CN104376365B - A kind of building method in the information system operation rule storehouse based on association rule mining - Google Patents
A kind of building method in the information system operation rule storehouse based on association rule mining Download PDFInfo
- Publication number
- CN104376365B CN104376365B CN201410708182.8A CN201410708182A CN104376365B CN 104376365 B CN104376365 B CN 104376365B CN 201410708182 A CN201410708182 A CN 201410708182A CN 104376365 B CN104376365 B CN 104376365B
- Authority
- CN
- China
- Prior art keywords
- rule
- storehouse
- rule storehouse
- msub
- information system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 23
- 238000005065 mining Methods 0.000 title claims abstract description 22
- 238000010801 machine learning Methods 0.000 claims abstract description 24
- 230000003068 static effect Effects 0.000 claims abstract description 9
- 238000005516 engineering process Methods 0.000 claims abstract description 7
- 230000001105 regulatory effect Effects 0.000 claims description 10
- 238000012423 maintenance Methods 0.000 claims description 6
- 238000013461 design Methods 0.000 claims description 5
- 230000008569 process Effects 0.000 claims description 5
- 239000011159 matrix material Substances 0.000 claims description 4
- 230000001419 dependent effect Effects 0.000 claims description 3
- 238000009412 basement excavation Methods 0.000 claims description 2
- 238000012217 deletion Methods 0.000 claims description 2
- 230000037430 deletion Effects 0.000 claims description 2
- 238000012216 screening Methods 0.000 claims description 2
- 238000007619 statistical method Methods 0.000 claims description 2
- 235000013399 edible fruits Nutrition 0.000 claims 1
- 238000012163 sequencing technique Methods 0.000 abstract description 2
- 238000012544 monitoring process Methods 0.000 description 19
- 238000004458 analytical method Methods 0.000 description 10
- 238000004519 manufacturing process Methods 0.000 description 9
- 238000007726 management method Methods 0.000 description 8
- 238000003860 storage Methods 0.000 description 8
- 238000010276 construction Methods 0.000 description 7
- 230000015654 memory Effects 0.000 description 7
- 230000003044 adaptive effect Effects 0.000 description 6
- 230000006870 function Effects 0.000 description 6
- 238000005457 optimization Methods 0.000 description 6
- 230000009897 systematic effect Effects 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 3
- 239000000872 buffer Substances 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000007689 inspection Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000015572 biosynthetic process Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000036541 health Effects 0.000 description 2
- 238000013139 quantization Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000003786 synthesis reaction Methods 0.000 description 2
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000003139 buffering effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 206010016256 fatigue Diseases 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000004445 quantitative analysis Methods 0.000 description 1
- 230000001172 regenerating effect Effects 0.000 description 1
- 238000007711 solidification Methods 0.000 description 1
- 230000008023 solidification Effects 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of building method in the information system operation rule storehouse based on association rule mining, it is characterised in that comprises the following steps:S01:Obtain the network topology architecture of information system and dynamic monitor control index and the static monitor control index of all devices;S02:Network failure tree is generated by network topology architecture and the dynamic and static monitor control index of equipment, and primitive rule storehouse is generated by network failure tree;S03:Association rules mining algorithm is performed to the historical data of information system, obtains correlation rule storehouse;S04:Generation extension rule storehouse is made inferences with reference to primitive rule storehouse and correlation rule storehouse;Wherein, the retrieval priority of each rule base is:Primitive rule storehouse>Correlation rule storehouse>Extension rule storehouse.Using fault-tree technology and Association Rule Mining intelligently to generate information system operation rule storehouse, and rule is optimized using machine learning techniques.Further, three domain structures of rule are devised, realize the auto-sequencing and adjust automatically of rule.
Description
Technical field
The present invention relates to a kind of building method in the information system operation rule storehouse based on association rule mining.
Background technology
To ensure information system security, stably, effectively running, it is " comprehensive that State Grid Corporation of China started covering in 2008
The construction of the information O&M comprehensive monitoring system (hereinafter referred to as " IMS ") of webmaster, desktop management, safety management, O&M service ",
System whole-network was completed in 2011 to promote, and was completed in 2012 with " in in-depth collection, equipment control, single two tickets, alarm
Six big module of the heart, exhibition centre, green computer room " is the strengthened research building-up work of the IMS systems of core, covers net comprehensively
The reality of the IT such as network, the network equipment, main frame, database, middleware, desktop terminal, safety means infrastructure devices and operation system
When monitor, for the whole network information system operation maintenance work provide technical support means.
But in terms of operation monitoring rules setting is with judgement, also there is following deficiency:
First, IT infrastructure and the monitoring of the runnability of operation system still need operation maintenance personnel according to history O&M experience
Monitoring threshold rule is set with major field knowledge, it is impossible to adaptive IT infrastructure and the moving law of operation system,
The monitoring threshold rule of solidification does not meet practical operation situation in some periods, easily produces wrong report, fails to report;
2nd, the operation monitoring rules of setting can not carry out rational judgement, can not verify the operation monitoring rules of setting
Whether the practical operation situation of IT infrastructure and operation system is bonded;
3rd, monitoring rules are run and is configured without self-learning function, it is impossible to according to going through for IT infrastructure and operation system
History running situation voluntarily adjusting and optimizing.
The content of the invention
In view of the above-mentioned problems, the present invention provides a kind of construction in the information system operation rule storehouse based on association rule mining
Method, information system operation rule storehouse is intelligently generated using fault-tree technology and Association Rule Mining, and use machine
Learning art optimizes to rule.Further, devise rule three domain structures, realize rule auto-sequencing and
Adjust automatically.
To realize above-mentioned technical purpose and the technique effect, the present invention is achieved through the following technical solutions:
A kind of building method in the information system operation rule storehouse based on association rule mining, it is characterised in that including such as
Lower step:
S01:Obtain the network topology architecture of information system and dynamic monitor control index and the static monitor control index of all devices;
S02:Network failure tree is generated by network topology architecture and the dynamic and static monitor control index of equipment, and passes through network
Fault tree generation primitive rule storehouse;
S03:Association rules mining algorithm is performed to the historical data of information system, obtains correlation rule storehouse;
S04:Generation extension rule storehouse is made inferences with reference to primitive rule storehouse and correlation rule storehouse;
Wherein, the retrieval priority of each rule base is:Primitive rule storehouse>Correlation rule storehouse>Extension rule storehouse.
It is preferred that each rule in primitive rule storehouse is three domain structures, that is, include,
Sequence of rules domain:The number that rule runs succeeded in the running of reality, the number of failure is performed, rule is most
Counting and rule compositor eventually;
Regular identification field:For identifying the regular subordinate object;
Regulatory body domain:For the detailed description to rule.
It is preferred that the real-time executing rule sort algorithm of system and regular flow algorithm carry out priority determination and rule to rule
Refresh.
Wherein, in each rule base, determine that rule is tested by the final counting index of rule in sequence of rules domain
The priority of rope, wherein, the formula that rule finally counts is:
F=R-0.5W
In formula, F counts to be final, and R is the number that rule runs succeeded in actual moving process, and W performs mistake for rule
The number lost;If carrying out machine learning to the scene for performing failure, to dependency rule by optimizing and solving relevant issues, then
The corresponding number W for performing failure subtracts one.
It is preferred that the regular flow algorithm in correlation rule storehouse is:During running, if rule once by
It is proved to be correct, moves directly to primitive rule storehouse;If the rule has is proved to mistake twice, the rule is deleted.
It is preferred that the regular flow algorithm in extension rule storehouse is:Usage history data verify strictly all rules,
For rule of the success rate 80%~100%, usage history data move directly to base after carrying out machine learning
This rule storehouse;
For rule of the success rate 60%~80%, after usage history data carry out machine learning, if success rate is big
Primitive rule storehouse is moved in 80%, otherwise continues to stay in extension rule storehouse, and receives the machine learning of service data, until
Its success rate is more than 80%;
For rule of the success rate 50%~60%, usage history data and service data carry out machine learning, until
Its success rate is more than 80%, is moved to primitive rule storehouse, otherwise continues to stay in extension rule storehouse;
It is less than 50% rule for success rate, directly deletes.
The present invention realizes information system operation rule storehouse dynamic construction and optimization, can be applied to company information O&M synthesis prison
Pipe platform, the foundation of monitoring alarm rule is set to be easier with maintenance, rule matching efficiency is higher, so as to adapt to information system rapidly
Object, running environment, the various change in running state data source, while meet that extensive INFORMATION SYSTEM PRECEPTS collection matching treatment is real
The requirement of when property, greatly improve the practicality of algorithm, the alarm of lifting information system monitoring, safety management, behavior auditing and conjunction
Advise management quality.
The beneficial effects of the invention are as follows:
First, the compartmentalization construction of rule base:The rule base of the inventive method design shares three subregions, and storage is basic respectively
Rule, the highest priority of correlation rule and extension rule, wherein primitive rule, correlation rule take second place, extension rule it is preferential
Level is minimum.By the subregion of rule base, the priority orders of rule search can be determined by the priority management of rule, and
Low area rule can learn to be upgraded by continuous real-time machine, the flowing of implementation rule from low to high.
2nd, three regular domain structures:Three domain structures of rule include sequence of rules domain, regular identification field and regulatory body
Domain:The priority ranking for the means implementation rule that sequence of rules domain passes through quantization;Regular identification field be used for identify the rule from
Belong to object, rule base when changing in order to network topology architecture adaptively adjusts;Regulatory body domain stores the main body of rule
Part, this is the detailed description to rule.
3rd, real-time adaptive threshold adjustment:System utility historical data and service data, analysis calculate suitable
The alarm threshold of service operation Alerting requirements, the alarm self-learning capability for information system is improved, using threshold value planning algorithm
Dynamic adjustment alarm threshold, accomplishes to reduce volume of event from the source of event, improves the quality of monitoring alarm.
4th, the automation analysis on its rationality of rule storage is increased newly:Newly-increased rule can be automatically generated by system, can also people
Work is added.For newly-increased rule, rationalization analysis is carried out to rule using historical data and real-time running data, it is determined that rule
Availability.
5th, regular adjust automatically optimization:By real-time executing rule sort algorithm and regular flow algorithm, to rule
Carry out priority determination and the refreshing or upgrading of priority, it is ensured that rule base is in optimum state, improves the recall precision of rule
With rule accuracy, so as to improve systematic function.
Brief description of the drawings
Fig. 1 is a kind of flow of the building method in the information system operation rule storehouse based on association rule mining of the present invention
Figure;
Fig. 2 is the three regular domain structure figures in primitive rule storehouse of the present invention;
Fig. 3 is the area's extension rule flow algorithms flow chart of rule base three of the present invention.
Embodiment
Technical solution of the present invention is described in further detail with specific embodiment below in conjunction with the accompanying drawings, so that ability
The technical staff in domain can be better understood from the present invention and can be practiced, but illustrated embodiment is not as the limit to the present invention
It is fixed.
A kind of building method in the information system operation rule storehouse based on association rule mining, as shown in figure 1, including as follows
Step:
S01:Obtain the network topology architecture of information system and dynamic monitor control index and the static monitor control index of all devices.
Network topology architecture is obtained by Topology Discovery technology first, then to each network equipment in topological structure,
Corresponding dynamic monitor control index and static monitor control index are gathered, including network index, safety index, main frame index, database refer to
Mark, middleware index and the major class of operation system index six.
Network index, which includes chain-circuit time delay, network equipment health operation duration, network device state, network equipment CPU, to be made
With rate, network equipment memory usage, receive packet loss, transmission packet loss, reception Packet Error Rate, transmission Packet Error Rate, interface
Flow, interface transmitted traffic, interface total flow and interface broad band availability;Safety index includes security incident, safety means
State (CPU, internal memory etc.) and compliance;Main frame index, which includes Host Status, healthy operation duration, CPU usage, internal memory, to be made
With rate, disk space utilization rate, critical processes number and host configuration information.
Database index has SqlServer indexs, Oracle indexs and DB2 indexs.Wherein SqlServer indexs include
SGA hit rate, available cache memory size, the hit rate of dictionary buffer, the hit rate of shared cache area, Redo log buffers area
Hit rate, number of sessions, available sessions quantity, transaction response time, table space availability, table space growth rate and MTS
Energy;Oracle indexs include number of sessions, available sessions quantity, transaction response time, table space availability, table space growth
Rate, shared drive utilization rate, shared drive hit rate and roll-back segment utilization rate;DB2 indexs include Process availabilitys, buffering
Pond (Bufferpool) availability, buffer pool hit rate, table space availability, table space growth rate, sequence index
(SortsPerTransaction), number of sessions and available sessions quantity.
Middleware index has Weblogic indexs and Websphere indexs.Wherein Weblogic indexs include JVM heaps
Free quantity, JVM heaps total amount, JVM heaps utilization rate, the single tune of execution duration, Servlet of all calling of Servlet
Most long execution duration, Servlet averagely performs duration, Servlet performs number, JDBC pool maximum capacities, JDBC
Pool has tired out since being flexibly connected the high-water line of the numbers to be connected such as the high-water line of number, JDBC Pool, JDBC Pool instantiations
Connection number, JDBC Pool mean activities connection number, the JDBC Pool of meter averagely connect time delay, the connection of JDBC Pool leakages
Number, the failure number of JDBC pool current capacities, JDBC Pool reconnect, JDBC Pool maximums can use connection number, JDBC
The maximum unavailable connection numbers of Pool, JDBC Pool LEAKED connections number, the available connection number in JDBC Pool, JDBC POOL
In unavailable connection number, JDBC Pool utilization rates, current sessions number, maximum number of sessions and session occupancy;
Websphere indexs include JVM internal memories free quantity, JVM memory amounts, JVM memory usages, average session life cycle, current
The total sessions of access, the total sessions currently survived, JDBC pool maximum capacities, JDBC Pool mean activities connection number,
JDBC Pool averagely connect time delay, the connection number of JDBC Pool leakages, JDBC pool current capacities, JDBC Pool again
The failure number of connection, JDBC Pool maximums can use the maximum unavailable connection number of connection number, JDBC Pool, JDBC Pool
Unavailable connection number and JDBC Pool profit in available connection number, JDBC POOL in LEAKED connections number, JDBC Pool
With rate.
Operation system index includes online user number, day login user number, service system running state, operation system interface
State and operation system health operation duration.
S02:Network failure tree is generated by network topology architecture and the dynamic and static monitor control index of equipment, and passes through network
Fault tree generation primitive rule storehouse.Each monitor control index and each net can be represented with concise by the structure of fault tree
Relation between network equipment.Wherein, the dependent thresholds in primitive rule storehouse by the machine learning to historical data and perform threshold
Value planning algorithm determines.
For primitive rule, three regular domain structures are devised, as shown in Fig. 2 including sequence of rules domain, regular identification field
With regulatory body domain.
Sequence of rules domain is used for number, time of execution failure that storage rule runs succeeded in the running of reality
The final counting of number, rule and rule compositor.Purpose existing for sequence of rules domain is for the ease of arranging the priority of rule
Sequence, improve the recall precision of rule.
Regular identification field is used for identifying the regular subordinate object, such as rule is the exclusive rule of some network equipment,
Or rule is subordinated to some subnet or whole network.Purpose existing for regular identification field is to enter rower to every rule
Know, when network topology structure changes, the rule deleted and changed can be needed by the identification field identification of rule,
And changed by regenerating corresponding primitive rule to the topological structure for changing part come the additions and deletions of implementation rule, intelligence construction
Adapt to the rule base of the new network architecture.
Regulatory body domain stores the main part of rule, and this is the detailed description to rule.Rule is exactly production rule
Then, a kind of fixed logic structural relation in people's thinking judgement is referred to.The structure of general production is represented by natural language
Form, in fact, in natural language expressing, people are widely used various " reasons-- result ", and " condition-conclusion " is " preceding
Carry-operate ", " fact-progress ", the structure such as " situation-behavior ", it can all be attributed to the knowledge representation form of production.Rule
Citation form:A → B or IF A THENB, A are the premises (former piece) of production, for pointing out whether the production can use
Condition.B is one group of conclusion or operation (consequent), for pointing out when the condition indicated by premise A meets, it should the knot drawn
By or the operation that should perform.The inference mode of production rule reasoning has three kinds of forward reasoning, backward inference and bidirection reasoning.
Three kinds of inference modes have corresponding advantage under different situations, consider when rule-based reasoning mode selects.
S03:Association rules mining algorithm is performed to the historical data of information system, obtains correlation rule storehouse, correlation rule
It is to be generated by association rule mining, and the rule examined by historical data.
It is preferred that using the improved Apriori algorithm based on branch's screening and optimizing strategy and database single sweep operation technology
To carry out the excavation of historical data correlation rule.Apriori algorithm is a kind of frequent item set algorithm of Mining Association Rules, algorithm
It is divided into two stages:Find frequent item set and by frequent item set mining correlation rule.Algorithm principle is found completely from data set
The frequent item set of sufficient minimum support, and then correlation rule is produced according to frequent item set.Apriori algorithm is one very classical
Association rules mining algorithm, but two drawbacks be present, many Candidate Sets can be produced finding frequent item set, waste a large amount of calculate
Efficiency and time, and Multiple-Scan database is needed, have a strong impact on efficiency of algorithm.For first problem, using Hash table and
Position container filters to Candidate Set, reduces consumption of the algorithm on Candidate Set is produced.Because the main consumption of classic algorithm exists
In C1, L1, C2, L2 generation, more branches are filtered in C2 generation, efficiency of algorithm can be greatly improved.For second
Individual problem, classic algorithm calculates support and is both needed to scan whole database every time, and calculates the frequency of support very in algorithm
Height, this just needs frequent scan database, causes efficiency of algorithm not high.So by safeguarding a Boolean matrix come record data
All transaction informations in storehouse, only need run-down database can to build Boolean matrix, and this Boolean matrix contains meter
All data that support needs are calculated, scan database again is avoided the need for later, substantially increases efficiency of algorithm.
By improved Apriori algorithm, rule digging can be associated to historical data, obtained result is in threshold value
Under the cooperation of planning algorithm, correlation rule storehouse can be intelligently generated.Correlation rule is excavated from historical data, is passed through
The inspection of historical data, Reliability ratio is higher, but to still suffer from some uncertain for correlation rule, it is necessary to passes through service data
Inspection can just upgrade to primitive rule.
Dependent thresholds in correlation rule storehouse by the machine learning to historical data and perform threshold value planning algorithm come really
It is fixed.
Primitive rule storehouse and correlation rule storehouse are in the determination of threshold value, utility historical data, and analysis calculates suitable
The alarm threshold of service operation Alerting requirements, improve the alarm self-learning capability for information system, optimization alarm logic, dynamic
Alarm threshold is adjusted, accomplishes to reduce volume of event from the source of event, improves the quality of monitoring alarm.
It is preferred that the threshold value planning algorithm of some index is:
Statistical analysis is carried out to historical data of the index under network normal operational condition, determines its maximum, minimum value
And median, then carry out threshold value as follows:
In formula, TiFor threshold value, DiFor the index maximum under network normal operational condition, XiFor network normal operational condition
Under index minimum value, MiFor the maximum of index Design, ZiFor the index median under network normal operational condition.
After rule base puts into operation, all virtual values of the index can be real-time under network normal operational condition
Participate in calculating, determine the threshold value of the index in real time.The adaptive dynamic modification of threshold value improves the ability of threshold value adaptive system, has
Beneficial to the raising of systematic function.
S04:Generation extension rule storehouse is made inferences with reference to primitive rule storehouse and correlation rule storehouse.
Rule is exactly production rule, refers to a kind of fixed logic structural relation in people's thinking judgement.The base of rule
This form:A → B or IF A THEN B, A are the premises (former piece) of production, for pointing out the whether available bar of the production
Part.B is one group of conclusion or operation (consequent), for pointing out when the condition indicated by premise A meets, it should the conclusion that draws or
The operation that should be performed.Extension rule can be directly generated by rule-based reasoning using primitive rule and correlation rule.Illustrate
It is bright, rule " A → B ", " B → C " and " A be present with correlation rule if deposited in primitive ruleD ", can be with by rule-based reasoning
Obtain three extension rules " B → C ", " D → B " " D → C ".
Extension rule is to be inferred by primitive rule and correlation rule Lai regular reasoning inherently exists uncertain
Property, so it is minimum to expand Rules control, it is necessary to (include checking and the service data of historical data by strict checking
Checking), can just upgrade to primitive rule.
Research information system operation monitoring alarm rule base constructing technology on the basis of, from the type of monitoring, data,
Source, alarm time, alert mode, performance data etc. are set about, by monitoring historical data and related daily O&M work
The analysis of single fault type, from the different time sections such as information system peak hours/period, idle period, the industry of combining information system
Business time and portfolio, understand the tide bulge and fall of business, utility historical data, and analysis calculates suitable service operation alarm
It is required that alarm threshold, improve for information system alarm self-learning capability, dynamic adjust alarm threshold, accomplish from event
Volume of event is reduced in source, improves the quality of monitoring alarm.
Rule base can be divided into three subregions by we, store different types of rule respectively, for example area storage is substantially
Rule base, 2nd area storage correlation rule storehouse, 3rd area storage extension rule storehouse.Wherein, the retrieval priority of each rule base is:Substantially
Rule base>Correlation rule storehouse>Extension rule storehouse.In the retrieving of rule, the primitive rule in an area is retrieved first,
If not finding corresponding rule, the correlation rule in the areas of ability Hui Dui bis- and the extension rule in 3rd area are retrieved.To 2nd area
Correlation rule and the extension rule in 3rd area are optimized by the machine learning to historical data to enter the adjust automatically of line discipline, this
Outside, dependency rule needs to retain by the reasonablencess check of historical data, otherwise directly removes the rule.
In addition, in each regular library partition, the priority of rule can be determined by rule compositor algorithm, is specifically
The regular priority being retrieved, the high rule precedence of priority are determined by the final counting index of rule in sequence of rules domain
Retrieval, the low rule of priority postpone retrieval, can so improve rule search efficiency.Wherein, the formula that rule finally counts
For:
F=R-0.5W
In formula, F counts to be final, and R is the number that rule runs succeeded in actual moving process, and W performs mistake for rule
The number lost;If carrying out machine learning to the scene for performing failure, to dependency rule by optimizing and solving relevant issues, then
The corresponding number W for performing failure subtracts one.
By the inspection of historical data and service data, can find out in the strictly all rules of rule base which be it is rational,
Which is irrational, and the reasonability of rule can be determined by the means of quantitative analysis, for example can pass through rule
The final counting index in sequence of rules domain carrys out the reasonability of quantizing rule in three domain structures.After analysis on its rationality by rule,
Intelligent rule can be further processed, such as, some rules meet system requirements by checking;Some rules are closed
Rationality is general, it is necessary to can just be used by machine learning;Some regular reasonability are poor, just may directly be deleted
.
Likewise, by the machine learning of historical data and service data, regular performance can be constantly lifted, is allowed to and is
Matching of uniting is higher, and provides corresponding performance and optimize and revise suggestion.For example threshold value is not unalterable, can pass through system
Service data enters the adaptive real-time learning of line discipline, improves regular reasonability.
In the design of rule base, also allow rule in flowing of the rudimentary region to premium area.Rule is from rudimentary region
Flowing to premium area, first is needed to the rational checking of rule, and second is to need, by machine learning, to improve constantly
The reasonability of rule.In the running of reality, optimization is automatically adjusted to rule by real-time service data dynamic:
By rule compositor algorithm, priority determination and sequence are carried out to the rule in the area of rule base one, 2nd area, 3rd area, pass through regular flow
The rule in the dynamic areas of algorithm Lai Dui bis- and 3rd area is upgraded or refreshed.
Wherein, the regular flow algorithm in correlation rule storehouse is:During running, if rule once by
It is proved to be correct, moves directly to primitive rule storehouse;If the rule has is proved to mistake twice, the rule is deleted.
The regular flow algorithm in extension rule storehouse is as shown in Figure 3:Usage history data verify strictly all rules,
For rule of the success rate 80%~100%, usage history data move directly to base after carrying out machine learning
This rule storehouse;
For rule of the success rate 60%~80%, after usage history data carry out machine learning, if success rate is big
Primitive rule storehouse is moved in 80%, otherwise continues to stay in extension rule storehouse, and receives the machine learning of service data, until
Its success rate is more than 80%;
For rule of the success rate 50%~60%, usage history data and service data carry out machine learning, until
Its success rate is more than 80%, is moved to primitive rule storehouse, otherwise continues to stay in extension rule storehouse;
It is less than 50% rule for success rate, directly deletes.
By that to the real-time progress priority adjustment of rule, rule base can be allowed to be in optimum state, improve the retrieval of rule
The accuracy of efficiency and rule, so as to improve systematic function.The priority adjustment of rule is extremely important, and conventional is regular and reasonable
Property higher rule ought to retrieved beforehand, the rule and the relatively low rule of reasonability being of little use can postpone retrieval, so can be with
The recall precision of rule is improved, so as to improve systematic function.
Furthermore it is also possible to certain operations are carried out by manual type, for example system operation maintenance personnel directly can increase and delete
Modified except rule, and to well-regulated association attributes.
The beneficial effects of the invention are as follows:
First, the compartmentalization construction of rule base:The rule base of the inventive method design shares three subregions, and storage is basic respectively
Rule, the highest priority of correlation rule and extension rule, wherein primitive rule, correlation rule take second place, extension rule it is preferential
Level is minimum.By the subregion of rule base, the priority orders of rule search can be determined by the priority management of rule, and
Low area rule can learn to be upgraded by continuous real-time machine, the flowing of implementation rule from low to high.
2nd, three regular domain structures:Three domain structures of rule include sequence of rules domain, regular identification field and regulatory body
Domain:The priority ranking for the means implementation rule that sequence of rules domain passes through quantization;Regular identification field be used for identify the rule from
Belong to object, rule base when changing in order to network topology architecture adaptively adjusts;Regulatory body domain stores the main body of rule
Part, this is the detailed description to rule.
3rd, real-time adaptive threshold adjustment:System utility historical data and service data, analysis calculate suitable
The alarm threshold of service operation Alerting requirements, the alarm self-learning capability for information system is improved, using threshold value planning algorithm
Dynamic adjustment alarm threshold, accomplishes to reduce volume of event from the source of event, improves the quality of monitoring alarm.
4th, the automation analysis on its rationality of rule storage is increased newly:Newly-increased rule can be automatically generated by system, can also people
Work is added.For newly-increased rule, rationalization analysis is carried out to rule using historical data and real-time running data, it is determined that rule
Availability.
5th, regular adjust automatically optimization:By real-time executing rule sort algorithm and regular flow algorithm, to rule
Carry out priority determination and the refreshing or upgrading of priority, it is ensured that rule base is in optimum state, improves the recall precision of rule
With rule accuracy, so as to improve systematic function.
The present invention realizes information system operation rule storehouse dynamic construction and optimization, can be applied to company information O&M synthesis prison
Pipe platform, the foundation of monitoring alarm rule is set to be easier with maintenance, rule matching efficiency is higher, so as to adapt to information system rapidly
Object, running environment, the various change in running state data source, while meet that extensive INFORMATION SYSTEM PRECEPTS collection matching treatment is real
The requirement of when property, greatly improve the practicality of algorithm, the alarm of lifting information system monitoring, safety management, behavior auditing and conjunction
Advise management quality.
The preferred embodiments of the present invention are these are only, are not intended to limit the scope of the invention, it is every to utilize this hair
The equivalent structure that bright specification and accompanying drawing content are made either equivalent flow conversion or to be directly or indirectly used in other related
Technical field, be included within the scope of the present invention.
Claims (6)
1. a kind of building method in the information system operation rule storehouse based on association rule mining, it is characterised in that including as follows
Step:
S01:Obtain the network topology architecture of information system and dynamic monitor control index and the static monitor control index of all devices;
S02:Network failure tree is generated by network topology architecture and the dynamic and static monitor control index of equipment, and passes through network failure
Tree generation primitive rule storehouse;
S03:Association rules mining algorithm is performed to the historical data of information system, obtains correlation rule storehouse:
History is carried out using based on the improved Apriori algorithm of branch's screening and optimizing strategy and database single sweep operation technology
The excavation of data correlation rule;Wherein, the improved Apriori algorithm was carried out using Hash table and position container to Candidate Set
Filter, consumption of the algorithm on Candidate Set is produced is reduced, and by safeguarding a Boolean matrix come thing all in database of record
Business information;
S04:Generation extension rule storehouse is made inferences with reference to primitive rule storehouse and correlation rule storehouse;
Wherein, the retrieval priority of each rule base is:Primitive rule storehouse>Correlation rule storehouse>Extension rule storehouse;
Wherein, the dependent thresholds in primitive rule storehouse and correlation rule storehouse by the machine learning to historical data and perform threshold value
Planning algorithm determines that the threshold value planning algorithm is:
Statistical analysis is carried out to historical data of the index under network normal operational condition, determines its maximum, minimum value is with
Digit, then carry out threshold value as follows:
<mrow>
<msub>
<mi>T</mi>
<mi>i</mi>
</msub>
<mo>=</mo>
<msub>
<mi>D</mi>
<mi>i</mi>
</msub>
<mo>+</mo>
<mfrac>
<mrow>
<mn>2</mn>
<mrow>
<mo>(</mo>
<msub>
<mi>Z</mi>
<mi>i</mi>
</msub>
<mo>-</mo>
<msub>
<mi>X</mi>
<mi>i</mi>
</msub>
<mo>)</mo>
</mrow>
<mo>*</mo>
<mrow>
<mo>(</mo>
<msub>
<mi>M</mi>
<mi>i</mi>
</msub>
<mo>-</mo>
<msub>
<mi>D</mi>
<mi>i</mi>
</msub>
<mo>)</mo>
</mrow>
</mrow>
<mrow>
<mn>3</mn>
<mrow>
<mo>(</mo>
<msub>
<mi>D</mi>
<mi>i</mi>
</msub>
<mo>-</mo>
<msub>
<mi>X</mi>
<mi>i</mi>
</msub>
<mo>)</mo>
</mrow>
</mrow>
</mfrac>
</mrow>
In formula, TiFor threshold value, DiFor the index maximum under network normal operational condition, XiFor under network normal operational condition
Index minimum value, MiFor the maximum of index Design, ZiFor the index median under network normal operational condition;
Each rule in primitive rule storehouse is three domain structures, that is, is included, sequence of rules domain:Rule is held in the running of reality
The successful number of row, perform the number of failure, the final counting of rule and rule compositor;
Regular identification field:For identifying the regular subordinate object;
Regulatory body domain:For the detailed description to rule.
2. a kind of building method in information system operation rule storehouse based on association rule mining according to claim 1,
Characterized in that, the real-time executing rule sort algorithm of system and regular flow algorithm are carried out to rule, priority is determined and rule is brushed
Newly.
3. a kind of building method in information system operation rule storehouse based on association rule mining according to claim 2,
Characterized in that, in each rule base, determine that rule is retrieved by the final counting index of rule in sequence of rules domain
Priority, wherein, the formula that finally counts of rule is:
F=R-0.5W
In formula, F counts to be final, and R is the number that rule runs succeeded in actual moving process, and W is that rule performs failure
Number;If carrying out machine learning to the scene for performing failure, to dependency rule by optimizing and solving relevant issues, then accordingly
Execution failure number W subtract one.
4. a kind of building method in information system operation rule storehouse based on association rule mining according to claim 2,
Characterized in that, the regular flow algorithm in correlation rule storehouse is:
During running, as long as rule is once proved to be correct, primitive rule storehouse is moved directly to;Such as
The fruit rule has is proved to mistake twice, then deletes the rule.
5. a kind of building method in information system operation rule storehouse based on association rule mining according to claim 2,
Characterized in that, the regular flow algorithm in extension rule storehouse is:
Usage history data verify strictly all rules, and for rule of the success rate 80%~100%, usage history data are carried out
Primitive rule storehouse is moved directly to after machine learning;For rule of the success rate 60%~80%, usage history data are carried out
After machine learning, primitive rule storehouse is moved to if success rate is more than 80%, otherwise continues to stay in extension rule storehouse, and receive
The machine learning of service data, until its success rate is more than 80%;For success rate in 50%~60% rule, usage history
Data and service data carry out machine learning, until its success rate is more than 80%, is moved to primitive rule storehouse, otherwise continues to stay in
Extension rule storehouse;It is less than 50% rule for success rate, directly deletes.
6. a kind of building method in information system operation rule storehouse based on association rule mining according to claim 1,
Characterized in that, system operation maintenance personnel can directly increase and deletion rule, and well-regulated association attributes is modified.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410708182.8A CN104376365B (en) | 2014-11-28 | 2014-11-28 | A kind of building method in the information system operation rule storehouse based on association rule mining |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410708182.8A CN104376365B (en) | 2014-11-28 | 2014-11-28 | A kind of building method in the information system operation rule storehouse based on association rule mining |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104376365A CN104376365A (en) | 2015-02-25 |
| CN104376365B true CN104376365B (en) | 2018-01-09 |
Family
ID=52555261
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410708182.8A Active CN104376365B (en) | 2014-11-28 | 2014-11-28 | A kind of building method in the information system operation rule storehouse based on association rule mining |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104376365B (en) |
Families Citing this family (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106502857A (en) * | 2015-09-07 | 2017-03-15 | 上海隆通网络系统有限公司 | A kind of intellectual analysis interference method and system in IT operation management system |
| CN105263147A (en) * | 2015-11-25 | 2016-01-20 | 中国联合网络通信集团有限公司 | Base station regulation method and equipment |
| CN106897807B (en) * | 2015-12-18 | 2021-01-26 | 创新先进技术有限公司 | Business risk control method and equipment |
| CN105608135B (en) * | 2015-12-18 | 2020-03-31 | Tcl集团股份有限公司 | Data mining method and system based on Apriori algorithm |
| CN105930457A (en) * | 2016-04-21 | 2016-09-07 | 南开大学 | Distributed architecture-based data flow frequent item mining method |
| CN106127879A (en) * | 2016-06-24 | 2016-11-16 | 都城绿色能源有限公司 | Intelligent movable patrolling and checking management system and method for inspecting for generation of electricity by new energy equipment |
| CN106200615B (en) * | 2016-07-15 | 2018-06-19 | 国电南瑞科技股份有限公司 | A kind of intelligent track-traffic early warning implementation method based on incidence relation |
| CN106209893B (en) * | 2016-07-27 | 2019-03-19 | 中国人民解放军信息工程大学 | The inside threat detection system and its detection method excavated based on business process model |
| CN106991141B (en) * | 2017-03-21 | 2020-12-11 | 北京邮电大学 | Association rule mining method based on deep pruning strategy |
| CN108696369A (en) * | 2017-04-06 | 2018-10-23 | 华为技术有限公司 | A kind of warning information processing equipment and method |
| CN107094096A (en) * | 2017-04-19 | 2017-08-25 | 北京云端智度科技有限公司 | A kind of adaptive CDN business diagnosis monitoring systems |
| CN108549653A (en) * | 2018-03-08 | 2018-09-18 | 金数信息科技(苏州)有限公司 | Sequence plot association rule mining method based on block chain Dynamic Programming |
| CN109032872B (en) * | 2018-08-13 | 2021-08-10 | 广东电网有限责任公司广州供电局 | Bayesian network-based equipment fault diagnosis method and system |
| CN109697455B (en) * | 2018-11-14 | 2020-08-04 | 清华大学 | Fault diagnosis method and device for distribution network switch equipment |
| CN110222028B (en) * | 2019-04-30 | 2022-11-15 | 重庆小雨点小额贷款有限公司 | Data management method, device, equipment and storage medium |
| CN111563647A (en) * | 2020-03-26 | 2020-08-21 | 国网福建省电力有限公司信息通信分公司 | Power information system detection method and system based on association rule and DEA |
| CN113259148B (en) * | 2020-12-31 | 2022-05-13 | 中兴通讯股份有限公司 | Alarm correlation detection method, system and medium based on federal learning |
| CN113448763B (en) * | 2021-07-16 | 2022-07-26 | 广东电网有限责任公司 | Dynamic expansion grouping alarm service method for full life cycle management |
| CN115378810A (en) * | 2022-08-22 | 2022-11-22 | 深圳奇迹智慧网络有限公司 | Rule dynamic updating method and device, computer equipment and storage medium |
| CN116881338B (en) * | 2023-09-07 | 2024-01-26 | 北京傲星科技有限公司 | Data mining method and related equipment for data stream based on large model |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101093559A (en) * | 2007-06-12 | 2007-12-26 | 北京科技大学 | Method for constructing expert system based on knowledge discovery |
| CN102638100A (en) * | 2012-04-05 | 2012-08-15 | 华北电力大学 | District power network equipment abnormal alarm signal association analysis and diagnosis method |
| CN103425776A (en) * | 2013-08-15 | 2013-12-04 | 电子科技大学 | Multi-user repository cooperation method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130204657A1 (en) * | 2012-02-03 | 2013-08-08 | Microsoft Corporation | Filtering redundant consumer transaction rules |
-
2014
- 2014-11-28 CN CN201410708182.8A patent/CN104376365B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101093559A (en) * | 2007-06-12 | 2007-12-26 | 北京科技大学 | Method for constructing expert system based on knowledge discovery |
| CN102638100A (en) * | 2012-04-05 | 2012-08-15 | 华北电力大学 | District power network equipment abnormal alarm signal association analysis and diagnosis method |
| CN103425776A (en) * | 2013-08-15 | 2013-12-04 | 电子科技大学 | Multi-user repository cooperation method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104376365A (en) | 2015-02-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104376365B (en) | A kind of building method in the information system operation rule storehouse based on association rule mining | |
| CN110148001A (en) | A kind of system and method for realizing fraudulent trading intelligent early-warning | |
| CN106874482A (en) | A kind of device and method of the patterned data prediction based on big data technology | |
| CN102624865A (en) | Cluster load prediction method and distributed cluster management system | |
| CN108038666A (en) | A kind of company information acquisition system based on internet | |
| CN106407305A (en) | Data mining system and method | |
| CN109299160A (en) | A kind of electric power CPS Safety Analysis Method excavated based on monitoring big data | |
| CN110378586B (en) | Power transformation equipment defect early warning method and system based on dynamic closed-loop knowledge management | |
| CN107609172A (en) | A kind of cross-system multi-dimensional data search processing method and device | |
| Zhijun | RBF neural networks optimization algorithm and application on tax forecasting | |
| CN106445788A (en) | Method and device for predicting operating state of information system | |
| CN106649034B (en) | Visual intelligent operation and maintenance method and platform | |
| CN111861397A (en) | Intelligent scheduling platform for client visit | |
| CN112700099A (en) | Resource scheduling planning method based on reinforcement learning and operation research | |
| CN105049475B (en) | The data efficient storage optimization method and system of extensive community | |
| CN106953338A (en) | A kind of var Optimization Method in Network Distribution and device | |
| CN109978299B (en) | Data analysis method and device for offshore wind power business and storage medium | |
| Zhang et al. | Application of analytic network process in agricultural products logistics performance evaluation | |
| CN114119251A (en) | System and method for predicting financial risk trend based on intelligent AI | |
| CN106713051A (en) | Network management system | |
| CN104994136B (en) | The data store optimization method and system of extensive community | |
| US20230401284A1 (en) | Hybrid quantum computing system for hyper parameter optimization in machine learning | |
| CN117151496B (en) | Enterprise architecture alignment method, device, equipment and storage medium | |
| CN107528799A (en) | A kind of cloud computing resources distribution method and system | |
| Li | Discussion on Enterprise Logistics Management Performance Evaluation System |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Co-patentee after: NARI Group Corp. Patentee after: State Grid Corporation of China Co-patentee after: NARI INFORMATION AND COMMUNICATION TECHNOLOGY Co. Co-patentee after: JIANGSU ELECTRIC POWER Co. Co-patentee after: INFORMATION & TELECOMMUNICATION BRANCH OF STATE GRID JIANGSU ELECTRIC POWER Co. Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Co-patentee before: NARI Group CORPORATION STATE GRID ELECTRIC POWER INSTITUTE Patentee before: State Grid Corporation of China Co-patentee before: NARI INFORMATION AND COMMUNICATION TECHNOLOGY Co. Co-patentee before: JIANGSU ELECTRIC POWER Co. Co-patentee before: INFORMATION & TELECOMMUNICATION BRANCH OF STATE GRID JIANGSU ELECTRIC POWER Co. |
|
| CP01 | Change in the name or title of a patent holder |