CN116010137A - Abnormality detection method based on causal relationship - Google Patents
Abnormality detection method based on causal relationship Download PDFInfo
- Publication number
- CN116010137A CN116010137A CN202211557939.9A CN202211557939A CN116010137A CN 116010137 A CN116010137 A CN 116010137A CN 202211557939 A CN202211557939 A CN 202211557939A CN 116010137 A CN116010137 A CN 116010137A
- Authority
- CN
- China
- Prior art keywords
- events
- event
- mutual information
- causal
- causal relationship
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000001364 causal effect Effects 0.000 title claims abstract description 64
- 238000001514 detection method Methods 0.000 title claims abstract description 24
- 230000005856 abnormality Effects 0.000 title claims description 6
- 230000002159 abnormal effect Effects 0.000 claims abstract description 30
- 238000012216 screening Methods 0.000 claims abstract description 21
- 238000010586 diagram Methods 0.000 claims description 22
- 238000000034 method Methods 0.000 claims description 21
- 238000009826 distribution Methods 0.000 claims description 8
- 238000003860 storage Methods 0.000 claims description 7
- 238000000605 extraction Methods 0.000 claims description 3
- 238000010606 normalization Methods 0.000 claims description 3
- 230000009286 beneficial effect Effects 0.000 abstract description 3
- 238000005516 engineering process Methods 0.000 description 5
- 238000003745 diagnosis Methods 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 208000024891 symptom Diseases 0.000 description 1
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses an anomaly detection method based on causal relationship, which comprises the following steps: counting a plurality of events which occur in a system within a preset time, dividing the plurality of events according to preset time points, extracting features to obtain feature values of the plurality of time points, and normalizing the feature values of each time point; performing grid division on the normalized characteristic value of each moment; calculating the maximum mutual information coefficient of the characteristic value of each moment point and the characteristic values of a plurality of moment points; screening characteristic values of a plurality of time points according to the maximum mutual information coefficient; establishing a causal relation or a related relation according to the screening result to acquire a relation chain of a plurality of events which occur in the system; and searching for an abnormal event according to the relation chain. The invention has the beneficial effects that: the causal relationship of the faults is clearly combed, the front cause and the back cause of the whole fault chain are deduced in advance, the omnibearing control is realized, the context relationship of the faults is mastered, the direct cause and the indirect cause of the faults are fundamentally solved, and the faults are truly stopped.
Description
Technical Field
The invention relates to the technical field of information security, in particular to an anomaly detection method based on causal relation.
Background
With the continuous popularization of informatization systems, the development of science and technology is advanced, the problems caused by the defects of the system and the conflict between programs are continuously highlighted, and the scale and the complexity of modern industrial systems are gradually increased. Such complex large systems, once they fail, can lead to significant property damage and casualties. Therefore, how to improve the safety and reliability of the system in operation to reduce the potential safety hazards in production and life becomes a significant problem in modern industrial systems. The fault diagnosis technology is an important method for improving the running reliability of the system and reducing the running risk of the system. The causal reasoning technology related to the brain-like mechanism is a breakthrough point of fault diagnosis technology, in the running process of the system, causal relation exists in the running process of different programs, and the transmission processes of different processes, threads and communication protocols also have correlation and causality, so that the causal relation is necessary to be applied to fault diagnosis, and the direct cause and the indirect cause of the fault can be positioned and selectively processed.
The existing common fault detection method is to treat the fault after the fault is found, and directly judge dominant factors of the fault, so that the problem of 'treating the symptoms and not treating the root causes' exists in the absence of causal relation and indirect and direct cause analysis of the fault. The fault found may be unilateral and insufficient in the repairing process, so that the current fault is likely to be solved, and the follow-up similar faults also can continue to occur.
Disclosure of Invention
The invention provides a causal relation-based anomaly detection method, which solves the problems that the existing dominant factor of a fault is directly judged, and the causal relation and the indirect and direct cause analysis of the fault are lacking.
In order to solve the above problems, in one aspect, the present invention provides a causal relationship-based anomaly detection method, including:
counting a plurality of events which occur in a system within a preset time, dividing the plurality of events according to preset time points, extracting features to obtain feature values of the plurality of time points, and normalizing the feature values of each time point;
performing grid division on the normalized characteristic value of each moment;
calculating the maximum mutual information coefficient of the characteristic value of each moment point and the characteristic values of a plurality of moment points;
screening characteristic values of a plurality of time points according to the maximum mutual information coefficient;
establishing a causal relation or a related relation according to the screening result to acquire a relation chain of a plurality of events which occur in the system;
and searching for an abnormal event according to the relation chain.
Counting a plurality of events which occur in a system within a preset time, dividing the plurality of events according to preset time points, performing feature extraction to obtain feature values of the plurality of time points, and normalizing the feature values of each time point, wherein the method comprises the following steps:
counting a plurality of events occurring in a system under a period of time, wherein the plurality of events are { x } 1 ,x 2 ,…,x n };
Dividing the ith event according to preset time points, and extracting features to obtain the following steps:
x i ={x i (1),x i (2),…,x i (t),…,x i (m)}
wherein ,xi () Is the characteristic value of the ith moment point of the ith event, i epsilon [1, n],t∈[1,m];
And normalizing the characteristic value of the ith event and each moment point:
wherein ,
is the characteristic value of the t moment point of the i-th event after normalization, and
the mesh division of the normalized characteristic value of each time point comprises the following steps:
for a pair of
A scatter diagram is formed: { ( i (1),x j (1)),( i (2),x j (2)),…,( i (),x j () -j e 1, n)]And i+.j;
dividing the grids of a row and b column at intervals
Thereby making a mesh
Seed division.
The calculating the maximum mutual information coefficient between the characteristic value of each time point and the characteristic values of a plurality of time points comprises the following steps:
respectively acquiring probabilities that scattered points fall in a plurality of areas in the scattered points, and acquiring joint probability distribution according to the probabilities;
calculating a mutual information value:
press (-1) 2 Mutual information value obtained by a division mode:
and find out the maximum mutual information value: />
Regularized to obtain
And->
Maximum mutual information coefficient: />
The obtaining the probability that the scattered points fall in a plurality of areas in the scattered point diagram respectively, and obtaining the joint probability distribution according to the probability, comprises the following steps:
setting a=2, b=2, n=10, performing
A meshing to divide all data points into four regions: { region one, region two, region three, region four }, thus will +.>
Divided into left and right parts>
Dividing into an upper part and a lower part;
respectively acquiring probabilities of scattering points falling in four areas in the scattering point diagram:
acquiring joint probability distribution according to probability:
the screening the characteristic values of a plurality of time points according to the maximum mutual information coefficient comprises the following steps:
calculating the maximum mutual information coefficient { of the characteristic values of a plurality of time points of the ith event and the characteristic values of a plurality of time points of the plurality of events i1 ,i2,… ij ,…, in },i≠j;
And screening all maximum mutual information coefficients larger than a preset threshold value.
The step of establishing a causal relation or a related relation according to the screening result to obtain a relation chain of a plurality of events happening in the system comprises the following steps:
according to
And->
Respectively searching for the maximum mutual information coefficient after screening according to the time occurrence sequence of (4)>
And->
In an n-dimensional time series of (2)The first value is not zero, wherein +.>
The first non-zero value in the n-dimensional time series of (2) is +.>
The first non-zero value in the n-dimensional time series of (2) is +.>
If s<t is then
And->
Is causally related and +>
Is->
For reasons of (1) a causal relationship tether is obtained: />
If s>t is then
And->
Is causally related and +>
Is->
For reasons of (1) a causal relationship tether is obtained: />
If s=t, then
And->
The method has the correlation relationship, and a correlation relationship chain is obtained: />
The establishing a causal relation or a related relation according to the screening result to obtain a relation chain of a plurality of events happening in the system further comprises:
acquiring and combining causal relation chains among a plurality of events to acquire a complete causal relation diagram of the system;
and obtaining and combining correlation chains among a plurality of events to obtain a complete correlation diagram of the system.
The searching for the abnormal event according to the relation chain comprises the following steps:
the abnormal event in the running process of the system is put into a causal graph to be searched for locating the occurrence position of the abnormal event, so that the subsequent connection is cut off, and the reason is traced and corrected;
the method comprises the steps of putting an abnormal event in the running process of a system into a correlation diagram to search for the abnormal event so as to judge whether the correlation event with the correlation with the abnormal event is abnormal or not;
if the related event is abnormal, searching in the causal relation graph to locate the related event, so as to cut off the related event, reduce the influence on the subsequent event, trace the source and correct the reason.
In one aspect, a computer readable storage medium having stored therein a plurality of instructions adapted to be loaded by a processor to perform a causal relationship based anomaly detection method as described above is provided.
The beneficial effects of the invention are as follows: by combining the causal relationship chains of all events, the abnormal occurrence position is positioned in time, the subsequent connection is cut off, and the reason is traced and corrected. The causal relationship of the faults can be clearly combed by introducing the causal relationship technology, the front cause and the back cause of the whole fault chain can be deduced in advance, the omnibearing control is realized, the context relationship of the faults is mastered, the direct cause and the indirect cause of the faults are fundamentally solved, and the faults are truly stopped.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a causal relationship-based anomaly detection method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of meshing provided by an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to fall within the scope of the invention.
In the description of the present invention, it should be understood that the terms "center", "longitudinal", "lateral", "length", "width", "thickness", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", etc. indicate orientations or positional relationships based on the drawings are merely for convenience in describing the present invention and simplifying the description, and do not indicate or imply that the apparatus or elements referred to must have a specific orientation, be configured and operated in a specific orientation, and thus should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more features. In the description of the present invention, the meaning of "a plurality" is two or more, unless explicitly defined otherwise.
In the present invention, the term "exemplary" is used to mean "serving as an example, instance, or illustration. Any embodiment described as "exemplary" in this disclosure is not necessarily to be construed as preferred or advantageous over other embodiments. The following description is presented to enable any person skilled in the art to make and use the invention. In the following description, details are set forth for purposes of explanation. It will be apparent to one of ordinary skill in the art that the present invention may be practiced without these specific details. In other instances, well-known structures and processes have not been described in detail so as not to obscure the description of the invention with unnecessary detail. Thus, the present invention is not intended to be limited to the embodiments shown, but is to be accorded the widest scope consistent with the principles and features disclosed herein.
Referring to fig. 1, fig. 1 is a flowchart of a causal relationship-based abnormality detection method according to an embodiment of the present invention, where the causal relationship-based abnormality detection method includes S1-S6:
s1, counting a plurality of events which occur in a system within a preset time, dividing the plurality of events according to preset time points, extracting features to obtain feature values of the plurality of time points, and normalizing the feature values of each time point; step S1 includes steps S11-S13:
s11, counting a plurality of events which occur in a system under a period of time, wherein the plurality of events are { x } 1 ,x 2 ,…,x n }。
In this embodiment, events occurring in the system over a period of time are counted.
S12, dividing the ith event according to preset time points, and extracting features to obtain the i-th event:
x i ={x i (1),x i (2),…,x i (t),…,x i (m)}
wherein ,xi (t) is the feature value of the t time point of the ith event, i E [1, n],t∈[1,m]。
In the present embodiment, each event x i And (5) carrying out feature extraction after dividing according to the time points.
S13, normalizing the characteristic value of the ith event and each moment point:
wherein ,
is the characteristic value of the t moment point of the i-th event after normalization, and
s2, carrying out grid division on the normalized characteristic value of each moment point; step S2 includes steps S21-S22:
s21, pair
A scatter diagram is formed: { ( i (1),x j (1)),( i (2),x j (2)),…,( i (),x j () -j e 1, n)]And i+.j.
In the present embodiment, for
And (3) with
A scatter diagram is formed: { ( i (1),x j (1)),(x i (2),x j (2)),…,( i (),x j ())}。
S22, dividing the grids of the row a and the column b at intervals
Thereby +.>
Seed division.
S3, calculating the maximum mutual information coefficient of the characteristic value of each moment point and the characteristic values of a plurality of moment points; step S3 includes steps S31-S34:
s31, respectively acquiring probabilities of scattered points falling in a plurality of areas in the scattered point diagram, and acquiring joint probability distribution according to the probabilities; step S31 includes steps S311-S313:
s311, a=2, b=2, n=10, and so on
A meshing to divide all data points into four regions: { region one, region two, region three, region four }, thus will +.>
Divided into left and right parts>
Is divided into an upper part and a lower part.
In this embodiment, referring to FIG. 2, FIG. 2 is an illustration of meshing provided by an embodiment of the inventionThe intention is to divide all data points in four areas in the figure: { region one upper left, region two upper right, region three lower left, region four lower right }, thereby
Divided into left and right parts>
Is divided into an upper part and a lower part.
S312, respectively acquiring probabilities of scattered points falling in four areas in the scattered point diagram:
s313, acquiring joint probability distribution according to probability:
s32, calculating a mutual information value:
s33 press (N-1) 2 Mutual information value obtained by a division mode:
and find out the maximum mutual information value: />
In this embodiment, a mutual information value in the division manner is calculated by a division manner, and the maximum mutual information value is found out from the mutual information values obtained in different division manners.
S34, regularizing to obtain
And->
Maximum mutual information coefficient: />
S4, screening characteristic values of a plurality of time points according to the maximum mutual information coefficient; step S4 includes steps S41-S42:
s41, calculating the maximum mutual information coefficient { M between the characteristic values of the plurality of time points of the ith event and the characteristic values of the plurality of time points of the plurality of events i1 ,M i2 ,…M ij ,…,M in },i≠j。
In the present embodiment, for
Calculation ofWhich are associated with each->
∈[1,n]Maximum mutual information coefficient +.i.
S42, screening out all maximum mutual information coefficients larger than a preset threshold value.
S5, establishing a causal relation or a related relation according to the screening result to acquire a relation chain of a plurality of events occurring in the system; step S5 includes steps S51-S56:
s51, according to
And->
Respectively searching for the maximum mutual information coefficient after screening according to the time occurrence sequence of (4)>
And (3) with
The first non-zero value in the n-dimensional time series of (2), wherein +_>
The first non-zero value in the n-dimensional time series of (2) is
The first non-zero value in the n-dimensional time series of (2) is +.>
In this example, for M after screening ij According to
And->
Time occurrence sequence of (1) establishing +.>
And->
Causal relationship between the two. Wherein, search->
And->
The first non-zero value in the n-dimensional time series of (a) is assumed to be +.>
And
/>
s52, if S<t is then
And->
Is causally related and +>
Is->
For reasons of (1) a causal relationship tether is obtained:
s53, if S>t is then
And->
Is causally related and +>
Is->
For reasons of (1) a causal relationship tether is obtained:
s54, if s=t
And->
The method has the correlation relationship, and a correlation relationship chain is obtained: />
Through steps S52-S54, the causal and associative relationships between events of the system can be extracted.
S55, acquiring and combining causal relation chains among a plurality of events to acquire a complete causal relation diagram of the system.
In the present embodiment, y= { Y is obtained according to the above procedure 1 ,y 2 ,…,y n And a causal relation chain among all events is combined to obtain a complete causal relation diagram of the system.
S56, acquiring and combining correlation chains among a plurality of events to acquire a complete correlation diagram of the system.
In this embodiment, a complete correlation diagram of the system is obtained by combining a series of obtained correlation chains.
S6, searching for an abnormal event according to the relation chain. Step S6 includes steps S61-S63:
s61, the abnormal event in the running process of the system is placed in a causal graph to be searched for locating the occurrence position of the abnormal event, so that the subsequent connection is cut off, and the reason is traced and corrected.
In this embodiment, for an abnormal event x 'in the running process of the system, the abnormal event x' is put into a causal graph for searching, the abnormal occurrence position is located in time, the subsequent connection is cut off, and the reason is traced and corrected.
S62, placing the abnormal event in the running process of the system into a correlation diagram to search so as to judge whether the correlation event with the correlation relationship with the abnormal event is abnormal or not.
In this embodiment, the event is searched in the correlation diagram to determine whether an abnormality occurs in the event having a correlation with the event x'.
And S63, if the related event is abnormal, searching in the causal relationship graph to locate the related event, so that the related event is cut off, the influence on the subsequent event is reduced, and the reason of the event is traced and corrected.
In this embodiment, if the related event x″ is abnormal, x″ is located in the causal relationship graph, the event x″ is cut off in time, the influence on the subsequent event is reduced, and the cause thereof is traced and corrected.
Those of ordinary skill in the art will appreciate that all or a portion of the steps of the various methods of the above embodiments may be performed by instructions, or by instructions controlling associated hardware, which may be stored in a computer-readable storage medium and loaded and executed by a processor. To this end, an embodiment of the present invention provides a storage medium having stored therein a plurality of instructions capable of being loaded by a processor to perform the steps of any of the causal relationship based anomaly detection methods provided by the embodiment of the present invention.
Wherein the storage medium may include: read Only Memory (ROM), random access Memory (RAM, random Access Memory), magnetic or optical disk, and the like.
Because the instructions stored in the storage medium can execute the steps in any causal relation-based anomaly detection method provided by the embodiment of the present invention, the beneficial effects that any causal relation-based anomaly detection method provided by the embodiment of the present invention can be achieved, and detailed descriptions of the foregoing embodiments are omitted herein.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, and alternatives falling within the spirit and principles of the invention.
Claims (10)
1. The abnormality detection method based on the causal relationship is characterized by comprising the following steps:
counting a plurality of events which occur in a system within a preset time, dividing the plurality of events according to preset time points, extracting features to obtain feature values of the plurality of time points, and normalizing the feature values of each time point;
performing grid division on the normalized characteristic value of each moment;
calculating the maximum mutual information coefficient of the characteristic value of each moment point and the characteristic values of a plurality of moment points;
screening characteristic values of a plurality of time points according to the maximum mutual information coefficient;
establishing a causal relation or a related relation according to the screening result to acquire a relation chain of a plurality of events which occur in the system;
and searching for an abnormal event according to the relation chain.
2. The causal relationship-based anomaly detection method of claim 1, wherein counting a plurality of events occurring in a system within a preset time, dividing the plurality of events according to preset time points, performing feature extraction to obtain feature values of the plurality of time points, and normalizing the feature values of each time point, comprises:
counting a plurality of events occurring in a system under a period of time, wherein the plurality of events are { x } 1 ,x 2 ,…,x n };
Dividing the ith event according to preset time points, and extracting features to obtain the following steps:
x i ={x i (1),x i (2),…,x i (t),…,x i (m)}
wherein ,xi (t) is the feature value of the t time point of the ith event, i E [1, n],t∈[1,m];
And normalizing the characteristic value of the ith event and each moment point:
wherein ,
is the characteristic value of the t moment point of the i-th event after normalization, and
3. the causal relationship-based anomaly detection method of claim 2, wherein the meshing of the normalized eigenvalues at each time point comprises:
for a pair of
A scatter diagram is formed: { ( i (1),x j (1)),( i (2),x j (2)),…,( i (),x j () -j e 1, n)]And i+.j;
dividing the grids of a row and b column at intervals
Thereby +.>
Seed division.
4. A causal relationship-based anomaly detection method according to claim 3, wherein said calculating the maximum mutual information coefficient of the eigenvalue of each point in time and the eigenvalues of a plurality of points in time comprises:
respectively acquiring probabilities that scattered points fall in a plurality of areas in the scattered points, and acquiring joint probability distribution according to the probabilities;
calculating a mutual information value:
press (-1) 2 Mutual information value obtained by a division mode:
and find out the maximum mutual information value: />
Regularized to obtain
And->
Maximum mutual information coefficient: />
5. The causal relationship-based anomaly detection method of claim 4, wherein the respectively acquiring probabilities of the scatter points falling in the plurality of areas in the scatter plot and acquiring the joint probability distribution according to the probabilities comprises:
setting a=2, b=2, n=10, performing
A meshing to divide all data points into four regions: { region one, region two, region three, region four }, thus will +.>
Divided into left and right parts>
Dividing into an upper part and a lower part;
respectively acquiring probabilities of scattering points falling in four areas in the scattering point diagram:
acquiring joint probability distribution according to probability:
6. the causal relationship-based anomaly detection method of claim 4 or 5, wherein the screening feature values of a plurality of time points according to a maximum mutual information coefficient comprises:
calculating the maximum mutual information coefficient { M ] between the characteristic values of a plurality of time points of the ith event and the characteristic values of a plurality of time points of the plurality of events i1 ,M i2 ,…M ij ,…,M in },i≠j;
And screening all maximum mutual information coefficients larger than a preset threshold value.
7. The causal relationship-based anomaly detection method of claim 6, wherein the establishing causal relationship or correlation based on the screening result to obtain a relationship chain of a plurality of events occurring in the system comprises:
according to
And->
Respectively searching for the maximum mutual information coefficient after screening according to the time occurrence sequence of (4)>
And->
The first non-zero value in the n-dimensional time series of (2), wherein +_>
The first non-zero value in the n-dimensional time series of (2) is +.>
The first non-zero value in the n-dimensional time series of (2) is +.>
If s<t is then
And->
Is causally related and +>
Is->
For reasons of (1) a causal relationship tether is obtained: />
/>
If s>t is then
And->
Is causally related and +>
Is->
For reasons of (1) a causal relationship tether is obtained: />
If s=t, then
And->
The method has the correlation relationship, and a correlation relationship chain is obtained: />
8. The causal relationship-based anomaly detection method of claim 7, wherein the establishing causal relationship or correlation according to the screening result to obtain a relationship chain of a plurality of events occurring in the system, further comprises:
acquiring and combining causal relation chains among a plurality of events to acquire a complete causal relation diagram of the system;
and obtaining and combining correlation chains among a plurality of events to obtain a complete correlation diagram of the system.
9. The causal relationship-based anomaly detection method of claim 8, wherein the chain of dependencies locates anomaly events, comprising:
the abnormal event in the running process of the system is put into a causal graph to be searched for locating the occurrence position of the abnormal event, so that the subsequent connection is cut off, and the reason is traced and corrected;
the method comprises the steps of putting an abnormal event in the running process of a system into a correlation diagram to search for the abnormal event so as to judge whether the correlation event with the correlation with the abnormal event is abnormal or not;
if the related event is abnormal, searching in the causal relation graph to locate the related event, so as to cut off the related event, reduce the influence on the subsequent event, trace the source and correct the reason.
10. A computer readable storage medium, wherein a plurality of instructions are stored in the storage medium, the instructions being adapted to be loaded by a processor to perform a causal relationship based anomaly detection method according to any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211557939.9A CN116010137A (en) | 2022-12-05 | 2022-12-05 | Abnormality detection method based on causal relationship |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211557939.9A CN116010137A (en) | 2022-12-05 | 2022-12-05 | Abnormality detection method based on causal relationship |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116010137A true CN116010137A (en) | 2023-04-25 |
Family
ID=86018534
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211557939.9A Pending CN116010137A (en) | 2022-12-05 | 2022-12-05 | Abnormality detection method based on causal relationship |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116010137A (en) |
-
2022
- 2022-12-05 CN CN202211557939.9A patent/CN116010137A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2021179572A1 (en) | Operation and maintenance system anomaly index detection model optimization method and apparatus, and storage medium | |
| CN113822421B (en) | Neural network-based anomaly locating method, system, equipment and storage medium | |
| US11640328B2 (en) | Predicting equipment fail mode from process trace | |
| CN117195139B (en) | Chronic disease health data dynamic monitoring method based on machine learning | |
| CN117312997B (en) | Intelligent diagnosis method and system for power management system | |
| CN111625516A (en) | Method and device for detecting data state, computer equipment and storage medium | |
| CN116010137A (en) | Abnormality detection method based on causal relationship | |
| CN116991947A (en) | Automatic data synchronization method and system | |
| CN117351271A (en) | Fault monitoring method and system for high-voltage distribution line monitoring equipment and storage medium thereof | |
| Sun et al. | Multi-source fault detection and diagnosis based on multi-level Knowledge Graph and Bayesian theory reasoning (S). | |
| CN112181792A (en) | Method, system and related assembly for abnormal marking of time sequence data | |
| CN114202110A (en) | Service fault prediction method and device based on RF-XGBOOST | |
| CN114003466A (en) | Fault root cause positioning method for micro-service application program | |
| CN109558258B (en) | Method and device for positioning root fault of distributed system | |
| CN113064812A (en) | Project development process quality defect prediction method, device and medium | |
| CN113033673A (en) | Training method and system for motor working condition abnormity detection model | |
| CN112395280B (en) | Data quality detection method and system | |
| WO2020229541A1 (en) | Method for controlling a metal rolling process for producing intermediate castings, a related computer system, and a method for producing intermediate castings | |
| CN113553630B (en) | Hardware Trojan detection system based on unsupervised learning and information data processing method | |
| CN112733015B (en) | User behavior analysis method, device, equipment and medium | |
| Shanmuganathan et al. | Production Line Monitoring using Mahalanobis-Taguchi System in Rubber-Based Product Industry | |
| CN114443637A (en) | Dynamic updating method and storage medium for shield tunneling parameter early warning standard | |
| CN115081181A (en) | Rotary machine state analysis method based on causal graph model | |
| CN117763473A (en) | Staff abnormal transaction behavior identification method, device, equipment and storage medium | |
| CN117462242A (en) | Intelligent laser freckle-removing control system for dermatology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |