Mining Alarm Clusters to Improve Alarm Handling Efficiency
نویسنده
چکیده
It is a well-known problem that intrusion detection systems overload their human operators by triggering thousands of alarms per day. As a matter of fact, we have been asked by one of our service divisions to help them deal with this problem. This paper presents the results of our research, validated thanks to a large set of operational data. We show that alarms should be managed by identifying and resolving their root causes. Alarm clustering is introduced as a method that supports the discovery of root causes. The general alarm clustering problem is proved to be NP-complete, an approximation algorithm is proposed, and experiments are presented.
منابع مشابه
Mining of an Alarm Log to Improve the Discovery of Frequent Patterns
In this paper we propose a method to pre-process a telecommunication alarm log with the aim of discovering more accurately frequent patterns. In a first step, the alarm types which present the same temporal behavior are clustered with a self organizing map. Then, the log areas which are rich in alarms of the clusters are searched. The sublogs are built based on the selected areas. We will show ...
متن کاملMining Sequential Alarm Patterns in a Telecommunication Database
A telecommunication system produces daily a large amount of alarm data which contains hidden valuable information about the system behavior. The knowledge discovered from alarm data can be used in finding problems in networks and possibly in predicting severe faults. In this paper, we devise a solution procedure for mining sequential alarm patterns from the alarm data of a GSM system. First, by...
متن کاملIntrusion Detection Alarms Filtering System Based On Ant Clustering Approach
With the increasing of network attacks, network information security has become an issue of global concern. The problem with the mainstream intrusion detection system is the huge number of alarm information, it has high false positive rate. This paper presents a data mining technology to reduce false positive rate and improve the accuracy of detection. The technique is unsupervised clustering m...
متن کاملAn efficient SOM-based pre-processing to improve the discovery of frequent patterns in alarm logs
We describe a pre-processing technique for mining a telecommunication alarm log for frequent temporal patterns. The method consists in extracting relevant subsets from the initial log with the aim of discovering frequent patterns more accurately. In a first step, the alarm types presenting the same temporal behaviour are clustered with a self organizing map. Then, log areas which are rich in al...
متن کاملAn Effective Mining Algorithm for Weighted Association Rules in Communication Networks
The mining of weighted association rules is one of the primary methods used in communication alarm correlation analysis. With large communication alarm database, the traditional methods often treated each item evenly that makes the process of mining association rules time consuming. To improve the efficiency, items appearing in transactions are weighted using the analytic hierarchy process to r...
متن کامل