CN114707834A - Alarm reminding method and device and storage medium - Google Patents
Alarm reminding method and device and storage medium Download PDFInfo
- Publication number
- CN114707834A CN114707834A CN202210297105.2A CN202210297105A CN114707834A CN 114707834 A CN114707834 A CN 114707834A CN 202210297105 A CN202210297105 A CN 202210297105A CN 114707834 A CN114707834 A CN 114707834A
- Authority
- CN
- China
- Prior art keywords
- alarm
- target
- historical
- information
- alarm information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 84
- 238000003860 storage Methods 0.000 title claims abstract description 25
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 54
- 230000002159 abnormal effect Effects 0.000 claims abstract description 29
- 238000012545 processing Methods 0.000 claims description 22
- 238000012544 monitoring process Methods 0.000 claims description 7
- 238000011282 treatment Methods 0.000 abstract description 12
- 238000013473 artificial intelligence Methods 0.000 abstract description 2
- 230000006870 function Effects 0.000 description 13
- 238000012423 maintenance Methods 0.000 description 13
- 238000004891 communication Methods 0.000 description 11
- 238000013461 design Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 7
- 230000005856 abnormality Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000013459 approach Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 4
- PCHJSUWPFVWCPO-UHFFFAOYSA-N gold Chemical compound [Au] PCHJSUWPFVWCPO-UHFFFAOYSA-N 0.000 description 4
- 239000010931 gold Substances 0.000 description 4
- 229910052737 gold Inorganic materials 0.000 description 4
- 238000012546 transfer Methods 0.000 description 4
- 238000007621 cluster analysis Methods 0.000 description 3
- 238000004590 computer program Methods 0.000 description 3
- 238000000638 solvent extraction Methods 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000009826 distribution Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000008439 repair process Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 235000018185 Betula X alpestris Nutrition 0.000 description 1
- 235000018212 Betula X uliginosa Nutrition 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000015271 coagulation Effects 0.000 description 1
- 238000005345 coagulation Methods 0.000 description 1
- 238000007418 data mining Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000003064 k means clustering Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000011269 treatment regimen Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 239000013598 vector Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Human Resources & Organizations (AREA)
- Strategic Management (AREA)
- Economics (AREA)
- Entrepreneurship & Innovation (AREA)
- General Business, Economics & Management (AREA)
- Finance (AREA)
- Development Economics (AREA)
- Marketing (AREA)
- Accounting & Taxation (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Educational Administration (AREA)
- Tourism & Hospitality (AREA)
- Quality & Reliability (AREA)
- Operations Research (AREA)
- Game Theory and Decision Science (AREA)
- Technology Law (AREA)
- Alarm Systems (AREA)
Abstract
The invention discloses an alarm reminding method, an alarm reminding device and a storage medium, which relate to the technical field of artificial intelligence and are used for improving the efficiency and the accuracy of judging the risk level of alarm information when a bank system sends the alarm information, carrying out corresponding emergency treatment in time and improving the efficiency of solving the system abnormal problem corresponding to the alarm information, and comprise the following steps: acquiring target alarm information sent by an alarm system; matching the target alarm information with a historical knowledge base based on a clustering algorithm; if a first historical alarm record with the similarity to the target alarm information being greater than or equal to a preset similarity is obtained from a historical knowledge base, determining a target risk level corresponding to the target alarm information based on the first historical alarm record; sending first early warning information under the condition that the target risk level is greater than or equal to a preset risk level; the first early warning information is used for indicating a target risk level corresponding to the target warning information. The embodiment of the invention is applied to the scene of sending the alarm information.
Description
Technical Field
The invention relates to the technical field of artificial intelligence, in particular to an alarm reminding method, an alarm reminding device and a storage medium.
Background
At present, when a bank system sends alarm information during 24-hour duty work of a bank operation and maintenance team, operation and maintenance personnel can only rely on self experience to combine with other system information such as transaction amount and the like, search historical alarm information and relevant feedback conditions and preliminarily judge the risk level of current alarm information when contacting corresponding system responsible persons to confirm the influence of the alarm information on the bank system, so that system problems are correspondingly treated according to the predicted risk level.
However, due to the diversity of the bank application system, the alarm information is more and more, a large amount of alarm information increases the difficulty of the operation and maintenance personnel in judging the risk level of each alarm information, the adoption of the above method to determine the risk level of the alarm information often generates higher time cost, correspondingly prolongs the handling time of the system problem corresponding to the alarm information, and even misses the optimal handling opportunity, thereby causing the online influence of the bank system.
Therefore, when the bank system sends the alarm information, the operation and maintenance personnel cannot timely make accurate judgment on the risk level of the alarm information quickly, and further cannot timely perform emergency treatment, and the efficiency of solving the system problem corresponding to the alarm information is poor.
Disclosure of Invention
The embodiment of the invention provides an alarm reminding method, an alarm reminding device and a storage medium, which are used for improving the efficiency and the accuracy of judging the risk level of alarm information when a bank system sends the alarm information, carrying out corresponding emergency treatment in time and improving the efficiency of solving the system abnormity problem corresponding to the alarm information.
In order to achieve the above purpose, the embodiment of the invention adopts the following technical scheme:
in a first aspect, an alarm reminding method is provided, and the method includes: acquiring target alarm information sent by an alarm system; matching the target alarm information with a historical knowledge base based on a clustering algorithm, wherein the historical knowledge base comprises a plurality of historical alarm records; if a first historical alarm record with the similarity to the target alarm information being greater than or equal to a preset similarity is obtained from a historical knowledge base, determining a target risk level corresponding to the target alarm information based on the first historical alarm record; sending first early warning information under the condition that the target risk level is greater than or equal to a preset risk level; the first early warning information is used for indicating a target risk level corresponding to the target warning information.
In one possible implementation, the method further includes: when the number of the first alarm information acquired within the preset time is larger than or equal to the preset number, acquiring all alarm information sent by an alarm system aiming at a target system within the preset time based on a clustering algorithm; the first warning information is a plurality of pieces of warning information corresponding to the target system and related to the target user, and all the warning information is the warning information corresponding to the target system and related to a plurality of users; generating second early warning information based on all the warning information corresponding to the target system, and respectively sending the second early warning information to a plurality of users; the second early warning information is used for prompting a plurality of users to pay attention to all warning information corresponding to the target system.
In one possible implementation manner, the alarm system is an alarm system corresponding to a financial system, the financial system includes a plurality of application systems, and each historical alarm record is used for indicating a corresponding relationship between historical alarm information and a risk level; the first historical alarm record with the similarity greater than or equal to the preset similarity with the target alarm information is a historical alarm record corresponding to the historical alarm information with the similarity greater than or equal to the preset similarity with the target alarm information in the historical knowledge base; the method further comprises the following steps: determining a target disposal strategy corresponding to the target alarm information based on the first historical alarm record; sending out third early warning information; the third early warning information is used for indicating a target disposal strategy corresponding to the target warning information. .
In a possible implementation manner, before target alarm information sent by the alarm system is obtained, the method further includes: acquiring a plurality of pieces of historical alarm information, a risk level corresponding to each piece of historical alarm information and a disposal strategy corresponding to each piece of historical alarm information, constructing a historical knowledge base, and associating the historical knowledge base with an alarm system; the alarm system is used for monitoring whether the abnormality occurs in a plurality of application systems included in the financial system.
In a possible implementation manner, each historical alarm record included in the historical knowledge base is used for indicating a corresponding relation among historical alarm information, risk levels and disposal strategies, and the disposal strategies are used for indicating strategy information for releasing the historical alarm information; determining a target disposal strategy corresponding to the target alarm information based on the first historical alarm record, wherein the target disposal strategy comprises the following steps: and acquiring a disposal strategy corresponding to the first historical alarm record, and determining a target disposal strategy corresponding to the target alarm information based on the disposal strategy corresponding to the first historical alarm record.
In a second aspect, an alarm device is provided, which includes: the device comprises an acquisition unit, a processing unit, a determination unit and a sending unit; the acquisition unit is used for acquiring target alarm information sent by an alarm system; the processing unit is used for matching the target alarm information with a historical knowledge base based on a clustering algorithm, wherein the historical knowledge base comprises a plurality of historical alarm records; the determination unit is used for determining a target risk level corresponding to the target alarm information based on a first historical alarm record if the first historical alarm record with the similarity to the target alarm information being greater than or equal to a preset similarity is acquired from a historical knowledge base; the transmitting unit is used for transmitting first early warning information under the condition that the target risk level is greater than or equal to a preset risk level; the first early warning information is used for indicating a target risk level corresponding to the target warning information.
In a possible implementation manner, the obtaining unit is further configured to obtain, based on a clustering algorithm, all alarm information sent by the alarm system for the target system within a preset duration when the number of the first alarm information obtained within the preset duration is greater than or equal to a preset number; the first warning information is a plurality of pieces of warning information corresponding to the target system and related to the target user, and all the warning information is the warning information corresponding to the target system and related to a plurality of users; warning reminder device still includes: a generating unit; the generating unit is used for generating second early warning information based on all the warning information corresponding to the target system; the sending unit is also used for respectively sending second early warning information to a plurality of users; the second early warning information is used for prompting a plurality of users to pay attention to all warning information corresponding to the target system.
In one possible implementation manner, the alarm system is an alarm system corresponding to a financial system, the financial system includes a plurality of application systems, and each historical alarm record is used for indicating a corresponding relationship between historical alarm information and a risk level; the first historical alarm record with the similarity greater than or equal to the preset similarity with the target alarm information is a historical alarm record corresponding to the historical alarm information with the similarity greater than or equal to the preset similarity with the target alarm information in the historical knowledge base; the determining unit is further used for determining a target disposal strategy corresponding to the target alarm information based on the first historical alarm record; the sending unit is also used for sending third early warning information; the third early warning information is used for indicating a target disposal strategy corresponding to the target warning information.
In a possible implementation manner, the obtaining unit is further configured to obtain a plurality of pieces of historical alarm information, a risk level corresponding to each piece of historical alarm information, and a disposal policy corresponding to each piece of historical alarm information; the processing unit is used for constructing a historical knowledge base and associating the historical knowledge base with the alarm system; the alarm system is used for monitoring whether the abnormality occurs in a plurality of application systems included in the financial system.
In a possible implementation manner, each historical alarm record included in the historical knowledge base is used for indicating a corresponding relation among historical alarm information, risk levels and disposal strategies, and the disposal strategies are used for indicating strategy information for releasing the historical alarm information; the acquiring unit is specifically used for acquiring a disposal strategy corresponding to the first historical alarm record; and the determining unit is specifically configured to determine a target disposal policy corresponding to the target alarm information based on the disposal policy corresponding to the first historical alarm record.
In a third aspect, an electronic device comprises: a processor and a memory; wherein the memory is used for storing one or more programs, the one or more programs comprising computer executable instructions, and the processor executes the computer executable instructions stored by the memory when the electronic device is running, so as to make the electronic device execute the alarm reminding method according to the first aspect.
In a fourth aspect, a computer-readable storage medium stores instructions that, when executed by a computer, cause the computer to perform an alert reminder method as in the first aspect.
In a fifth aspect, a computer program product comprises instructions which, when run on a computer, cause the computer to perform a method of alert reminder as in the first aspect.
The embodiment of the invention provides an alarm reminding method, an alarm reminding device and a storage medium, which are applied to a scene of sending alarm information, under the condition that whether a plurality of application systems are abnormal or not is monitored through an alarm system, when the alarm system sends target alarm information, the target alarm information sent by the alarm system can be obtained, and the target alarm information and a historical knowledge base are matched based on a clustering algorithm, so that a first historical alarm record with the similarity of the target alarm information being greater than or equal to a preset similarity is obtained from the historical knowledge base; therefore, the target risk level corresponding to the target alarm information is determined based on the risk level corresponding to the first historical alarm record; and sending first early warning information for indicating the target risk level corresponding to the target warning information when the target risk level is greater than or equal to the preset risk level. The risk grade of the alarm information is judged without depending on self experience and related information of operation and maintenance personnel, so that the risk grade is not limited by the self experience or technical level of the operation and maintenance personnel and external factors, the risk grade corresponding to the alarm information can be automatically judged based on a historical knowledge base and a clustering algorithm, the alarm information with higher risk is automatically determined and a prompt is sent out according to whether the current alarm information is matched with the historical alarm records in the historical knowledge base, and the efficiency and the accuracy of judging the risk grade of the alarm information can be improved so as to carry out corresponding emergency treatment in time.
Drawings
Fig. 1 is a schematic structural diagram of an alarm reminding system according to an embodiment of the present invention;
fig. 2 is a first schematic flow chart of an alarm reminding method according to an embodiment of the present invention;
fig. 3 is a schematic flow chart of an alarm reminding method according to an embodiment of the present invention;
fig. 4 is a schematic flow chart of an alarm reminding method according to an embodiment of the present invention;
fig. 5 is a fourth schematic flowchart of an alarm reminding method according to an embodiment of the present invention;
fig. 6 is a fifth flowchart of an alarm reminding method according to an embodiment of the present invention;
fig. 7 is a first schematic structural diagram of an alarm notification device according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of an alarm reminding device according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention.
In the description of the present invention, "/" means "or" unless otherwise specified, for example, a/B may mean a or B. "and/or" herein is merely an association describing an associated object, and means that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. Further, "at least one" or "a plurality" means two or more. The terms "first", "second", and the like do not necessarily limit the number and execution order, and the terms "first", "second", and the like do not necessarily limit the difference.
At present, in a 24-hour work on duty, because a banking system includes a plurality of application systems (such as a cross-bank transfer system, a gold transaction system, a bond transaction system, etc.), due to the diversity of the application systems and the respective specificity and personalization of each system, corresponding alarm information (an alarm caused by a system fault) is increasing. At present, more and more new colleagues are added into the work of the shift duty for 24 hours, and the difficulty of identifying the risk level of the shift operator by a large amount of application alarms in the shift duty process is increased. How to quickly identify alarm information (alarm with high risk level) needing special attention from a large amount of alarm information, and timely emergency treatment are also increasingly important. The system alarm information processing method can make corresponding disposal reaction on the system alarm information rapidly in time, and can perform emergency disposal as early as possible, thereby avoiding and reducing the influence on the online transaction of the production environment as much as possible, and being more and more important.
For the alarm information of some application systems, due to the differences of different application systems and the characteristic that the alarm information is more various, the judgment of a system principal is influenced to a certain extent. When an alarm system sends alarm information of system abnormality more than one application system, for some alarm information with alarm level (risk level) not particularly high, the operator on duty can only rely on own experience to combine with other system information such as transaction amount and the like, search for the alarm information and feedback condition of the current period while contacting the system responsible person (system developer) corresponding to the application system to confirm alarm influence. Especially during night and holidays, this situation often results in high time cost, and accordingly, the time for disposing of the system abnormality is increased, and even the best disposing opportunity is missed, which causes on-line influence.
In the embodiment of the present invention, the clustering algorithm is also called cluster analysis (group analysis), which is a statistical analysis method for studying (sample or index) classification problems, and is also an important algorithm for data mining. Clustering (Cluster) analysis is composed of several patterns (patterns), which are typically vectors of a metric (measure) or a point in a multidimensional space. Cluster analysis is based on similarity, with more similarity between patterns in one cluster than between patterns not in the same cluster. Algorithms for cluster analysis can be classified into a Partitioning method (Partitioning Methods), a Hierarchical method (Hierarchical Methods), a density-Based method (density-Based Methods), a grid-Based method (grid-Based Methods), and a Model-Based method (Model-Based Methods).
Partitioning methods, given a data set with N tuples or records, will construct K groups, each representing a cluster, K < N. And the K packets satisfy the following condition: (1) each group at least comprises a data record; (2) each data record belongs to and only one grouping (note: this requirement can be relaxed in some fuzzy clustering algorithms); for a given K, the algorithm first gives an initial grouping method, and then changes the grouping by iterative methods, so that the grouping scheme after each improvement is better than the previous one, and the so-called good criterion is: the closer records in the same group the better, while the farther records in different groups the better. Algorithms that use this basic idea are: K-MEANS algorithm, K-MEDOIDS algorithm, CLARANS algorithm.
Hierarchical methods (hierarchical methods) that decompose a given data set hierarchically until a condition is satisfied. The method can be divided into two schemes of bottom-up and top-down. Hierarchical clustering methods may be distance-based or density or connectivity-based. Some extensions to the hierarchical clustering approach also consider subspace clustering. The drawback of the hierarchical approach is that once a step (merge or split) is completed, it cannot be undone. This strict specification is useful because there is no concern about the number of combinations of different choices, which would result in less computational overhead. However, this technique cannot correct erroneous decisions. Several methods have been proposed to improve hierarchical clustering quality. The representative algorithm is: BIRCH algorithm, CURE algorithm, chaleleon algorithm, etc.
Density-based methods, one fundamental difference between density-based methods and others is: it is not based on a wide range of distances, but rather on density. This overcomes the disadvantage that distance-based algorithms can only find "circle-like" clusters. The guiding idea of this method is to add a point in a region to its neighboring clusters whenever its density exceeds a certain threshold. The representative algorithm is: DBSCAN algorithm, OPTICS algorithm, cancel algorithm, etc.
Grid-based methods, which first divide the data space into a grid structure of a finite number of cells (cells), all of the processing is targeted at a single cell. A significant advantage of this is that the processing is fast, typically independent of the number of records in the target database, which is only dependent on how many cells the data space is divided into. The representative algorithm is: STING algorithm, CLIQUE algorithm, WAVE-CLUSTER algorithm.
Model-based methods (model-based methods) assume a model for each cluster and then look for a data set that can well satisfy the model. Such a model may be a function of the density distribution of data points in space or otherwise. One potential assumption for this is that: the target data set is determined by a series of probability distributions. There are generally two directions of attempt: statistical approaches and approaches to neural networks.
The alarm reminding method provided by the embodiment of the invention can be suitable for an alarm reminding system. Fig. 1 shows a schematic structural diagram of the alarm reminding system. As shown in fig. 1, the alarm alert system 10 includes an alarm system 11, a first application system 12, a second application system 13, and the like. The alarm system 11 is used for monitoring whether an abnormal problem exists in the first application system 12 and the second application system 13; and in case of an abnormal problem in the first application system 12 and the second application system 13, sending alarm information, which may be device abnormal alarm information, data abnormal alarm information, transmission abnormal alarm information, etc.
The embodiment of the present application is not limited to the specific application scenarios of the alarm system 11, the first application system 12, and the second application system 13, and may be, for example, systems in a financial or banking system. Specifically, the first application system 12 and the second application system 13 may be a bank-crossing transfer system, a gold transaction system, a bond transaction system, and the like included in a banking system, respectively. It is understood that the alarm notification system 10 may include a plurality of application systems to control different business processes, respectively. The embodiment of the present invention is exemplified by the case that the alarm reminding system 10 includes two systems, i.e. a first application system 12 and a second application system 13.
It should be noted that the alarm system 11, the first application system 12, and the second application system 13 may be disposed in separate servers (or electronic devices), or may be integrated in the same server, which is not limited in this disclosure.
When the alarm system 11, the first application system 12 and the second application system 13 are integrated in the same server, the communication mode between the alarm system 11, the first application system 12 and the second application system 13 is the communication between the internal modules of the server. In this case, the communication flow between the two is the same as the "communication flow between the alarm system 11, the first application system 12, and the second application system 13 when they are provided in mutually independent servers".
In the following embodiments provided by the present invention, the present invention is described by taking an example in which the alarm system 11, the first application system 12, and the second application system 13 are integrated in the same server.
An alarm reminding method provided by the embodiment of the invention is described below with reference to the accompanying drawings.
As shown in fig. 2, an alarm reminding method provided in an embodiment of the present invention is applied to a server, and includes: S201-S204:
s201, acquiring target alarm information sent by an alarm system;
s202, matching the target alarm information with the historical knowledge base based on a clustering algorithm.
Wherein the historical knowledge base comprises a plurality of historical alarm records.
In the embodiment of the present invention, an alarm system is taken as an example of an alarm system corresponding to a banking system, and the banking system may include a plurality of application systems (e.g., a cross-bank transfer system, a gold transaction system, a bond transaction system, etc.).
Illustratively, in the normal operation process of the bank system, the alarm system needs to monitor the equipment operation condition, the data transmission condition, the data change condition, and the like of the bank system in real time. Specifically, the alarm system is required to monitor the real-time states of the cross-bank transfer system, the gold transaction system and the bond transaction system in real time. When the systems are in abnormal conditions, emergency treatment is carried out in time, corresponding emergency treatment strategies are made, normal operation of the systems is maintained, and influences on online transactions of production environments are avoided and reduced as much as possible.
As a possible implementation manner, the alarm system monitors a plurality of application systems included in the banking system in real time, and when any one of the application systems is abnormal, the alarm system may send alarm information (that is, the alarm information is used to indicate that an abnormal problem occurs in a certain application system).
As a possible implementation manner, when the alarm system sends the alarm information, the electronic device may obtain the alarm information (i.e., the target alarm information) sent by the alarm system, so as to match the current alarm information with the corresponding first historical alarm record from the historical knowledge base.
It should be noted that the historical knowledge base includes a plurality of historical alarm records, and each historical alarm record is formed according to historical alarm information, a risk level corresponding to each historical alarm information, and a disposal policy corresponding to each historical alarm information.
As a possible implementation manner, the alarm system needs to be associated with the historical knowledge base, so that when the alarm system sends out alarm information, a clustering algorithm can be adopted to match the alarm information sent out by the alarm system with the knowledge base according to preset matching rules and threshold values, and thus historical alarm records meeting the matching rules and the threshold values are obtained from the historical knowledge base.
It can be understood that the similarity between each historical alarm record included in the historical knowledge base and the target alarm information may be determined respectively, and the historical alarm record with the similarity greater than or equal to the preset similarity may be determined as the first historical alarm record. I.e., the first historical alert record may indicate at least one historical alert record.
As a possible implementation manner, the clustering algorithm applied in the embodiment of the present invention may be any one of the following: K-Means clustering algorithm, mean shift clustering algorithm, density based clustering method (DBSCAN), maximum Expectation (EM) clustering algorithm with Gaussian Mixture Model (GMM), coagulation level clustering algorithm, Graph Community Detection (Graph Community Detection) algorithm, etc. In the actual use process, the clustering algorithm applied specifically is determined according to the actual use requirement, and the invention is not limited.
S203, if a first historical alarm record with the similarity of the target alarm information being larger than or equal to a preset similarity is obtained from the historical knowledge base, determining a target risk level corresponding to the target alarm information based on the first historical alarm record.
It can be understood that each historical alarm record in the historical knowledge base includes one piece of historical alarm information, a risk level corresponding to the historical alarm information, and a disposal policy corresponding to the historical alarm information, so that after a first historical alarm record matching with a target alarm information is determined, the risk level corresponding to the historical alarm information included in the first historical alarm record can be determined, and thus the target risk level corresponding to the target alarm information can be determined by referring to the risk level corresponding to the historical alarm information.
It should be noted that the risk level corresponding to the alarm information includes multiple levels, for example, the risk level may be divided into: the low risk level, the medium risk level, the high risk level and the like can determine the risk level of the alarm information according to the influence degree of the abnormal problem corresponding to the alarm information on the application system.
Further, in a case where the first historical alarm record indicates a plurality of historical alarm records, an average risk level may be determined as a target risk level according to a risk level corresponding to each of the plurality of historical alarm records.
And S204, sending first early warning information under the condition that the target risk level is greater than or equal to the preset risk level.
The first early warning information is used for indicating a target risk level corresponding to the target warning information.
In one design, the alarm system is an alarm system corresponding to a bank system, the bank system comprises a plurality of application systems, a historical knowledge base comprises a plurality of historical alarm records, each historical alarm record is used for indicating the corresponding relation among historical alarm information, risk levels and disposal strategies, and the disposal strategies are used for indicating the operation steps of relieving the historical alarm information.
As a possible implementation manner, the preset risk level may be set as a medium risk level, so that when the target risk level is greater than or equal to the preset risk level (that is, the target risk level is a medium risk level or a high risk level), the first warning information is sent to mainly remind the target warning information.
In the embodiment of the invention, under the condition that whether a plurality of application systems are abnormal is monitored through an alarm system, when the alarm system sends out target alarm information, the target alarm information sent out by the alarm system can be obtained, and the target alarm information and a historical knowledge base are matched based on a clustering algorithm, so that a first historical alarm record with the similarity of the target alarm information being more than or equal to the preset similarity is obtained from the historical knowledge base; therefore, the target risk level corresponding to the target alarm information is determined based on the risk level corresponding to the first historical alarm record; and sending first early warning information for indicating the target risk level corresponding to the target warning information when the target risk level is greater than or equal to the preset risk level. The risk grade of the alarm information is judged without depending on self experience and related information of operation and maintenance personnel, so that the risk grade is not limited by the self experience or technical level of the operation and maintenance personnel and external factors, the risk grade corresponding to the alarm information can be automatically judged based on a historical knowledge base and a clustering algorithm, the alarm information with higher risk is automatically determined and a prompt is sent out according to whether the current alarm information is matched with the historical alarm records in the historical knowledge base, and the efficiency and the accuracy of judging the risk grade of the alarm information can be improved so as to carry out corresponding emergency treatment in time.
In one design, to solve the problem that the alarm system sends out multiple pieces of alarm information within a preset time period, as shown in fig. 3, the alarm reminding method provided in the embodiment of the present invention may further include the following steps S301 to S302.
S301, when the number of the first alarm information acquired within the preset time is larger than or equal to the preset number, acquiring all alarm information sent by the alarm system to the target system within the preset time based on a clustering algorithm.
The first warning information is a plurality of pieces of warning information corresponding to the target system and related to the target user, and all the warning information is the warning information corresponding to the target system and related to the plurality of users.
It should be noted that each of the multiple application systems included in the banking system corresponds to multiple users (operation and maintenance staff, operation and maintenance team), that is, the multiple users respectively manage part of the content in one application system.
It can be understood that the plurality of pieces of alarm information acquired within the preset time period are alarm information of abnormal problems corresponding to part of contents managed by a target user in a target system of a plurality of application systems included in a bank system. The preset duration and the preset number are predetermined data and can be adjusted according to actual use requirements.
As a possible implementation manner, when a large number of abnormal problems occur in a target system in a plurality of application systems included in a bank system within a short time and a large number of alarm information corresponding to the target system is generated by an alarm system, matching may be performed in the alarm system through a keyword according to a clustering algorithm, so as to obtain all alarm information corresponding to the target system transmitted within the time period (preset time length), and integrate the obtained alarm information, and respectively transmit the integrated alarm information to a plurality of users corresponding to the target system.
Specifically, when the alarm system sends a large amount of alarm information corresponding to the target system in a short time, cluster matching collection can be performed through keywords such as the IP address of the target system and the identifier of the target system, all alarm information corresponding to the target system is obtained from all alarm information (i.e., all alarm information corresponding to a plurality of application programs) sent by the alarm system in the time period, and integration processing is performed to push a large amount of alarm information appearing in the target system to a plurality of users corresponding to the target system, so that prompt information for disposal is updated in time.
S302, generating second early warning information based on all the warning information corresponding to the target system, and respectively sending the second early warning information to a plurality of users.
And the second early warning information is used for prompting all warning information corresponding to the plurality of users concerning the target system.
As a possible implementation manner, after all the warning information corresponding to the target system is acquired, the acquired warning information may be integrated to generate second warning information, so that a plurality of users corresponding to the target system are prompted by the second warning information.
It can be understood that the second warning information may include all warning information corresponding to the target system.
Further, when a large amount of alarm information corresponding to a certain application system appears in a short time, for each alarm information in the large amount of alarm information, even if the historical alarm information is not matched in the historical knowledge base, when the alarm information amount meeting the preset time duration is larger than the preset amount, all the alarm information corresponding to the application system in the preset time duration is triggered to be acquired, all the alarm information corresponding to the application system is integrated, and the corresponding alarm information is acquired and prompted to each user.
In the embodiment of the present invention, it may be further determined whether the number of the acquired warning information corresponding to the target system and related to the target user is greater than or equal to a preset number within a preset time period, so that when it is determined that the number of the warning information corresponding to the target system and related to the target user within the preset time period is greater than or equal to the preset number, all warning information corresponding to the target system sent by the warning system within the preset time period is further acquired based on a clustering algorithm, and second warning information is generated and sent to a plurality of users corresponding to the target system to prompt the plurality of users to pay attention to all warning information corresponding to the target system. Therefore, corresponding emergency treatment can be carried out in time, and the efficiency of solving the system abnormal problem corresponding to the alarm information is improved.
In one design, the warning system is a warning system corresponding to a financial system, the financial system comprises a plurality of application systems, and each historical warning record is used for indicating the corresponding relation between historical warning information and risk level; the first historical alarm record with the similarity greater than or equal to the preset similarity with the target alarm information is a historical alarm record corresponding to the historical alarm information with the similarity greater than or equal to the preset similarity with the target alarm information in the historical knowledge base; as shown in fig. 4, the method for warning according to the embodiment of the present invention may further include the following steps S401 to S402.
S401, determining a target disposal strategy corresponding to the target alarm information based on the first historical alarm record.
As a possible implementation manner, each historical alarm record in the historical knowledge base may further be used to indicate a corresponding relationship between each historical alarm information, a risk level corresponding to the historical alarm information, and a handling policy corresponding to the historical alarm information.
Therefore, after determining the first historical alarm record matching the target alarm information, the risk level corresponding to the historical alarm information included in the first historical alarm record and the handling policy corresponding to the historical alarm information may be determined, so that the handling policy corresponding to the historical alarm information may be referred to determine the target handling policy corresponding to the target alarm information.
As a possible implementation manner, the handling policy is used to indicate: and (4) how the operation and maintenance personnel repair the abnormal condition of the application system corresponding to the historical alarm information, so that the application system returns to normal operation. Specifically, the handling policy may be at least one of: adjusting application system parameters, constructing a patch package to repair application system abnormalities and the like.
It is understood that the handling policy is used to indicate a solution for solving the abnormal problem corresponding to the alarm information, and may specifically include detailed steps and required technical solutions for solving the abnormal problem corresponding to the alarm information, and the like.
And S402, sending third early warning information.
And the third early warning information is used for indicating a target disposal strategy corresponding to the target warning information.
As a possible implementation manner, after the target handling policy corresponding to the target warning information is determined, third warning information corresponding to the target handling policy may be sent out, so as to remind the user object to solve the target handling policy corresponding to the target warning information through the third warning information.
Therefore, the user object can directly use the target disposal strategy as a disposal strategy for solving the abnormal problem corresponding to the target alarm information; or, referring to the target handling strategy, and re-formulating a proper handling strategy for solving the abnormal problem corresponding to the target alarm information.
In the embodiment of the present invention, the processing policy included in the first history alarm record may be further referred to, and the target processing policy corresponding to the target alarm information is determined, so that the user object is prompted by the third warning information, and the target processing policy corresponding to the target alarm information can improve the efficiency of solving the abnormal problem corresponding to the target alarm information.
In one design, in order to construct the historical knowledge base, as shown in fig. 5, before the method in S201 provided by the embodiment of the present invention, the following S501 may be specifically included.
S501, obtaining a plurality of pieces of historical alarm information, a risk level corresponding to each piece of historical alarm information and a disposal strategy corresponding to each piece of historical alarm information, constructing a historical knowledge base, and associating the historical knowledge base with an alarm system.
The warning system is used for monitoring whether a plurality of application systems included in the financial system are abnormal or not.
In the embodiment of the invention, a historical knowledge base containing historical events (historical alarm information) and related information needs to be established, and the historical knowledge base is associated with an alarm system, so that when alarm information appears, information retrieval is carried out in the historical knowledge base through a clustering algorithm and the like, and whether a historical alarm record related to the current alarm information exists is matched.
As a possible implementation manner, all historical alarm information sent by the alarm system within a certain past time length (for example, 30 days), and a risk level corresponding to each piece of historical alarm information and a handling policy corresponding to each piece of historical alarm information may be obtained, so that a piece of historical alarm record is determined according to each piece of historical alarm information, a risk level corresponding to each piece of historical alarm information, and a handling policy corresponding to each piece of historical alarm information. Therefore, a historical knowledge base is constructed according to a plurality of historical alarm records corresponding to all historical alarm information.
Further, over time, in conjunction with the generation of alarm information, newly generated alarm information and related information (risk level, treatment policy) may be added to the historical knowledge base as a new historical alarm record, and data in the historical knowledge base may be updated in time.
It should be noted that, the updating of the data in the historical knowledge base may be performed by adding newly generated alarm information and related information (risk level, disposal policy) to the historical knowledge base on the basis of the original historical knowledge base; or, newly generated alarm information and related information (risk level, disposal policy) are added to the historical knowledge base, and the oldest historical alarm record in the historical knowledge base is deleted. Therefore, the historical alarm records in the historical knowledge base can be controlled to be the historical alarm records in a certain time length (for example, 30 days) before the current time, so that the number of the historical alarm records in the historical knowledge base is controlled to be a constant value.
In the embodiment of the invention, through the pre-constructed historical knowledge base, when the alarm system sends out new alarm information, the risk level and the disposal strategy corresponding to the new alarm information can be presumed through a clustering algorithm according to the historical knowledge base, so that the efficiency of solving the system abnormal problem corresponding to the alarm information is improved.
In one design, each historical alarm record included in the historical knowledge base is used for indicating the corresponding relation among historical alarm information, risk levels and disposal strategies, and the disposal strategies are used for indicating strategy information for releasing the historical alarm information; in order to determine the handling policy corresponding to the alarm information, as shown in fig. 6, the method in S401 provided in the embodiment of the present invention may specifically include the following S4011.
S4011, a disposal strategy corresponding to the first historical alarm record is obtained, and a target disposal strategy corresponding to the target alarm information is determined based on the disposal strategy corresponding to the first historical alarm record.
As a possible implementation manner, while determining a target risk level corresponding to the target alarm information based on the first historical alarm record, a corresponding handling policy may also be obtained from the first historical alarm record.
And further, determining a target disposal strategy corresponding to the target alarm information according to the disposal strategy corresponding to the first historical alarm record. It can be understood that, since the similarity between the first historical alarm record and the target alarm information is greater than or equal to the preset similarity, the application system anomaly corresponding to the first historical alarm record is similar to the application system anomaly corresponding to the target alarm information, so that the target disposal policy corresponding to the target alarm information can be formulated with reference to the disposal policy corresponding to the first historical alarm record.
In the embodiment of the invention, the target disposal strategy corresponding to the target alarm information is determined according to the disposal strategy corresponding to the first historical alarm record, and the disposal strategy corresponding to the target alarm information can be accurately determined, so that the efficiency of solving the system abnormity problem corresponding to the alarm information is improved.
In the embodiment of the invention, by the method, the alarm information generated by history is brought into the historical knowledge base, the current alarm information is associated with the historical knowledge base through a clustering algorithm, so that whether the historical alarm record matched with the current alarm information is included in the historical knowledge base or not is determined, and if the historical alarm record matched with the current alarm information exists in the historical knowledge base, the alarm information is sent according to the risk level corresponding to the historical alarm record. Moreover, for a system which frequently sends alarm information in a short time, all alarm information appearing in the system is integrated through a clustering algorithm, and the alarm information is also sent to corresponding operation and maintenance personnel to prompt the operation and maintenance personnel to carry out emergency treatment as soon as possible, so that the influence time of the system abnormal problem on the system is shortened as much as possible, the influence on the system connection is avoided and reduced to the greatest extent, and the efficiency of solving the system abnormal problem corresponding to the alarm information is improved.
The scheme provided by the embodiment of the invention is mainly introduced from the perspective of a method. In order to implement the above functions, it includes a hardware structure and/or a software module for performing each function. Those of skill in the art will readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The embodiment of the present invention may perform the division of the function modules for an alarm reminding device according to the above method example, for example, each function module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. Optionally, the division of the modules in the embodiment of the present invention is schematic, and is only a logic function division, and there may be another division manner in actual implementation.
Fig. 7 is a schematic structural diagram of an alarm notification device according to an embodiment of the present invention. As shown in fig. 7, an alarm reminding device 60 is used for improving the efficiency and accuracy of judging the risk level of the alarm information when the bank system sends the alarm information, performing corresponding emergency treatment in time, and improving the efficiency of solving the system abnormal problem corresponding to the alarm information, for example, for executing an alarm reminding method shown in fig. 2. The alarm reminding device 60 comprises: an acquisition unit 601, a processing unit 602, a determination unit 603, and a transmission unit 604.
An obtaining unit 601, configured to obtain target alarm information sent by an alarm system; for example, as shown in fig. 2, the acquisition unit 601 may be configured to execute the step in S201.
A processing unit 602, configured to perform matching processing on target alarm information and a historical knowledge base based on a clustering algorithm, where the historical knowledge base includes a plurality of historical alarm records; for example, as shown in fig. 2, the processing unit 602 may be configured to execute the step in S202.
A determining unit 603, configured to determine, based on a first historical alarm record, a target risk level corresponding to target alarm information if the first historical alarm record with the similarity to the target alarm information being greater than or equal to a preset similarity is acquired from a historical knowledge base; for example, as shown in fig. 2, the determination unit 603 may be configured to execute the step in S203.
A sending unit 604, configured to send first warning information when the target risk level is greater than or equal to a preset risk level; the first early warning information is used for indicating a target risk level corresponding to the target warning information. For example, as shown in fig. 2, the sending unit 604 may be configured to execute the step in S204.
Optionally, the obtaining unit 601 provided in the embodiment of the present invention is further configured to obtain, based on a clustering algorithm, all alarm information sent by the alarm system for the target system within a preset time length when the number of the first alarm information obtained within the preset time length is greater than or equal to the preset number; the first warning information is a plurality of pieces of warning information corresponding to the target system and related to the target user, and all the warning information is the warning information corresponding to the target system and related to a plurality of users; for example, as shown in fig. 3, the acquisition unit 601 may be configured to execute the step in S301.
As shown in fig. 8, the warning alert device 60 further includes: a generating unit 605. The generating unit 605 is configured to generate second warning information based on all warning information corresponding to the target system. For example, as shown in fig. 3, the generating unit 605 may be configured to execute the step in S302.
The sending unit 604 is further configured to send second warning information to the multiple users respectively; the second early warning information is used for prompting a plurality of users to pay attention to all warning information corresponding to the target system. For example, as shown in fig. 3, the sending unit 604 may be configured to execute the step in S302.
Optionally, the warning system is a warning system corresponding to a financial system, the financial system includes a plurality of application systems, and each history warning record is used for indicating a corresponding relationship between history warning information and a risk level; the first historical alarm record with the similarity greater than or equal to the preset similarity with the target alarm information is a historical alarm record corresponding to the historical alarm information with the similarity greater than or equal to the preset similarity with the target alarm information in the historical knowledge base.
The determining unit 603 is further configured to determine, based on the first historical alarm record, a target disposal policy corresponding to the target alarm information; for example, as shown in fig. 4, the determination unit 603 may be configured to execute the step in S401.
The sending unit 604 is further configured to send third warning information; the third early warning information is used for indicating a target disposal strategy corresponding to the target warning information. For example, as shown in fig. 4, the sending unit 604 may be configured to execute the step in S402.
Optionally, the obtaining unit 601 is further configured to obtain a plurality of pieces of historical alarm information, a risk level corresponding to each piece of historical alarm information, and a disposal policy corresponding to each piece of historical alarm information; for example, as shown in fig. 5, the acquisition unit 601 may be configured to execute the step in S501.
The processing unit 602 is configured to construct a historical knowledge base, and associate the historical knowledge base with the alarm system; the alarm system is used for monitoring whether the abnormality occurs in a plurality of application systems included in the financial system. For example, as shown in fig. 5, the processing unit 602 may be configured to execute the steps in S501.
Optionally, each historical alarm record included in the historical knowledge base is used to indicate a corresponding relationship between historical alarm information, a risk level, and a disposal policy, and the disposal policy is used to indicate policy information for releasing the historical alarm information; an obtaining unit 601, specifically configured to obtain a disposal policy corresponding to the first historical alarm record; for example, as shown in fig. 6, the acquisition unit 601 may be configured to execute the steps in S4011.
The determining unit 603 is specifically configured to determine, based on the handling policy corresponding to the first historical alarm record, a target handling policy corresponding to the target alarm information. For example, as shown in fig. 6, the determination unit 603 may be configured to perform the step in S4011.
In the case of implementing the functions of the integrated modules in the form of hardware, the embodiment of the present invention provides another possible structural schematic diagram of the electronic device related to the above embodiment. As shown in fig. 9, an electronic device 70 is configured to, when a bank system sends an alarm message, improve efficiency and accuracy of determining a risk level of the alarm message, perform corresponding emergency treatment in time, and improve efficiency of solving a system abnormal problem corresponding to the alarm message, for example, to execute an alarm reminding method shown in fig. 2. The electronic device 70 includes a processor 701, a memory 702, and a bus 703. The processor 701 and the memory 702 may be connected by a bus 703.
The processor 701 is a control center of the communication apparatus, and may be a single processor or a collective term for a plurality of processing elements. For example, the processor 701 may be a Central Processing Unit (CPU), other general-purpose processors, or the like. Wherein a general purpose processor may be a microprocessor or any conventional processor or the like.
For one embodiment, processor 701 may include one or more CPUs, such as CPU 0 and CPU 1 shown in FIG. 9.
The memory 702 may be, but is not limited to, a read-only memory (ROM) or other type of static storage device that may store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that may store information and instructions, an electrically erasable programmable read-only memory (EEPROM), a magnetic disk storage medium or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
As a possible implementation, the memory 702 may exist separately from the processor 701, and the memory 702 may be connected to the processor 701 via the bus 703 for storing instructions or program code. When the processor 701 calls and executes the instruction or program code stored in the memory 702, the alarm reminding method provided by the embodiment of the invention can be realized.
In another possible implementation, the memory 702 may also be integrated with the processor 701.
The bus 703 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 9, but that does not indicate only one bus or one type of bus.
It is to be noted that the structure shown in fig. 9 does not constitute a limitation of the electronic apparatus 70. In addition to the components shown in FIG. 9, the electronic device 70 may include more or fewer components than shown, or some components may be combined, or a different arrangement of components.
As an example, in conjunction with fig. 7, the functions implemented by the acquisition unit 601, the processing unit 602, the determination unit 603, and the transmission unit 604 in the electronic device are the same as those of the processor 701 in fig. 9.
Optionally, as shown in fig. 9, the electronic device 70 provided in the embodiment of the present invention may further include a communication interface 704.
A communication interface 704 for connecting with other devices through a communication network. The communication network may be an ethernet network, a radio access network, a Wireless Local Area Network (WLAN), etc. The communication interface 704 may include a receiving unit for receiving data, and a transmitting unit for transmitting data.
In one design, in the electronic device provided in the embodiment of the present invention, the communication interface may be further integrated in the processor.
Through the above description of the embodiments, it is clear for a person skilled in the art that, for convenience and simplicity of description, only the division of the above functional units is illustrated. In practical applications, the above function allocation can be performed by different functional units according to needs, that is, the internal structure of the device is divided into different functional units to perform all or part of the above described functions. For the specific working processes of the system, the apparatus and the unit described above, reference may be made to the corresponding processes in the foregoing method embodiments, and details are not described here again.
The embodiment of the present invention further provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed by a computer, the computer executes each step in the method flow shown in the above method embodiment.
Embodiments of the present invention provide a computer program product comprising instructions, which when run on a computer, cause the computer to perform a method of alarm notification in the above method embodiments.
The computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, and a hard disk. Random Access Memory (RAM), Read-Only Memory (ROM), Erasable Programmable Read-Only Memory (EPROM), registers, a hard disk, an optical fiber, a portable Compact disk Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any other form of computer-readable storage medium, in any suitable combination, or as appropriate in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. Of course, the storage medium may also be integral to the processor. The processor and the storage medium may reside in an Application Specific Integrated Circuit (ASIC). In embodiments of the invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
Since the electronic device, the computer-readable storage medium, and the computer program product in the embodiments of the present invention may be applied to the method described above, for technical effects obtained by the method, reference may also be made to the method embodiments described above, and details of the embodiments of the present invention are not repeated herein.
The above description is only an embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions within the technical scope of the present invention are intended to be covered by the scope of the present invention.
Claims (12)
1. An alarm reminding method, characterized in that the method comprises:
acquiring target alarm information sent by an alarm system;
matching the target alarm information with a historical knowledge base based on a clustering algorithm, wherein the historical knowledge base comprises a plurality of historical alarm records;
if a first historical alarm record with the similarity to the target alarm information being greater than or equal to a preset similarity is obtained from the historical knowledge base, determining a target risk level corresponding to the target alarm information based on the first historical alarm record;
sending first early warning information under the condition that the target risk level is greater than or equal to a preset risk level; the first early warning information is used for indicating the target risk level corresponding to the target warning information.
2. The method of claim 1, further comprising:
when the number of the first alarm information acquired within the preset time is larger than or equal to the preset number, acquiring all alarm information sent by the alarm system for a target system within the preset time based on the clustering algorithm; the first alarm information is a plurality of pieces of alarm information corresponding to the target system and related to a target user, and all the alarm information is the alarm information corresponding to the target system and related to a plurality of users;
generating second early warning information based on all the warning information corresponding to the target system, and respectively sending the second early warning information to the plurality of users; the second early warning information is used for prompting the plurality of users to pay attention to all warning information corresponding to the target system.
3. The method of claim 1, wherein the alarm system is an alarm system corresponding to a financial system, the financial system comprising a plurality of application systems, each historical alarm record indicating a correspondence between historical alarm information and a risk level;
the first historical alarm record with the similarity greater than or equal to the preset similarity with the target alarm information is a historical alarm record corresponding to the historical alarm information with the similarity greater than or equal to the preset similarity with the target alarm information in the historical knowledge base;
the method further comprises the following steps:
determining a target disposal strategy corresponding to the target alarm information based on the first historical alarm record;
sending out third early warning information; the third early warning information is used for indicating a target disposal strategy corresponding to the target warning information.
4. The method according to any one of claims 1-3, wherein before obtaining the target alarm information sent by the alarm system, the method further comprises:
acquiring a plurality of pieces of historical alarm information, a risk level corresponding to each piece of historical alarm information and a disposal strategy corresponding to each piece of historical alarm information, constructing a historical knowledge base, and associating the historical knowledge base with the alarm system; the alarm system is used for monitoring whether the plurality of application systems included in the financial system are abnormal or not.
5. The method according to claim 3, wherein the historical knowledge base comprises each historical alarm record for indicating a corresponding relationship among historical alarm information, risk level and disposal policy for indicating policy information for releasing historical alarm information;
the determining a target disposal policy corresponding to the target alarm information based on the first historical alarm record includes:
and acquiring a disposal strategy corresponding to the first historical alarm record, and determining a target disposal strategy corresponding to the target alarm information based on the disposal strategy corresponding to the first historical alarm record.
6. An alarm alert device, comprising: the device comprises an acquisition unit, a processing unit, a determination unit and a sending unit;
the acquisition unit is used for acquiring target alarm information sent by an alarm system;
the processing unit is used for matching the target alarm information with a historical knowledge base based on a clustering algorithm, and the historical knowledge base comprises a plurality of historical alarm records;
the determining unit is used for determining a target risk level corresponding to the target alarm information based on a first historical alarm record if the first historical alarm record with the similarity of the target alarm information being greater than or equal to a preset similarity is acquired from the historical knowledge base;
the sending unit is used for sending first early warning information under the condition that the target risk level is greater than or equal to a preset risk level; the first early warning information is used for indicating the target risk level corresponding to the target warning information.
7. The warning reminding device according to claim 6, wherein the obtaining unit is further configured to obtain all warning information sent by the warning system for the target system within a preset duration based on the clustering algorithm when the number of the first warning information obtained within the preset duration is greater than or equal to a preset number; the first alarm information is a plurality of pieces of alarm information corresponding to the target system and related to a target user, and all the alarm information is the alarm information corresponding to the target system and related to a plurality of users;
the warning reminding device further comprises: a generating unit;
the generating unit is used for generating second early warning information based on all the warning information corresponding to the target system;
the sending unit is further configured to send the second warning information to the plurality of users respectively; the second early warning information is used for prompting the plurality of users to pay attention to all warning information corresponding to the target system.
8. The warning reminder device according to claim 6, wherein the warning system is a warning system corresponding to a financial system, the financial system includes a plurality of application systems, and each history warning record is used for indicating a corresponding relationship between history warning information and a risk level;
the first historical alarm record with the similarity greater than or equal to the preset similarity with the target alarm information is a historical alarm record corresponding to the historical alarm information with the similarity greater than or equal to the preset similarity with the target alarm information in the historical knowledge base;
the determining unit is further configured to determine a target handling policy corresponding to the target alarm information based on the first historical alarm record;
the sending unit is also used for sending third early warning information; the third early warning information is used for indicating a target disposal strategy corresponding to the target warning information.
9. The warning reminding device according to any one of claims 6 to 8, wherein the obtaining unit is further configured to obtain a plurality of pieces of historical warning information, a risk level corresponding to each piece of historical warning information, and a disposal policy corresponding to each piece of historical warning information;
the processing unit is used for constructing the historical knowledge base and associating the historical knowledge base with the alarm system; the alarm system is used for monitoring whether the plurality of application systems included in the financial system are abnormal or not.
10. The warning reminder device of claim 8, wherein the historical knowledge base includes each historical warning record for indicating a corresponding relationship between historical warning information, a risk level, and a disposal policy for indicating policy information for releasing the historical warning information;
the acquiring unit is specifically configured to acquire a disposal policy corresponding to the first historical alarm record;
the determining unit is specifically configured to determine, based on the handling policy corresponding to the first historical alarm record, a target handling policy corresponding to the target alarm information.
11. An electronic device, comprising: a processor and a memory; wherein the memory is configured to store one or more programs, the one or more programs comprising computer executable instructions that, when executed by the electronic device, cause the electronic device to perform the method of any of claims 1-5.
12. A computer-readable storage medium storing instructions which, when executed by a computer, cause the computer to perform an alert reminder method as recited in any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210297105.2A CN114707834A (en) | 2022-03-24 | 2022-03-24 | Alarm reminding method and device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210297105.2A CN114707834A (en) | 2022-03-24 | 2022-03-24 | Alarm reminding method and device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114707834A true CN114707834A (en) | 2022-07-05 |
Family
ID=82170785
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210297105.2A Pending CN114707834A (en) | 2022-03-24 | 2022-03-24 | Alarm reminding method and device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114707834A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115242608A (en) * | 2022-07-12 | 2022-10-25 | 广东润联信息技术有限公司 | Method, device and equipment for generating alarm information and storage medium |
| CN115909217A (en) * | 2022-12-28 | 2023-04-04 | 深圳金三立视频科技股份有限公司 | Alarm quantification method and terminal |
| CN116052312A (en) * | 2023-01-10 | 2023-05-02 | 广东好太太智能家居有限公司 | Control method of intelligent lock and related equipment |
| CN116132263A (en) * | 2023-02-24 | 2023-05-16 | 北京优特捷信息技术有限公司 | Alarm solution recommending method and device, electronic equipment and storage medium |
| CN116703167A (en) * | 2023-08-08 | 2023-09-05 | 深圳市明心数智科技有限公司 | Alarm monitoring processing method, device, equipment and storage medium for cultivation equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107733725A (en) * | 2017-11-27 | 2018-02-23 | 深信服科技股份有限公司 | A kind of safe early warning method, device, equipment and storage medium |
| CN110650036A (en) * | 2019-08-30 | 2020-01-03 | 中国人民财产保险股份有限公司 | Alarm processing method and device and electronic equipment |
| CN110752942A (en) * | 2019-09-06 | 2020-02-04 | 平安科技(深圳)有限公司 | Alarm information decision method and device, computer equipment and storage medium |
| CN112468339A (en) * | 2020-11-23 | 2021-03-09 | 中国建设银行股份有限公司 | Alarm processing method, system, device and storage medium |
| CN113098828A (en) * | 2019-12-23 | 2021-07-09 | 中国移动通信集团辽宁有限公司 | Network security alarm method and device |
| CN114116414A (en) * | 2021-11-19 | 2022-03-01 | 中国工商银行股份有限公司 | Alarm method, alarm device, nonvolatile storage medium and electronic equipment |
-
2022
- 2022-03-24 CN CN202210297105.2A patent/CN114707834A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107733725A (en) * | 2017-11-27 | 2018-02-23 | 深信服科技股份有限公司 | A kind of safe early warning method, device, equipment and storage medium |
| CN110650036A (en) * | 2019-08-30 | 2020-01-03 | 中国人民财产保险股份有限公司 | Alarm processing method and device and electronic equipment |
| CN110752942A (en) * | 2019-09-06 | 2020-02-04 | 平安科技(深圳)有限公司 | Alarm information decision method and device, computer equipment and storage medium |
| CN113098828A (en) * | 2019-12-23 | 2021-07-09 | 中国移动通信集团辽宁有限公司 | Network security alarm method and device |
| CN112468339A (en) * | 2020-11-23 | 2021-03-09 | 中国建设银行股份有限公司 | Alarm processing method, system, device and storage medium |
| CN114116414A (en) * | 2021-11-19 | 2022-03-01 | 中国工商银行股份有限公司 | Alarm method, alarm device, nonvolatile storage medium and electronic equipment |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115242608A (en) * | 2022-07-12 | 2022-10-25 | 广东润联信息技术有限公司 | Method, device and equipment for generating alarm information and storage medium |
| CN115909217A (en) * | 2022-12-28 | 2023-04-04 | 深圳金三立视频科技股份有限公司 | Alarm quantification method and terminal |
| CN116052312A (en) * | 2023-01-10 | 2023-05-02 | 广东好太太智能家居有限公司 | Control method of intelligent lock and related equipment |
| CN116132263A (en) * | 2023-02-24 | 2023-05-16 | 北京优特捷信息技术有限公司 | Alarm solution recommending method and device, electronic equipment and storage medium |
| CN116132263B (en) * | 2023-02-24 | 2023-09-19 | 北京优特捷信息技术有限公司 | Alarm solution recommending method and device, electronic equipment and storage medium |
| CN116703167A (en) * | 2023-08-08 | 2023-09-05 | 深圳市明心数智科技有限公司 | Alarm monitoring processing method, device, equipment and storage medium for cultivation equipment |
| CN116703167B (en) * | 2023-08-08 | 2024-01-26 | 深圳市明心数智科技有限公司 | Alarm monitoring processing method, device, equipment and storage medium for cultivation equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114707834A (en) | Alarm reminding method and device and storage medium | |
| Li et al. | Machine learning‐based IDS for software‐defined 5G network | |
| CN112162878B (en) | Database fault discovery method and device, electronic equipment and storage medium | |
| CN113556258B (en) | Anomaly detection method and device | |
| US6542881B1 (en) | System and method for revealing necessary and sufficient conditions for database analysis | |
| CN115174231B (en) | Network fraud analysis method and server based on AI Knowledge Base | |
| CN114267178B (en) | Intelligent operation maintenance method and device for station | |
| CN112989332B (en) | Abnormal user behavior detection method and device | |
| Jiang et al. | Electrical-STGCN: An electrical spatio-temporal graph convolutional network for intelligent predictive maintenance | |
| CN112446511A (en) | Fault handling method, device, medium and equipment | |
| Dou et al. | Pc 2 a: predicting collective contextual anomalies via lstm with deep generative model | |
| EP3785128A2 (en) | System and method for creating recommendation of splitting and merging microservice | |
| KR102410151B1 (en) | Method, apparatus and computer-readable medium for machine learning based observation level measurement using server system log and risk calculation using thereof | |
| CN117931583B (en) | Equipment cluster running state prediction method, electronic equipment and storage medium | |
| CN115563477A (en) | Harmonic data identification method and device, computer equipment and storage medium | |
| CN116644437A (en) | Data security assessment method, device and storage medium | |
| CN112528306A (en) | Data access method based on big data and artificial intelligence and cloud computing server | |
| CN115296876A (en) | Network security early warning system of self-adaptation mimicry technique | |
| CN113064812A (en) | Project development process quality defect prediction method, device and medium | |
| CN115333770A (en) | Network security risk monitoring system and method for electric power system | |
| CN112613723A (en) | Risk alarm method, system, device and medium | |
| Manokaran et al. | A Novel Set Theory Rule based Hybrid Feature Selection Techniques for Efficient Anomaly Detection System in IoT Edge | |
| CN113052490A (en) | Power engineering control system cooperative defense method and device and storage medium | |
| CN115906170B (en) | Security protection method and AI system applied to storage cluster | |
| Kamel et al. | Novel Data Mining Approach Predicting Alerts in The Telecom Industry |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |