CN111538643A - Alarm information filtering method and system for monitoring system - Google Patents
Alarm information filtering method and system for monitoring system Download PDFInfo
- Publication number
- CN111538643A CN111538643A CN202010643264.4A CN202010643264A CN111538643A CN 111538643 A CN111538643 A CN 111538643A CN 202010643264 A CN202010643264 A CN 202010643264A CN 111538643 A CN111538643 A CN 111538643A
- Authority
- CN
- China
- Prior art keywords
- alarm information
- alarm
- marking
- auxiliary
- marked
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3065—Monitoring arrangements determined by the means or processing involved in reporting the monitored data
- G06F11/3072—Monitoring arrangements determined by the means or processing involved in reporting the monitored data where the reporting involves data filtering, e.g. pattern matching, time or event triggered, adaptive or policy-based reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/32—Monitoring with visual or acoustical indication of the functioning of the machine
- G06F11/324—Display of status information
- G06F11/327—Alarm or error message display
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/243—Classification techniques relating to the number of classes
- G06F18/24323—Tree-organised classifiers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
Abstract
The invention discloses a method and a system for filtering alarm information of a monitoring system, which are used for acquiring historical alarm information and alarm information related to an event result; marking for the first time according to the relevance of the alarm information attribute relative to the working post; according to the reason for generating the event result, auxiliary marking is carried out on the alarm information; according to the auxiliary mark, screening alarm information which has no direct relation with an event result to obtain effective alarm information; if the first marking of the effective alarm information is not concerned particularly or generally, the first marking is carried out again; extracting a first marked and auxiliary marked alarm information sample set, and sending the first marked and auxiliary marked alarm information sample set into a learning model for training to generate a classification model; and testing the classification model by using a known sample set, and if the test result accords with expectation, processing and displaying unknown alarm information by using the classification model. The invention solves the problem of how to intelligently filter key alarm information in a large amount of alarm information.
Description
Technical Field
The invention relates to the field of information processing, in particular to a method and a system for filtering alarm information of a monitoring system.
Background
The existing comprehensive monitoring system often sees full-screen alarm information to cause alarm flooding, and an operator often cannot identify which alarm is the most critical alarm and which alarm is generated accessorily at the first time, so that the processing of the critical alarm information is delayed.
The alarm information categories in the integrated monitoring system can be divided into: the alarm system comprises a body fault alarm reported by the equipment, a sensor detection alarm (such as smoke sensation, temperature sensation, water level of a water pump and the like), an alarm of the numerical value exceeding or action state reported by the equipment (such as the action state of a flood gate, the CPU occupancy rate of a server and the like) and a network interruption alarm.
Valuable alarms are found out from massive alarms and displayed, and the prior art has two solutions:
1. and judging whether the alarm is valuable or not according to the real-time state of the equipment through equipment modeling. However, because the types of the devices are various, and the models of the devices with the same use, different brands and different models are not necessarily universal, what is more troublesome is that the comprehensive monitoring system lacks the maintenance information of the devices and is difficult to model.
2. And judging whether the alarm is valuable or not by judging whether the corresponding alarm generates a maintenance work order or not. However, the equipment number in the maintenance work order is inconsistent with the equipment number in the comprehensive monitoring system, so that the system is difficult to automatically judge; in addition, the time generated by the maintenance work order generally lags behind the alarm of the field equipment, and the maintenance information of the equipment is also lacked, so that the maintenance work order cannot be realized by landing.
The two ideas have a common problem, namely only aiming at the fault alarm of the equipment body, and other types of alarm information are not considered.
Disclosure of Invention
The filtering problem of the alarm is solved through the classification and prediction method of the alarm.
The invention aims to solve the technical problem that key alarm information cannot be accurately and effectively identified due to the fact that alarm information in a monitoring system is inundated, and aims to provide a method and a system for filtering the alarm information of the monitoring system, so that the problem of how to intelligently filter the key alarm information in a large amount of alarm information is solved.
The invention is realized by the following technical scheme:
on one hand, the invention discloses a monitoring system alarm information filtering method, which comprises the following steps: s1: acquiring all historical alarm information in a given time interval; s2: marking for the first time according to the relevance degree of each alarm information attribute relative to the working position, wherein the first time marks are divided into three grades from small to large according to the relevance degree, and the grades are respectively as follows: no attention, general attention and special attention is required; s3: acquiring alarm information related to an event result, defining the alarm information related to the event result as event related alarm information, and performing auxiliary marking on the event related alarm information according to the reason for generating the event result; s4: screening out alarm information which has no direct relation with the event result according to the auxiliary mark of the event related alarm information to obtain effective alarm information; s5: judging the first marking of the effective alarm information, if the first marking of the effective alarm information is not concerned with special attention or general attention, carrying out the first marking again according to the relevance of each effective alarm information attribute relative to a work post, and enabling at least one first marking of the effective alarm information to be concerned with special attention or general attention; s6: extracting a warning information sample set marked for the first time and marked in the step S5, and sending the sample set into a learning model for training to generate a classification model; s7: and sending the known alarm information samples which are marked for the first time and are marked for the auxiliary time manually into the classification model for testing, if the accuracy of the test result accords with the expected accuracy, marking the unknown alarm information by using the classification model, and displaying the alarm information according to the first marking grade and the auxiliary mark.
The invention automatically filters the alarm information by marking the alarm information and predicting a learning model. The marking of the alarm information is divided into two parts: firstly, the first marking is made aiming at the relevance of the alarm information content to each working post, and the first marking is divided into three grades from small to large according to the important program of the alarm information to the working post, wherein the grades are respectively not concerned, general concerned and special concerned; and secondly, judging which event the alarm information is generated by according to the event result of the generated alarm information, and classifying the alarm information by auxiliary marks according to the causal relationship of the alarm information on the event result. According to the result that the incident produced, filter all alarm information that the incident result is relevant, will produce the alarm information that does not have the direct relation with the incident and screen out, leave the alarm information that has the direct relation with the incident result, leave effectual key alarm information promptly, dispel the alarm information irrelevant with current job position, directly refined key alarm information, be favorable to relevant job position to make effectual reply. On one hand, the method is not designed for a single equipment body, but carries out two marks according to the attribute of the alarm information, thereby ensuring that the alarm information of different equipment types, brands or purposes can be processed and ensuring that the alarm information outside the equipment can be processed. On the other hand, the method of the invention carries out reverse derivation on the event consequence generated by equipment failure, and readjusts the first mark and/or the auxiliary mark of the alarm information, thereby ensuring the accuracy of the two marks of the alarm information.
And establishing a machine learning model, and sending the alarm information after the first marking and the auxiliary marking into the machine learning model for training so as to establish a classification rule of the alarm information, namely a classification model. In order to improve the accuracy of the classification model, in the training process, the classification model is tested by using a known alarm information sample which is manually marked for the first time and is subjected to auxiliary marking, and if the accuracy of the test result is in an acceptable range, the classification model is used for processing and filtering unknown alarm information. The classification model of the method establishes a set of mature alarm information filtering method, and the method can be directly used for processing strange alarm information, thereby improving the processing efficiency of unknown alarm information and improving the processing efficiency of working personnel on unknown faults.
Further, if the accuracy of the test result does not meet the expected accuracy, the steps S2-S7 are repeated. Through repeated adjustment of the alarm information data samples on the classification model, the accuracy rate of the classification model is improved, and the classification model which can be used for processing unknown alarm information is obtained.
Further, when an extension line is accessed or equipment is replaced and modified, the known alarm information samples of the first mark and the auxiliary mark are regenerated. When the monitored object is significantly transformed and adjusted, the alarm information is determined to be greatly changed, so that an alarm information sample needs to be reestablished, the classification module is trained again, and a suitable classification model is obtained.
Further, the alarm information attributes comprise a line, a station, a subsystem, an equipment type, an equipment number, an equipment brand model, an equipment installation position, alarm time, an alarm type and an alarm value; the working posts comprise a station leader, an on-duty station leader, a station service, a line dispatching, an electric ring dispatching, a maintenance dispatching and an on-duty master; the auxiliary marks comprise fault correlation, linkage correlation, auxiliary alarm, construction generation, false alarm and non-fault.
Furthermore, for the same working post, the auxiliary mark is alarm information of an auxiliary alarm, the grade of the first mark is lower than that of the first mark of an auxiliary main alarm, and the main alarm is alarm information directly related to an event result. For the secondary alarm, for the same post, if its first marker is drawn into a level higher than the level of the primary alarm, it needs to be re-divided by the job post user.
Further, the event result includes: the generation or execution of a maintenance order, the generation of a maintenance order by the fault alarm device, the triggering of linkage by the alarm and the confirmation of the execution of linkage are carried out within 24 hours.
Further, the learning model is trained through a decision tree algorithm or a neural network algorithm.
Furthermore, the alarm information of the monitoring system comprises equipment body fault alarm, sensor alarm, equipment reported value overrun alarm, equipment action state alarm and network interruption alarm.
In another aspect, the present invention provides a monitoring system alarm information filtering system, including:
the alarm information extraction module: the system is used for acquiring all historical alarm information in a given time interval; the alarm information acquisition device is used for acquiring alarm information related to an event result;
the alarm information marking module: the method is used for marking for the first time according to the relevance degree of each alarm information attribute relative to a working post, and the first marking is divided into the following parts from small to large: no attention, general attention and special attention is required; the alarm information related to the event result is defined as event related alarm information, and auxiliary marking is carried out on the event related alarm information according to the reason for generating the event result;
the alarm information processing module: the alarm information which has no direct relation with the event result is screened out according to the auxiliary mark of the event related alarm information to obtain effective alarm information; the first marking is used for judging the effective alarm information, if the first marking of the effective alarm information is not concerned with special attention or general attention, the first marking is carried out again according to the relevance degree of each effective alarm information attribute relative to a work post, and at least one first marking of the effective alarm information is ensured to be concerned with special attention or general attention;
alarm information classification rule establishing module: the alarm information processing module is used for extracting an alarm information sample set which is firstly marked and assisted to be marked by the alarm information processing module, and sending the sample set into a learning model for training to generate a classification model; the system comprises a classification model, a first-time marking module, a second-time marking module and a third-time marking module, wherein the classification model is used for sending a known alarm information sample which is manually marked for the first time and is subjected to auxiliary marking into the classification model for testing, and if the accuracy rate of a test result accords with an expected accuracy rate, the classification model;
the alarm information display module: and displaying the content of the alarm information to a corresponding working post according to the first mark and the auxiliary mark of the alarm information, and distinguishing colors according to the grade of the first mark.
Further, the alarm information attributes comprise a line, a station, a subsystem, an equipment type, an equipment number, an equipment brand model, an equipment installation position, alarm time, an alarm type and an alarm value; the working posts comprise a station leader, an on-duty station leader, a station service, a line dispatching, an electric ring dispatching, a maintenance dispatching and an on-duty master; the auxiliary marks comprise fault correlation, linkage correlation, auxiliary alarm, construction generation, false alarm and non-fault; the event results include the generation or execution of a service order, the generation of a service order by the fail-safe device within 24 hours, the triggering of an alarm and the confirmation of the execution of linkage.
Compared with the prior art, the invention has the following advantages and beneficial effects:
the purpose of the first marking and the auxiliary marking of the alarm information is as follows:
the first mark is used for learning an alarm filtering strategy based on a user post;
the auxiliary mark is used to modify the primary mark while providing some additional information such as: the method comprises the following steps of (1) performing primary equipment failure prediction to prompt a user to pay proper attention; the alarm chain of main alarm and auxiliary alarm is provided, and fault analysis is facilitated.
And (3) evaluating the accuracy of the classification rule by using a known test sample set through the trained classification model, and if the accuracy is acceptable, predicting the unknown alarm by using the model. Wherein, the judgment of the accuracy depends on 3 indexes: kappa statistics, recognition accuracy and recognition accuracy. When Kappa > =0.75, the recognition accuracy reaches more than 95%, and the recognition accuracy reaches more than 90%, the accuracy is acceptable.
Classification is supervised learning, requiring periodic collection of user feedback, especially when there is an extension line access or equipment replacement modification, requiring adjustment of the training set to retrain the model.
1. Key alarm information is accurately and effectively screened out, and flooding and redundancy of the alarm information are eliminated;
2. when the auxiliary alarm information is particularly much, namely the alarm avalanche, the alarm chain can be obtained by the method, so that the fault analysis is convenient;
3. the processing efficiency of the work post on the sudden accidents is improved, so that other accidents caused by missing key alarm information are avoided;
4. the method of the invention can be self-adaptively adjusted at any time along with the structural adjustment or other changes of the monitored object.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the principles of the invention. In the drawings:
FIG. 1 is a schematic flow diagram of the process of the present invention;
FIG. 2 is a label classification chart according to the present invention;
fig. 3 is a classification of alarm information after filtering in embodiment 3.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to examples and accompanying drawings, and the exemplary embodiments and descriptions thereof are only used for explaining the present invention and are not meant to limit the present invention.
Example 1
The embodiment 1 provides a monitoring system alarm information filtering method, including the following steps: s1: acquiring all historical alarm information in a given time interval; s2: marking for the first time according to the relevance degree of each alarm information attribute relative to the working position, wherein the first marking is divided into three grades from small to large according to the relevance degree, and the grades are respectively as follows: no attention, general attention and special attention is required; s3: acquiring alarm information related to an event result, defining the alarm information related to the event result as event related alarm information, and performing auxiliary marking on the event related alarm information according to the reason for generating the event result; s4: screening out alarm information which has no direct relation with an event result according to the auxiliary mark of the event related alarm information to obtain effective alarm information; the event results include: the generation or execution of a maintenance work order and the fault alarm equipment generate the maintenance work order within 24 hours, and the alarm triggers linkage and the linkage is confirmed to be executed; s5: judging the first marking of the effective alarm information, if the first marking of the effective alarm information is not concerned particularly or is concerned generally, then marking again according to the relevance of each effective alarm information attribute relative to the work post, so that at least one of the first marking of the effective alarm information is concerned particularly or is concerned generally; s6: extracting a warning information sample set which is marked for the first time and is marked in the auxiliary way in the step S5, sending the sample set into a learning model for training, training the learning model through a decision tree algorithm or a neural network algorithm, and finally generating a classification model; s7: and sending the known alarm information samples which are marked and auxiliary-marked for the first time manually into a classification model for testing, if the accuracy of the test result accords with the expected accuracy, marking the unknown alarm information by using the classification model, and displaying the alarm information according to the marking state.
The marking of the alarm information is divided into two parts: firstly, the first marking is made aiming at the relevance of the alarm information content to each working post, and the first marking is divided into three grades from small to large according to the important program of the alarm information to the working post, wherein the grades are respectively not concerned, general concerned and special concerned; and secondly, judging which event the alarm information is generated by according to the event result of the generated alarm information, and classifying the alarm information by auxiliary marks according to the causal relationship of the alarm information on the event result. And filtering all alarm information related to the event result according to the result generated by the event, screening out the alarm information which is not directly related to the event, and leaving the alarm information which is directly related to the event result, namely leaving effective key alarm information.
And establishing a machine learning model, and sending the alarm information after the first marking and the auxiliary marking into the machine learning model for training so as to establish a classification rule of the alarm information, namely a classification model. In order to improve the accuracy of the classification model, in the training process, the classification model is tested by using a known alarm information sample which is manually marked for the first time and is subjected to auxiliary marking, and if the accuracy of the test result is in an acceptable range, the classification model is used for processing and filtering unknown alarm information. Wherein, the judgment of the accuracy rate of the test result depends on 3 indexes: kappa statistics, recognition accuracy and recognition accuracy. When Kappa > =0.75, the recognition accuracy reaches more than 95%, and the recognition accuracy reaches more than 90%, the accuracy of the test result is acceptable.
If the accuracy of the test result does not meet the expected accuracy, the steps S2-S7 are repeated. Through repeated adjustment of the alarm information data samples on the classification model, the accuracy rate of the classification model is improved, and the classification model which can be used for processing unknown alarm information is obtained.
When an extension line is accessed or the equipment is replaced and modified, the known alarm information samples of the first mark and the auxiliary mark are regenerated. When the monitored object is significantly transformed and adjusted, the alarm information is determined to be greatly changed, so that an alarm information sample needs to be reestablished, the classification module is trained again, and a suitable classification model is obtained.
The alarm information attributes comprise lines, stations, subsystems, equipment types, equipment numbers, equipment brand models, equipment installation positions, alarm time, alarm types and alarm values; the working post comprises a station leader, an on-duty station leader, a station affair, a line tone, an electric ring tone, a maintenance tone and an on-duty master and a duty; the auxiliary markers include fault correlation, linkage correlation, auxiliary alarm, construction generation, false alarm and none.
For the same working post, the auxiliary mark is alarm information of auxiliary alarm, the grade of the first mark is lower than that of the first mark of main alarm, and the main alarm is alarm information directly related to the event result. For the secondary alarm, for the same post, if its first marker is drawn into a level higher than the level of the primary alarm, it needs to be re-divided by the job post user.
The monitoring system alarm information comprises equipment body fault alarm, sensor detection alarm, equipment reported value overrun alarm, equipment action state alarm and network interruption alarm.
Example 2
This embodiment 2 solves the problem of filtering alarms by means of the labeling and prediction method of the alarms themselves. As shown in fig. 1.
The alarm attributes can be divided into: line (staging), station, subsystem, equipment type, equipment number, equipment brand and model, equipment installation position, alarm time, alarm type, alarm value (analog quantity), etc.
The personnel posts can be divided into station leader, on-duty station leader, station affairs and the like of the station; and (4) scheduling (line scheduling, electric loop scheduling, maintenance scheduling, duty master and the like) of the control center.
Thus, the problem of filtering alarms translates into: for each post, it is labeled as "don't care, general care, special care" category 3, depending on the nature of the alarm.
First, all recent historical alarms are derived from the integrated monitoring system and first marked by users at different posts (class 4 marking of No concern, general concern, Special concern, uncertain)
Since the user may make a false decision on the alarm classification (in particular, incorrectly classify the type of alarm that needs attention as an type that does not need attention), it is also necessary to perform an auxiliary marking in conjunction with whether the alarm is an auxiliary alarm and whether a direct consequence is produced, for example: whether the equipment with the fault alarm generates a maintenance work order within 24 hours; whether the alarm triggers linkage or not and whether the linkage is confirmed to be executed or not. For the alarm with direct results, if all the post users mark 'attention-free' in the early period, the alarm needs to be divided again by the users, at least one post marks the alarm as a 'general attention' type or a 'special attention' type, and the auxiliary mark is 'fault-related'; for an affiliated alarm, for the same post, if it is first marked at a level higher than the level of the master alarm to which it is affiliated, it also needs to be re-marked by the post user. Meanwhile, the construction information of the subway, including construction time period, place, influence range and the like, needs to be collected, and whether the alarm is generated by construction or not is marked. For conditional devices, false alarms may also be flagged. All auxiliary markers can be classified into 6 types of 'fault correlation, linkage correlation, auxiliary alarm, construction generation, false alarm and no'.
The data preparation of the auxiliary marks can be reversed, that is: instead of seeking consequences through an alarm, an alarm is sought through consequences. The number of maintenance work orders and linkage (logs) is far less than the number of alarms (by several orders of magnitude), so that excessive workload can be avoided. The auxiliary alarm needs related service knowledge and is judged by a service expert of a corresponding subsystem.
And training by taking a result set obtained after primary marking and auxiliary marking as a training set and constructing a machine learning method, wherein the main used algorithm comprises a decision tree algorithm and a neural network algorithm, and a classification model is established after learning to obtain a training rule. The accuracy of the labeling rules is then evaluated by using a known set of test samples, and if the accuracy is acceptable, the model is used to predict unknown alarms. Wherein, the judgment of the accuracy depends on 3 indexes: kappa statistics, recognition accuracy and recognition accuracy. When Kappa > =0.75, the recognition accuracy reaches more than 95%, and the recognition accuracy reaches more than 90%, the accuracy is acceptable.
The labeling is supervised learning, and requires periodic collection of user feedback, especially when extension line access or equipment replacement and modification is available, the training set needs to be adjusted to retrain the model.
Example 3
This embodiment 3 is an alarm display processing procedure of the integrated monitoring system for the number 4 line of the Chengdu subway:
1. deriving all recent historical alarms; (10 months of historical alarms are maintained in the monitoring system), the contents of the part alarm information shown in the following table are shown.
Alarm information in the comprehensive monitoring system is mainly divided into the following categories:
1) the body fault reported by the equipment is alarmed;
2) the sensor detects and alarms, such as smoke, temperature, water level of the water pump and the like;
3) the equipment reports the alarm of the numerical value overrun or the action state, such as the action state of a flood gate, the CPU occupancy rate of a server and the like;
4) and (5) network interruption alarm.
The attributes of each alarm record include: node names (station, control center, parking lot, vehicle section), Tag roll names, Tag description, device description, alarm type, alarm time, state, class name, subsystem, alarm description, current value, old value, alarm id, alarm area, etc.
2. The alarms are first marked for each station as shown in fig. 2, the first marked level comprising: 4 types of attention, general attention, special attention and uncertainty are not needed; and each user distinguishes the attention level of the alarm by combining the post responsibility and experience of the user according to the alarm type. For example, for an electric ring dispatching station, the station responsibility only needs to pay attention to the alarm of several systems such as electric power, an environment control system and the like. The alarms of that other system are "don't care". In systems that require attention, the failure of certain equipment has the greatest impact on operation, and the alarms associated with these failures are of "special interest". The operation is not so much affected by the failure of other equipment, which is "general concern". Minor failures of some devices do not have any effect on the operation, and devices may operate with these failures, and these alarms may be listed as "don't care". "uncertain" as a default item, indicates an option that cannot be marked. The post personnel mark has stronger subjectivity and stronger regularity, and has a plurality of exceptional situations in actual use, so the post personnel mark is mainly used as a reference and needs to be adjusted by auxiliary marking.
And then carrying out auxiliary mark adjustment, wherein the auxiliary mark types comprise: fault correlation, linkage correlation, auxiliary alarm, construction generation, false alarm, none and uncertainty are 7 types; fault correlation: in the maintenance system, a maintenance work order is generated, and workers are arranged to maintain or even replace the maintenance work order;
linkage is related: the method mainly comprises sensor alarm, such as smoke detection, which is used for detecting smoke so as to trigger fire alarm, but the false alarm often happens, namely, the false alarm is judged from a linkage log, and the fire is really happened (possibly, only a small flame, even smoke is drawn, and all the false alarms need to be calculated, but the false alarms caused by dust and the like need to be eliminated);
auxiliary alarming: the alarm needs professional knowledge to judge, with the majority of power systems, one trip in a power grid can cause other trips, the first trip alarm is a main alarm, and other trips and other alarms (such as a power failure alarm of a UPS) caused by the trip belong to auxiliary alarms;
construction generation: the construction operation is recorded, a lot of operations can be carried out on the equipment in the construction process, the operations can possibly generate an alarm, and whether the operation is caused by the construction can be judged according to the time and the range (influenced stations and systems) of the construction operation;
false alarm: false alarms such as smoke detection as described above, and false alarms where other devices are acknowledged;
none: not of any of the above types.
Indeterminate: as a default item, an option that cannot be classified is marked.
Fault correlation and linkage correlation are taken as strong correlation factors; auxiliary alarming and construction generation are taken as weak related factors.
And adjusting the auxiliary mark, namely offsetting the subjectivity of the mark of the user by using the objectivity and the actual result, and finding out the possible rules of the exceptional cases except the rules.
3. Establishing a classification model; common methods for building classification models are decision trees and neural networks.
4. And displaying an alarm according to the classification model.
First, a classification model is trained using a classification algorithm using historical data. After a new alarm is generated, according to the type and the attribute of the alarm, the current post of logging in the system, construction information, the state of the power grid and the like, prediction classification is carried out through a model, and the alarm belongs to which type of the current logged-in user (attention is not needed, general attention is not needed, and special attention is paid). For the type without attention, the type is not displayed on the main interface (but can be inquired out on a detailed alarm page); and displaying the general attention type and the special attention type on the main interface, wherein the special attention type attracts the attention of a user by means of color flashing, alarm sound and the like.
5. And (5) periodically collecting user feedback, adjusting the classification model, and repeating the steps 1-5.
After a period of use by the user, it is found that some of the alarming indicia do not meet his requirements, and should be of particular interest, divided into no interest. Therefore, the reason why the alarm classification is incorrect is analyzed according to the feedback of the user, and besides the defects of the system realization are eliminated, whether the condition that the information collection of the alarm is incomplete in the early stage exists or not is avoided. And after the collected information is supplemented, adjusting the training set and retraining the model.
6. The displayed alarm is adjusted according to the adjusted classification model, as shown in fig. 3.
The 'uncertain' in the embodiment 2 and the embodiment 3 is used as a default item to indicate an option which cannot be classified, and after the method of the embodiment 2 or the embodiment 3 is implemented, the option is finally marked as not needing attention, general attention or special attention; similarly, "uncertain" in the auxiliary mark is used as a default item to indicate an option which cannot be classified, and after the method of embodiment 2 or embodiment 3 is implemented, the auxiliary mark is finally marked as fault-related, linkage-related, auxiliary alarm, construction generation, false alarm or none.
In other embodiments, the "uncertain" in the first label may be classified as "don't care"; the "indeterminate" in the secondary marker is classified as "none".
Example 4
This embodiment is a monitored control system alarm information filtration system, includes:
the alarm information extraction module: the system is used for acquiring all historical alarm information in a given time interval; the alarm information acquisition device is used for acquiring alarm information related to an event result;
the alarm information marking module: the method is used for marking for the first time according to the relevance degree of each alarm information attribute relative to the working position, and the first marking is divided into the following parts from small to large: no attention, general attention and special attention is required; the alarm information related to the event result is defined as event related alarm information, and the event related alarm information is subjected to auxiliary marking according to the reason for generating the event result;
the alarm information processing module: the alarm information which has no direct relation with the event result is screened out according to the auxiliary mark of the event related alarm information to obtain effective alarm information; the first marking is used for judging the first marking of the effective alarm information, if the first marking of the effective alarm information is not concerned particularly or is concerned generally, the first marking is carried out again according to the relevance degree of each effective alarm information attribute relative to a work post, and at least one first marking of the effective alarm information is ensured to be concerned particularly or is concerned generally;
alarm information classification rule establishing module: the system comprises an alarm information processing module, a learning model and a classification model, wherein the alarm information processing module is used for extracting an alarm information sample set which is firstly marked and assisted to be marked, and sending the sample set into the learning model for training to generate the classification model; the system comprises a classification model, a first-time marking module, a second-time marking module, a third-time marking module and a fourth-time marking module, wherein the classification model is used for sending a known alarm information sample which is manually marked and auxiliary marked into the classification model for testing, and if the accuracy rate of a test result accords with an expected accuracy rate, the classification model is used for marking unknown alarm information;
the alarm information display module: and displaying the content of the alarm information to the corresponding work post according to the first mark and the auxiliary mark of the alarm information, and distinguishing colors according to the grade of the first mark.
The alarm information attributes comprise lines, stations, subsystems, equipment types, equipment numbers, equipment brand models, equipment installation positions, alarm time, alarm types and alarm values; the working post comprises a station leader, an on-duty station leader, a station affair, a line tone, an electric ring tone, a maintenance tone and an on-duty master and a duty; the auxiliary marks comprise fault correlation, linkage correlation, auxiliary alarm, construction generation, false alarm and no; the event results include the generation or execution of a repair order, the generation of a repair order within 24 hours by the malfunction alerting device, the triggering of an alert linkage, and the confirmation of linkage execution.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (10)
1. A monitoring system alarm information filtering method is characterized by comprising the following steps:
s1: acquiring all historical alarm information in a given time interval;
s2: marking for the first time according to the relevance degree of each alarm information attribute relative to the working position, wherein the first time marks are divided into three grades from small to large according to the relevance degree, and the grades are respectively as follows: no attention, general attention and special attention is required;
s3: acquiring alarm information related to an event result, defining the alarm information related to the event result as event related alarm information, and performing auxiliary marking on the event related alarm information according to the reason for generating the event result;
s4: screening out alarm information which has no direct relation with the event result according to the auxiliary mark of the event related alarm information to obtain effective alarm information;
s5: judging the first marking of the effective alarm information, if the first marking of the effective alarm information is not concerned with special attention or general attention, carrying out the first marking again according to the relevance of each effective alarm information attribute relative to a work post, and enabling at least one first marking of the effective alarm information to be concerned with special attention or general attention;
s6: extracting a warning information sample set marked for the first time and marked in the step S5, and sending the sample set into a learning model for training to generate a classification model;
s7: and sending the known alarm information samples which are marked for the first time and are marked for the auxiliary time manually into the classification model for testing, if the accuracy of the test result accords with the expected accuracy, marking the unknown alarm information by using the classification model, and displaying the alarm information according to the first marking grade and the auxiliary mark.
2. The monitoring system alert information filtering method of claim 1, wherein if the test result accuracy does not meet the expected accuracy, then steps S2-S7 are repeated.
3. The monitoring system alert information filtering method of claim 2, wherein the first marked and auxiliary marked known alert information samples are regenerated when an extension line access or a device replacement retrofit is available.
4. The monitoring system alarm information filtering method of claim 1, wherein the alarm information attributes include a line, a station, a subsystem, a device type, a device number, a device brand model, a device installation location, an alarm time, an alarm type, and an alarm value; the working posts comprise a station leader, an on-duty station leader, a station service, a line dispatching, an electric ring dispatching, a maintenance dispatching and an on-duty master; the auxiliary marks comprise fault correlation, linkage correlation, auxiliary alarm, construction generation, false alarm and non-fault.
5. The monitoring system alarm information filtering method of claim 4, wherein for a same job, the secondary label is alarm information that is an affiliated alarm, the primary label of which is lower in rank than the primary label of the primary alarm to which it is affiliated, the primary alarm being alarm information that has a direct relationship with the event result.
6. The monitoring system alert information filtering method of claim 1, wherein the event result includes: the generation or execution of a maintenance order, the generation of a maintenance order by the fault alarm device, the triggering of linkage by the alarm and the confirmation of the execution of linkage are carried out within 24 hours.
7. The monitoring system alarm information filtering method of claim 1, wherein the learning model is trained by a decision tree algorithm or a neural network algorithm.
8. The monitoring system alarm information filtering method of claim 1, wherein the monitoring system alarm information includes an equipment body fault alarm, a sensor detection alarm, an equipment reported value overrun alarm, an equipment action state alarm, and a network interruption alarm.
9. A monitoring system alarm information filtering system, comprising:
the alarm information extraction module: the system is used for acquiring all historical alarm information in a given time interval; the alarm information acquisition device is used for acquiring alarm information related to an event result;
the alarm information marking module: the method is used for marking for the first time according to the relevance degree of each alarm information attribute relative to a working post, and the first marking is divided into the following parts from small to large: no attention, general attention and special attention is required; the alarm information related to the event result is defined as event related alarm information, and auxiliary marking is carried out on the event related alarm information according to the reason for generating the event result;
the alarm information processing module: the alarm information which has no direct relation with the event result is screened out according to the auxiliary mark of the event related alarm information to obtain effective alarm information; the first marking is used for judging the effective alarm information, if the first marking of the effective alarm information is not concerned with special attention or general attention, the first marking is carried out again according to the relevance degree of each effective alarm information attribute relative to a work post, and at least one first marking of the effective alarm information is ensured to be concerned with special attention or general attention;
alarm information classification rule establishing module: the alarm information processing module is used for extracting an alarm information sample set which is firstly marked and assisted to be marked by the alarm information processing module, and sending the sample set into a learning model for training to generate a classification model; the system comprises a classification model, a first-time marking module, a second-time marking module and a third-time marking module, wherein the classification model is used for sending a known alarm information sample which is manually marked for the first time and is subjected to auxiliary marking into the classification model for testing, and if the accuracy rate of a test result accords with an expected accuracy rate, the classification model;
the alarm information display module: and displaying the content of the alarm information to a corresponding working post according to the first mark and the auxiliary mark of the alarm information, and distinguishing colors according to the grade of the first mark.
10. The monitoring system alarm information filtering system of claim 9, wherein the alarm information attributes include a line, a station, a subsystem, a device type, a device number, a device brand model, a device installation location, an alarm time, an alarm type, and an alarm value; the working posts comprise a station leader, an on-duty station leader, a station service, a line dispatching, an electric ring dispatching, a maintenance dispatching and an on-duty master; the auxiliary marks comprise fault correlation, linkage correlation, auxiliary alarm, construction generation, false alarm and non-fault; the event results include the generation or execution of a service order, the generation of a service order by the fail-safe device within 24 hours, the triggering of an alarm and the confirmation of the execution of linkage.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010643264.4A CN111538643B (en) | 2020-07-07 | 2020-07-07 | Alarm information filtering method and system for monitoring system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010643264.4A CN111538643B (en) | 2020-07-07 | 2020-07-07 | Alarm information filtering method and system for monitoring system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111538643A true CN111538643A (en) | 2020-08-14 |
| CN111538643B CN111538643B (en) | 2020-10-16 |
Family
ID=71968561
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010643264.4A Active CN111538643B (en) | 2020-07-07 | 2020-07-07 | Alarm information filtering method and system for monitoring system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111538643B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112418200A (en) * | 2021-01-25 | 2021-02-26 | 成都点泽智能科技有限公司 | Object detection method and device based on thermal imaging and server |
| CN112927481A (en) * | 2021-01-21 | 2021-06-08 | 中广核工程有限公司 | Alarm filtering method, system, medium and electronic equipment for nuclear power plant |
| CN113722140A (en) * | 2021-08-30 | 2021-11-30 | 中国地质大学(武汉) | Industrial alarm flooding root cause diagnosis method based on small sample learning and storage medium |
| CN116781481A (en) * | 2023-04-28 | 2023-09-19 | 湖北清江水电开发有限责任公司 | Auxiliary analysis method for alarm message of centralized control center monitoring system of river basin step power station |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102156447A (en) * | 2010-12-03 | 2011-08-17 | 中冶南方工程技术有限公司 | Basic automation-based plant-level equipment management and alarming system and method |
| CN103700031A (en) * | 2013-12-19 | 2014-04-02 | 国家电网公司 | Electric power warning information publishing method in regulation and control integration mode |
| CN106708692A (en) * | 2015-11-13 | 2017-05-24 | 阿里巴巴集团控股有限公司 | Method and device for building filtering alarm model, filtering alarm method and device and electronic equipment |
| US9778351B1 (en) * | 2007-10-04 | 2017-10-03 | Hrl Laboratories, Llc | System for surveillance by integrating radar with a panoramic staring sensor |
| CN107832200A (en) * | 2017-10-24 | 2018-03-23 | 平安科技(深圳)有限公司 | Alert processing method, device, computer equipment and storage medium |
| CN109800127A (en) * | 2019-01-03 | 2019-05-24 | 众安信息技术服务有限公司 | A kind of system fault diagnosis intelligence O&M method and system based on machine learning |
| CN109978005A (en) * | 2019-02-25 | 2019-07-05 | 深圳市中电数通智慧安全科技股份有限公司 | A kind of fire alarm method, device, storage medium and terminal device |
| CN110321268A (en) * | 2019-06-12 | 2019-10-11 | 平安科技(深圳)有限公司 | A kind of alarm information processing method and device |
| CN111090747A (en) * | 2019-12-03 | 2020-05-01 | 国家电网有限公司 | Power communication fault emergency disposal method based on neural network classification |
-
2020
- 2020-07-07 CN CN202010643264.4A patent/CN111538643B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9778351B1 (en) * | 2007-10-04 | 2017-10-03 | Hrl Laboratories, Llc | System for surveillance by integrating radar with a panoramic staring sensor |
| CN102156447A (en) * | 2010-12-03 | 2011-08-17 | 中冶南方工程技术有限公司 | Basic automation-based plant-level equipment management and alarming system and method |
| CN103700031A (en) * | 2013-12-19 | 2014-04-02 | 国家电网公司 | Electric power warning information publishing method in regulation and control integration mode |
| CN106708692A (en) * | 2015-11-13 | 2017-05-24 | 阿里巴巴集团控股有限公司 | Method and device for building filtering alarm model, filtering alarm method and device and electronic equipment |
| CN107832200A (en) * | 2017-10-24 | 2018-03-23 | 平安科技(深圳)有限公司 | Alert processing method, device, computer equipment and storage medium |
| CN109800127A (en) * | 2019-01-03 | 2019-05-24 | 众安信息技术服务有限公司 | A kind of system fault diagnosis intelligence O&M method and system based on machine learning |
| CN109978005A (en) * | 2019-02-25 | 2019-07-05 | 深圳市中电数通智慧安全科技股份有限公司 | A kind of fire alarm method, device, storage medium and terminal device |
| CN110321268A (en) * | 2019-06-12 | 2019-10-11 | 平安科技(深圳)有限公司 | A kind of alarm information processing method and device |
| CN111090747A (en) * | 2019-12-03 | 2020-05-01 | 国家电网有限公司 | Power communication fault emergency disposal method based on neural network classification |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112927481A (en) * | 2021-01-21 | 2021-06-08 | 中广核工程有限公司 | Alarm filtering method, system, medium and electronic equipment for nuclear power plant |
| CN112418200A (en) * | 2021-01-25 | 2021-02-26 | 成都点泽智能科技有限公司 | Object detection method and device based on thermal imaging and server |
| CN113722140A (en) * | 2021-08-30 | 2021-11-30 | 中国地质大学(武汉) | Industrial alarm flooding root cause diagnosis method based on small sample learning and storage medium |
| CN113722140B (en) * | 2021-08-30 | 2023-08-04 | 中国地质大学(武汉) | Industrial alarm flooding source diagnosis method based on small sample learning and storage medium |
| CN116781481A (en) * | 2023-04-28 | 2023-09-19 | 湖北清江水电开发有限责任公司 | Auxiliary analysis method for alarm message of centralized control center monitoring system of river basin step power station |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111538643B (en) | 2020-10-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111538643B (en) | Alarm information filtering method and system for monitoring system | |
| CN110366031B (en) | Vision-based abnormal state monitoring and fault diagnosis method for MES (manufacturing execution system) of digital workshop | |
| CN102638100B (en) | District power network equipment abnormal alarm signal association analysis and diagnosis method | |
| CN109800127A (en) | A kind of system fault diagnosis intelligence O&M method and system based on machine learning | |
| CN106655522A (en) | Master station system suitable for operation and maintenance management of secondary equipment of power grid | |
| CN109343395B (en) | Abnormity detection system and method for DCS operation log of nuclear power plant | |
| CN109347202B (en) | Typical operation identification and multidimensional analysis method for monitoring equipment | |
| CN113325153A (en) | Water quality multi-parameter monitoring comprehensive information management system | |
| CN110941918B (en) | Intelligent substation fault analysis system | |
| CN103489138B (en) | The Controlling UEP method of a kind of power transmission network failure message and the out-of-limit information of circuit | |
| CN102447570A (en) | Monitoring device and method based on health degree analysis | |
| CN107798395A (en) | A kind of power grid accident signal automatic diagnosis method and system | |
| CN102881125A (en) | Alarm monitoring system based on multi-information fusion centralized processing platform | |
| CN104657913A (en) | Intelligent warning system based on all-data model | |
| CN108345282A (en) | A kind of pumping station operation abnormality diagnostic method and system based on artificial intelligence | |
| CN112785458A (en) | Intelligent management and maintenance system for bridge health big data | |
| CN110689148A (en) | Metering equipment fault detection method based on AR technology | |
| CN103049365B (en) | Information and application resource running state monitoring and evaluation method | |
| CN104574219A (en) | System and method for monitoring and early warning of operation conditions of power grid service information system | |
| CN114374597A (en) | Fault processing method, device, equipment and product of network event | |
| CN113281616A (en) | Power transmission line fault diagnosis method, system and framework based on expert system | |
| CN109885978B (en) | Remote sensing ground station fault diagnosis system and method | |
| CN112561764A (en) | Intelligent environment-friendly big data service integrated management system and method | |
| CN113626480A (en) | Direct current converter station SER event set diagnosis method based on improved association rule | |
| CN115018434A (en) | Remote operation and maintenance management system for new energy power station |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |