 2018-11-14 | 2019-04-30 | 清华大学 | The method for diagnosing faults and device of distribution switchgear |
| CN110222028A (en) * | 2019-04-30 | 2019-09-10 | 重庆小雨点小额贷款有限公司 | A kind of data managing method, device, equipment and storage medium |
| CN111563647A (en) * | 2020-03-26 | 2020-08-21 | 国网福建省电力有限公司信息通信分公司 | Power information system detection method and system based on association rule and DEA |
| CN113259148A (en) * | 2020-12-31 | 2021-08-13 | 中兴通讯股份有限公司 | Alarm correlation detection method, system, network and medium based on federal learning |
| CN113448763A (en) * | 2021-07-16 | 2021-09-28 | 广东电网有限责任公司 | Dynamic expansion grouping alarm service method for full life cycle management |
| CN116881338A (en) * | 2023-09-07 | 2023-10-13 | 北京傲星科技有限公司 | Data mining method and related equipment for data stream based on large model |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101093559A (en) * | 2007-06-12 | 2007-12-26 | 北京科技大学 | Method for constructing expert system based on knowledge discovery |
| CN102638100A (en) * | 2012-04-05 | 2012-08-15 | 华北电力大学 | District power network equipment abnormal alarm signal association analysis and diagnosis method |
| US20130204657A1 (en) * | 2012-02-03 | 2013-08-08 | Microsoft Corporation | Filtering redundant consumer transaction rules |
| CN103425776A (en) * | 2013-08-15 | 2013-12-04 | 电子科技大学 | Multi-user repository cooperation method |
-
2014
- 2014-11-28 CN CN201410708182.8A patent/CN104376365B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101093559A (en) * | 2007-06-12 | 2007-12-26 | 北京科技大学 | Method for constructing expert system based on knowledge discovery |
| US20130204657A1 (en) * | 2012-02-03 | 2013-08-08 | Microsoft Corporation | Filtering redundant consumer transaction rules |
| CN102638100A (en) * | 2012-04-05 | 2012-08-15 | 华北电力大学 | District power network equipment abnormal alarm signal association analysis and diagnosis method |
| CN103425776A (en) * | 2013-08-15 | 2013-12-04 | 电子科技大学 | Multi-user repository cooperation method |
Cited By (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106502857A (en) * | 2015-09-07 | 2017-03-15 | 上海隆通网络系统有限公司 | A kind of intellectual analysis interference method and system in IT operation management system |
| CN105263147A (en) * | 2015-11-25 | 2016-01-20 | 中国联合网络通信集团有限公司 | Base station regulation method and equipment |
| CN105608135A (en) * | 2015-12-18 | 2016-05-25 | Tcl集团股份有限公司 | Data mining method and system based on Apriori algorithm |
| CN105608135B (en) * | 2015-12-18 | 2020-03-31 | Tcl集团股份有限公司 | Data mining method and system based on Apriori algorithm |
| CN106897807A (en) * | 2015-12-18 | 2017-06-27 | 阿里巴巴集团控股有限公司 | A kind of business risk control method and equipment |
| CN105930457A (en) * | 2016-04-21 | 2016-09-07 | 南开大学 | Distributed architecture-based data flow frequent item mining method |
| CN106127879A (en) * | 2016-06-24 | 2016-11-16 | 都城绿色能源有限公司 | Intelligent movable patrolling and checking management system and method for inspecting for generation of electricity by new energy equipment |
| CN106200615A (en) * | 2016-07-15 | 2016-12-07 | 国电南瑞科技股份有限公司 | A kind of intelligent track-traffic early warning system based on incidence relation and implementation method |
| CN106200615B (en) * | 2016-07-15 | 2018-06-19 | 国电南瑞科技股份有限公司 | A kind of intelligent track-traffic early warning implementation method based on incidence relation |
| CN106209893A (en) * | 2016-07-27 | 2016-12-07 | 中国人民解放军信息工程大学 | The inside threat detecting system excavated based on business process model and detection method thereof |
| CN106209893B (en) * | 2016-07-27 | 2019-03-19 | 中国人民解放军信息工程大学 | The inside threat detection system and its detection method excavated based on business process model |
| CN106991141A (en) * | 2017-03-21 | 2017-07-28 | 北京邮电大学 | A kind of association rule mining method based on depth pruning strategy |
| CN106991141B (en) * | 2017-03-21 | 2020-12-11 | 北京邮电大学 | Association rule mining method based on deep pruning strategy |
| CN108696369A (en) * | 2017-04-06 | 2018-10-23 | 华为技术有限公司 | A kind of warning information processing equipment and method |
| CN107094096A (en) * | 2017-04-19 | 2017-08-25 | 北京云端智度科技有限公司 | A kind of adaptive CDN business diagnosis monitoring systems |
| CN108549653A (en) * | 2018-03-08 | 2018-09-18 | 金数信息科技(苏州)有限公司 | Sequence plot association rule mining method based on block chain Dynamic Programming |
| CN109032872A (en) * | 2018-08-13 | 2018-12-18 | 广州供电局有限公司 | Equipment fault diagnosis method and system based on bayesian network |
| CN109032872B (en) * | 2018-08-13 | 2021-08-10 | 广东电网有限责任公司广州供电局 | Bayesian network-based equipment fault diagnosis method and system |
| CN109697455A (en) * | 2018-11-14 | 2019-04-30 | 清华大学 | The method for diagnosing faults and device of distribution switchgear |
| CN110222028A (en) * | 2019-04-30 | 2019-09-10 | 重庆小雨点小额贷款有限公司 | A kind of data managing method, device, equipment and storage medium |
| CN111563647A (en) * | 2020-03-26 | 2020-08-21 | 国网福建省电力有限公司信息通信分公司 | Power information system detection method and system based on association rule and DEA |
| CN113259148A (en) * | 2020-12-31 | 2021-08-13 | 中兴通讯股份有限公司 | Alarm correlation detection method, system, network and medium based on federal learning |
| CN113448763A (en) * | 2021-07-16 | 2021-09-28 | 广东电网有限责任公司 | Dynamic expansion grouping alarm service method for full life cycle management |
| CN113448763B (en) * | 2021-07-16 | 2022-07-26 | 广东电网有限责任公司 | Dynamic expansion grouping alarm service method for full life cycle management |
| CN116881338A (en) * | 2023-09-07 | 2023-10-13 | 北京傲星科技有限公司 | Data mining method and related equipment for data stream based on large model |
| CN116881338B (en) * | 2023-09-07 | 2024-01-26 | 北京傲星科技有限公司 | Data mining method and related equipment for data stream based on large model |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104376365B (en) | 2018-01-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104376365A (en) | Method for constructing information system running rule libraries on basis of association rule mining | |
| CN105608758B (en) | A kind of big data analysis platform device and method calculated based on algorithm configuration and distributed stream | |
| WO2021057576A1 (en) | Method for constructing cloud network alarm root cause relational tree model, device, and storage medium | |
| CN105427193B (en) | A kind of big data analysis device and method based on distributed time series data service | |
| CN105608144B (en) | A kind of big data analysis stage apparatus and method based on multilayered model iteration | |
| US20210192389A1 (en) | Method for ai optimization data governance | |
| CN103631922B (en) | Extensive Web information extracting method and system based on Hadoop clusters | |
| CN105069025A (en) | Intelligent aggregation visualization and management control system for big data | |
| CN103970851A (en) | Method for directly issuing large enterprise group head office financial statement according to mass of voucher data | |
| CN102624865A (en) | Cluster load prediction method and distributed cluster management system | |
| CN107450429A (en) | A kind of remote monitoring system | |
| CN108038666A (en) | A kind of company information acquisition system based on internet | |
| CN112381407A (en) | Credit weighting double-random supervision method based on random algorithm | |
| CN103617447A (en) | Evaluation system and method for intelligent substation | |
| CN105956816A (en) | Cargo transportation information intelligent processing method | |
| CN106445788A (en) | Method and device for predicting operating state of information system | |
| CN106649034B (en) | Visual intelligent operation and maintenance method and platform | |
| CN105847358A (en) | Method for realizing big data node distribution in cloud computing environment and system thereof | |
| CN116029491B (en) | Power dispatching management system and control method thereof | |
| CN111861397A (en) | Intelligent scheduling platform for client visit | |
| CN114757448B (en) | Manufacturing inter-link optimal value chain construction method based on data space model | |
| CN106713051A (en) | Network management system | |
| CN116095084B (en) | Smart grid data storage method and system based on blockchain | |
| CN113268503B (en) | Information aggregation method, storage medium, and computer device | |
| CN117555888A (en) | Terminal historical data maintenance method based on AP clustering algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Co-patentee after: NARI Group Corp. Patentee after: State Grid Corporation of China Co-patentee after: NARI INFORMATION AND COMMUNICATION TECHNOLOGY Co. Co-patentee after: JIANGSU ELECTRIC POWER Co. Co-patentee after: INFORMATION & TELECOMMUNICATION BRANCH OF STATE GRID JIANGSU ELECTRIC POWER Co. Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Co-patentee before: NARI Group CORPORATION STATE GRID ELECTRIC POWER INSTITUTE Patentee before: State Grid Corporation of China Co-patentee before: NARI INFORMATION AND COMMUNICATION TECHNOLOGY Co. Co-patentee before: JIANGSU ELECTRIC POWER Co. Co-patentee before: INFORMATION & TELECOMMUNICATION BRANCH OF STATE GRID JIANGSU ELECTRIC POWER Co. |
|
| CP01 | Change in the name or title of a patent holder |