CN116760681A - Fault node association discovery method based on frequent item analysis - Google Patents
Fault node association discovery method based on frequent item analysis Download PDFInfo
- Publication number
- CN116760681A CN116760681A CN202310717860.6A CN202310717860A CN116760681A CN 116760681 A CN116760681 A CN 116760681A CN 202310717860 A CN202310717860 A CN 202310717860A CN 116760681 A CN116760681 A CN 116760681A
- Authority
- CN
- China
- Prior art keywords
- alarm
- mode
- data
- alarm mode
- database
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 21
- 238000005065 mining Methods 0.000 claims description 6
- 238000004140 cleaning Methods 0.000 claims description 5
- 238000001914 filtration Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 abstract description 6
- 238000001514 detection method Methods 0.000 abstract description 4
- 238000004891 communication Methods 0.000 abstract description 3
- 238000012098 association analyses Methods 0.000 abstract description 2
- 238000012423 maintenance Methods 0.000 description 7
- 230000002159 abnormal effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000010219 correlation analysis Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000013024 troubleshooting Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of communication, in particular to a fault node association discovery method based on frequent item analysis. The invention is based on frequent item analysis technology, obtains the alarm mode by carrying out association analysis on the historical alarm information data of the bearing network, obtains the association relation between fault nodes according to the alarm mode, and forms an association knowledge base after obtaining the association relation between the fault nodes. According to the invention, the association relation of the fault nodes can be found in a short time by adopting a frequent item analysis technology according to the historical alarm information of the load-bearing network and the alarm information generated in the running process, the fault nodes are automatically positioned, network operation staff is assisted, the range of fault equipment is reduced for the operation staff, and the fault detection and solving efficiency is improved.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method for discovering a failure node of a communications network.
Background
With the advent of the 5G age, the demands of users for high bandwidth and low latency for network services are increasing, which puts more stringent robustness and faster failure detection speed requirements on the bearer network. When an abnormal failure occurs in the network, the failed device needs to be first located for subsequent repair. The traditional operation and maintenance service detection based on manpower has the defects of slower corresponding speed, insufficient precision and higher cost, can not meet the requirement of the operator on the efficient operation and maintenance of the network in the future, and gradually becomes a key problem of network operation and maintenance to be solved urgently.
Because the distribution of the bearing network is wide, a certain equipment fault often causes a plurality of equipment faults, so that the bearing network cannot normally provide services for users. Therefore, all affected fault devices need to be discovered through analyzing fault conditions so as to be processed in time by operation and maintenance personnel, and user services are restored in time. At present, no correlation analysis and discovery technology is available for carrying out the bearing network fault node, all equipment possibly involved in the fault is usually required to be manually checked by operation and maintenance personnel according to alarm information, and because single-point faults often cause centralized alarm of more equipment in a short time, the workload of the operation and maintenance personnel for checking the fault equipment is larger, and the fault positioning and repairing efficiency is lower. At present, no related technical application improves the working efficiency of operation and maintenance personnel by finding out the association relation between fault nodes.
Disclosure of Invention
The invention aims to solve the technical problem of constructing a fault node association discovery method based on frequent item analysis, improving the fault troubleshooting and solving efficiency and reducing the abnormal time for providing service for users due to the bearing network faults.
In order to solve the technical problems, the invention provides a fault node association discovery method based on frequent item analysis, which comprises the following steps:
step a: performing alarm mode mining on historical alarm information data, and acquiring equipment sets which generate alarm information in the time difference of a limiting threshold value for at least ten times in the historical alarm information data to form an alarm mode;
step b: and forming an alarm mode database according to the alarm modes and combining network topology data, and associating fault equipment.
Specifically, step a comprises the sub-steps of:
step a-1: setting a minimum support threshold, scanning a data set, calculating the support of each alarm network element, and filtering alarm network elements which do not meet the conditions according to the minimum support threshold;
step a-2: constructing a growth tree, wherein each node represents a network element, and the node records the support count of the network element and a linked list pointer pointing to the same alarm network element;
step a-3: for each alert mode, obtaining its conditional mode base from the growing tree by traversing the growing tree and the iterative prefix path;
step a-4: recursively converting the conditional mode base into a new growth tree, deleting alarm network elements smaller than a minimum support threshold until a tree structure of a single path is formed;
step a-5: steps a-3 and a-4 are repeated until the growing tree is empty or no more alert modes can be regenerated.
More specifically, step b comprises the sub-steps of:
step b-1: and (3) matching the network topology structure according to the alarm modes output in the steps (1-4). If network connection exists between the devices in the alarm mode, executing the step b-2; otherwise, executing the step b-4;
step b-2: inquiring an alarm mode database, and if the data item of the alarm mode exists, returning to the step b-1 to verify the next group of alarm modes; if the data item of the alarm mode does not exist, adding the data item of the alarm mode into an alarm mode database, and returning to the step b-1 to verify the next group of alarm modes; if the alarm mode subset exists in the alarm mode database, executing the step b-3;
step b-3: deleting the subset of alert modes from the alert mode database and inserting the alert mode into the database;
step b-4: outputting the alarm mode, delivering the alarm mode to an expert to judge whether the alarm mode is correct, adding the alarm mode into an alarm mode database if the alarm mode is correct, and returning to the step b-1 to verify the next group of alarm modes; if not, the alert mode is discarded and the process returns to step b-1 to verify the next set of alert modes.
Optimally, before the alarm mode mining in the step a, a step c is performed, in which data cleaning is performed on historical alarm information data, and data which do not accord with formatting definition and redundant data are removed.
Specifically, step c comprises the sub-steps of:
step c-1: extracting important fields related to alarm content and network topology from a historical alarm information database, wherein the important fields comprise log ID, alarm type, influence network element ID, alarm time, positioning information and alarm ports;
step c-2: data of which the column labels are not consistent with the row content is removed;
step c-3: and (3) only keeping the alarm records of the starting point of the time window for alarms of the same measuring point caused by the same alarm type in the database, and deleting the alarm records of other same measuring points in the time window.
According to the invention, the association relation of the fault nodes can be found in a short time by adopting a frequent item analysis technology according to the historical alarm information of the load-bearing network and the alarm information generated in the running process, the fault nodes are automatically positioned, network operation staff is assisted, the range of fault equipment is reduced for the operation staff, and the fault detection and solving efficiency is improved.
Drawings
The technical scheme of the invention is further specifically described below with reference to the accompanying drawings and the detailed description.
FIG. 1 is a general flow chart of a fault correlation discovery method based on frequent item analysis of the present invention.
FIG. 2 is a diagram of the structure of a growth tree involved in step 2-2 of the method of the present invention.
FIG. 3 is a diagram illustrating the operation of the present invention for generating an alert mode in steps 2-4 of the method.
Detailed Description
The invention is based on frequent item analysis technology, obtains the alarm mode by carrying out association analysis on the historical alarm information data of the 5G bearer network, obtains the association relation between fault nodes according to the alarm mode, and forms an association knowledge base after obtaining the association relation between the fault nodes. And alarm information is generated in the running process of the system, and associated equipment can be confirmed according to the associated knowledge base, so that the fault investigation range is reduced.
Referring to fig. 1, the method for discovering the association of the fault node based on frequent item analysis generally comprises the following steps:
step 1: and acquiring historical alarm information and cleaning data. Namely, clearing data of which the uplink content and the column labels are not in accordance or the row content is empty in a plurality of important fields; in addition, repeated alarm data generated due to untimely alarm processing needs to be cleared.
Step 2: and (5) mining an alarm mode. And (3) carrying out alarm mode mining on the cleaned data, and acquiring equipment sets which generate alarm information for at least ten times in the time difference of a limited threshold value in the historical data, wherein the equipment sets are a frequent item set, and the equipment sets are defined as an alarm mode.
Step 3: and analyzing the data to obtain the fault association relationship between the region and the equipment. And (2) forming an alarm mode database according to the alarm mode generated in the step (2) and combining network topology data, and associating fault equipment. Since the devices in the alert mode are generating alert information multiple times simultaneously, malfunctioning devices that occur in the same alert mode may be considered to be associated.
Specifically, step 1 comprises the following sub-steps:
step 1-1: and extracting important fields related to alarm content and network topology from a 5G bearer network alarm information database, wherein the important fields comprise log ID, alarm type, influence network element ID, alarm time, positioning information and alarm ports.
Step 1-2: and (5) cleaning data, namely cleaning data of which the column labels do not coincide with the row contents. After the data is extracted, partial data fields are possibly missing or inconsistent with field definition due to error and leakage of data storage, and the data are regarded as useless data to be discarded, so that the data format is ensured to be correct.
Step 1-3: and clearing redundant data. Because the alarms are not processed in time, the equipment repeats the alarms, redundant data is cleared by a time window with the set size of 300 seconds, the alarms of the same measuring point in the database caused by the same alarm type are reserved, only the alarm records at the starting point of the time window are reserved, and the alarm records of other same measuring points in the time window are deleted.
Specifically, step 2 comprises the following sub-steps:
step 2-1: setting a minimum support threshold, wherein the minimum support threshold is set to be 10, scanning an alarm information data set, calculating the support degree of each alarm network element, and filtering the alarm network elements with the support degree smaller than the minimum support threshold;
step 2-2: and constructing a growth tree, wherein each node represents a network element, and the node records the support count of the network element and a linked list pointer pointing to the same alarm network element. The table 1 is a set of alarm records of the alarm network elements, and one line is a set of network elements which alarm simultaneously. The structure of the grown tree is shown in fig. 2. Since the minimum support threshold is 10, the tree size that can be subjected to the subsequent operations tends to be large. In order to show the overview of the tree structure in one picture, the minimum support threshold is set to 2 here; the following table 1 is the output result of step 1, and each row in table 1 represents a list of network elements that alarm within the same 300 second time window; and inserting each row of data into the growth tree with null root nodes according to the traversing sequence from left to right, and finally forming a dictionary tree-like structure. Each node in the tree records a network element name and also records the number of times the node has been traversed. The support degree count corresponding to each network element is equal to the sum of the traversed times of all nodes corresponding to the network element;
table 1 alert network element alert record example
Sequence number | Alarm network element number |
1 | A,E,C,D,F |
2 | A,E,G |
3 | C |
4 | A,E,C,G,B |
5 | A,E,C,G |
6 | C |
7 | A,E,C,D,F |
8 | A,E,B |
9 | A,E,C,G |
10 | A,E,C,G |
Step 2-3: a node is selected from the growing tree, a set of frequent items containing the node is mined, and its conditional pattern base is obtained from the growing tree by traversing the growing tree and the iterative prefix path. The conditional schema base is defined as a subtree corresponding to a node to be mined as a leaf node, and does not contain the leaf node;
step 2-4: and setting the support degree count of all ancestor nodes in the conditional mode base as the support degree count of the leaf node, and deleting the nodes with the support degree count smaller than the minimum support degree threshold until a tree structure of a single path is formed. And arranging and combining the nodes in the tree with the nodes to be mined to form a plurality of frequent item sets, wherein each frequent item set is an alarm mode. The specific steps are shown in fig. 3. The left side of fig. 3 is a subtree corresponding to a node corresponding to the network element F as a leaf node; because the subtree is a single-fork tree, the support degree count of all other nodes is recursively set as the support degree count 2 of the leaf node, no node support degree count is smaller than the minimum threshold value, no node is required to be deleted, and finally, a tree structure of a single path on the right side of the figure 3 is formed, and the corresponding leaf node of the network element F in the figure 3 is omitted; and finally, mathematically arranging and combining the leaf node F with all other nodes to generate a plurality of network element sets, wherein each set is an alarm mode. The tree shown in FIG. 2 is grown, and the alarm modes of the F node are mined to obtain all the alarm modes shown in the following table 2
Table 2 contains alert modes for F node
{A,F}、{E,F}、{C,F}、{D,F} |
{A,E,F}、{A,C,F}、{A,D,F}、{E,C,F}、{E,D,F}、{C,D,F} |
{A,E,C,F}、{A,E,D,F}、{E,C,D,F} |
{A,E,C,D,F} |
Step 2-5: and repeating the steps 2-3 and 2-4 until the growing tree is empty or no more alarm modes can be generated, namely generating all alarm modes.
Step 3 comprises the following sub-steps:
step 3-1: and (3) according to the alarm modes output in the step (2), taking the alarm modes mined by the same node as the same group, and matching the network topology structure. That is, if there is a network connection between devices in a certain alarm mode, executing step 3-2; otherwise, executing the step 3-4;
step 3-2: establishing an alarm mode database; inquiring an alarm mode database, and if the data item of the alarm mode exists, returning to the step 3-1 to verify the next group of alarm modes; if the data item of the alarm mode does not exist, adding the data item of the alarm mode into an alarm mode database, and returning to the step 3-1 to verify the next group of alarm modes; if the alert mode subset exists in the alert mode database, performing step 3-3, wherein the alert mode (frequent item set) subset is also called a sub-alert mode, which is another frequent item set consisting of and only a part of the network element devices in its parent alert mode;
step 3-3: deleting a sub-alarm mode from an alarm mode database and inserting the alarm mode into the database, wherein the aim of the step is to reduce the verification of the redundant alarm mode and the workload of manual judgment; then, step 3-4 is performed.
Step 3-4: outputting the alarm mode, delivering the alarm mode to an expert to judge whether the alarm mode is correct, adding the alarm mode into an alarm mode database if the alarm mode is correct, and returning to the step 3-1 to verify the next group of alarm modes; if not, the alert mode is discarded and the process returns to step 3-1 to verify the next set of alert modes.
Finally, it should be noted that the above-mentioned embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made to the technical solution of the present invention without departing from the spirit and scope of the technical solution of the present invention, and all such modifications and equivalents are intended to be encompassed in the scope of the claims of the present invention.
Claims (5)
1. The fault node association discovery method based on frequent item analysis is characterized by comprising the following steps of:
step a: performing alarm mode mining on historical alarm information data, and acquiring equipment sets which generate alarm information in the time difference of a limiting threshold value for at least ten times in the historical alarm information data to form an alarm mode;
step b: and forming an alarm mode database according to the alarm modes and combining network topology data, and associating fault equipment.
2. The method for discovering association of a failed node based on frequent item analysis as claimed in claim 1, wherein the step a comprises the sub-steps of:
step a-1: setting a minimum support threshold, scanning a historical alarm information data set, calculating the support degree of each alarm network element, and filtering out alarm network elements with the support degree smaller than the minimum support threshold;
step a-2: constructing a growth tree, wherein each node represents a network element, and the node records the support count of the network element and a linked list pointer pointing to the same alarm network element;
step a-3: for each alert mode, obtaining its conditional mode base from the growing tree by traversing the growing tree and the iterative prefix path;
step a-4: recursively converting the condition mode base into a new growth tree, deleting the alarm network elements with the support degree smaller than the minimum support degree threshold value until a tree structure of a single path is formed;
step a-5: steps a-3 and a-4 are repeated until the growing tree is empty or no more alert modes can be regenerated.
3. The method for discovering a failed node association based on frequent item analysis as claimed in claim 2, wherein the step b comprises the sub-steps of:
step b-1: c, matching the network topology structure according to the alarm mode output by the step a; if network connection exists between the devices in the alarm mode, executing the step b-2; otherwise, executing the step b-4;
step b-2: inquiring an alarm mode database, and if the data item of the alarm mode exists, returning to the step b-1 to verify the next group of alarm modes; if the data item of the alarm mode does not exist, adding the data item of the alarm mode into an alarm mode database, and returning to the step b-1 to verify the next group of alarm modes; if the alarm mode subset exists in the alarm mode database, executing the step b-3;
step b-3: deleting the subset of alert modes from the alert mode database and inserting the alert mode into the database;
step b-4: outputting the alarm mode, delivering the alarm mode to an expert to judge whether the alarm mode is correct, adding the alarm mode into an alarm mode database if the alarm mode is correct, and returning to the step b-1 to verify the next group of alarm modes; if not, the alert mode is discarded and the process returns to step b-1 to verify the next set of alert modes.
4. A method for finding a fault node association based on frequent item analysis as claimed in any one of claims 1 to 3, wherein said step a is preceded by an alert pattern mining
And c, data cleaning is carried out on the historical alarm information data, and data which do not accord with formatting definition and redundant data are removed.
5. The method for discovering a failed node association based on frequent item analysis as claimed in claim 4, wherein the step c comprises the sub-steps of:
step c-1: extracting important fields related to alarm content and network topology from a historical alarm information database, wherein the important fields comprise log ID, alarm type, influence network element ID, alarm time, positioning information and alarm ports;
step c-2: data of which the column labels are not consistent with the row content is removed;
step c-3: and (3) only keeping the alarm records of the starting point of the time window for alarms of the same measuring point caused by the same alarm type in the database, and deleting the alarm records of other same measuring points in the time window.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310717860.6A CN116760681A (en) | 2023-06-16 | 2023-06-16 | Fault node association discovery method based on frequent item analysis |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310717860.6A CN116760681A (en) | 2023-06-16 | 2023-06-16 | Fault node association discovery method based on frequent item analysis |
Publications (1)
Publication Number | Publication Date |
---|---|
CN116760681A true CN116760681A (en) | 2023-09-15 |
Family
ID=87947329
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310717860.6A Pending CN116760681A (en) | 2023-06-16 | 2023-06-16 | Fault node association discovery method based on frequent item analysis |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116760681A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117526249A (en) * | 2023-11-03 | 2024-02-06 | 青岛裕华电子科技有限公司 | Electric energy use control management system and method applying data analysis technology |
-
2023
- 2023-06-16 CN CN202310717860.6A patent/CN116760681A/en active Pending
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117526249A (en) * | 2023-11-03 | 2024-02-06 | 青岛裕华电子科技有限公司 | Electric energy use control management system and method applying data analysis technology |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108446184B (en) | Method and system for analyzing fault root cause | |
EP2237486B1 (en) | Automated network condition identification | |
CN116760681A (en) | Fault node association discovery method based on frequent item analysis | |
US9311175B2 (en) | Method and system for processing log information | |
CN101192194A (en) | Test case design method based on test case database | |
CN107818431A (en) | A kind of method and system that order track data is provided | |
CN107888409B (en) | Communication network configuration data automatic synchronization method with self-healing capability | |
CN108322318B (en) | Alarm analysis method and equipment | |
CN114866396B (en) | Method for realizing network fault location under inaccurate resources based on text similarity | |
US6481005B1 (en) | Event correlation feature for a telephone network operations support system | |
CN112583644A (en) | Alarm processing method, device, equipment and readable storage medium | |
CN101917282B (en) | Method, device and system for processing alarm shielding rules | |
CN106131134A (en) | A kind of message content merges De-weight method and system | |
CN113157904A (en) | Sensitive word filtering method and system based on DFA algorithm | |
CN101938420B (en) | Cluster topological collection method and device | |
CN110855480B (en) | Network fault fixed factor analysis method and device | |
KR101927689B1 (en) | Method for processing of cim network diagram | |
CN108197147B (en) | Operation and maintenance method and device for number card database | |
CN114500230B (en) | Optical transmission fault recording and broadcasting method and system based on time axis | |
CN107888415B (en) | Network management system data maintenance method | |
CN109861846A (en) | Using call relation acquisition methods, system and storage medium | |
CN116029271B (en) | Method for importing tree-type structure data in batches based on easy excel | |
CN117349087B (en) | Internet information data backup method | |
CN116722958A (en) | Method and system for matching communication channel with power grid business data | |
CN113965489B (en) | Link timeout detection method, device, computer equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |