网络告警关联规则挖掘系统的研究与设计

【作者】 肖海林；

【导师】 李兴明；

【作者基本信息】 电子科技大学 ， 通信与信息系统， 2007， 硕士

【摘要】 故障诊断与定位是网络管理的核心,当网络发生故障时,要求及时找到网络发生故障的位置和原因,以便快速的排除故障,恢复网络的功能。告警相关性分析在网络故障管理中占据着重要的地位,是故障诊断的重要手段之一。数据挖掘为告警相关性分析中知识获取提供了新的途径。在现代网络中,告警的某些属性分为不同的级别,而且,不同QoS要求的业务对告警处理的程度也有所不同。本文以国家自然科学基金项目《基于数据挖掘的通信网告警相关性分析》为背景,重点研究了网络告警加权关联规则挖掘,包括告警预处理、加权关联规则挖掘、规则的后处理以及网络告警关联规则挖掘系统的仿真验证。本文采用专家系统来完成告警的预处理。用时间窗口和滑动步长的思想解决了告警时间同步问题,将同一时间窗口内的告警看作一个告警事务,提取告警中反映网络故障的告警属性字段组成告警事务项,并用告警压缩的方法删除同一告警事务中的冗余告警信息。专家系统运用层次分析法来确定告警的权值,仿真结果表明运用该方法确定的告警权值能反映用户对不同告警的关注程度和网络的动态变化。本文针对网络告警信息量大、告警具有突发性等特点,对已有的加权关联规则挖掘算法做了相应的改进,提出了一种基于频繁模式树的网络告警加权关联规则挖掘算法-WFPTA算法。算法的优点是无需重复多次的遍历数据库,无需递归的进行条件频繁模式树的构建。算法的性能测试结果表明:该算法在运行效率和占用内存空间上与MINWAL(O)算法相比都有很大的改善。最后,本文基于冗余规则和结构化规则涵盖集的概念,提出了一种定量化的关联规则后处理算法。算法能够有效地删除用户给定的最小置信度增量阈值空间集内所有冗余的、信息重复的规则。网络告警关联规则挖掘系统的仿真验证表明,该系统能够快速有效地挖掘出反映网络故障的告警关联规则,将形式简洁、信息完整的告警规则呈现给用户,对网络告警相关性分析和故障的诊断定位有一定的意义和实用价值。更多还原

【Abstract】 Fault diagnosis and localization is the vital core of the network management. When the faults take place in the networks, it is necessary to find the locations and the causations of the faults in time in order to get rid of the faults and recover the networks’function rapidly. The alarm correlation analysis, an important approach of fault diagnosis, plays a crucial role in network fault management. Data mining provides a new approach of the knowledge updating during the alarm correlation analyzing. In modern networks, some of the alarm’s attributes has different levels, and services with different QoS requests need different treatment of alarms. With the background of the project, the alarm correlation in communication networks based on data mining, that is supported by National Natural Science Foundation of China, this thesis focused on mining weighted alarm association rules in networks, including the alarm’s pretreatment, mining weighted association rules, the rules’post-treatment and the simulation and validation of the system of mining weighted alarm association rules in networks.The alarm’s pretreatment was carried out by expert system. The problem of alarm’s synchronization was settled by setting time window and slip length. The alarms in the same time windows were regarded as an alarm transaction. The attributes of the alarm that reflect the faults were picked out to form an item of an alarm transaction. The redundant alarms were got rid of by alarm compressing. The analytic hierarchy process was applied to deciding the weight of the alarm. The simulation result indicates that the weight decided by this method can reflect the users’concentration on different alarms and the dynamic change of the networks.Based on the existent algorithms of mining weighted association rules, aimed at the networks’characters that are having amount of alarms that can burst out randomly, a pattern tree based algorithm-WFPTA of mining weighted alarm association rules was constructed. The big advantage of the WFPTA algorithm is it is unnecessary to traverse the database repeatedly and to construct the conditional pattern tree recursively. The performance test of the algorithm indicates that compared with MINWAL (O), this algorithm is improved in both the executive time and the used memory. Based on the concept of redundant rules and structural rule cover, a quantificational algorithm of rule post-treatment was constructed, which can delete the whole redundant and repeated rule effectively by the minimum confidence increment threshold provided by the user.The simulation and validation of the system of mining weighted alarm association rules in networks indicates that it can find out effective alarm rules which reflect the faults in networks rapidly. It is also validated that the system which provides the user the compact alarm rules with complete information is valuable and useful to the alarm correlation analysis and fault diagnosis and localization in networks.更多还原