改进加权方法的告警关联分析算法  被引量：1

作　　者：朱圳 张引发[3] 刘立芳[1] 齐小刚 ZHU Zhen;ZHANG Yinfa;LIU Lifang;QI Xiaogang(School of Computer Science and Technology,Xidian University,Xi'an 710071,China;School of Mathematics and Statistics,Xidian University,Xi'an 710071,China;School of Information and Communication,University of National Defense Science and Technology,Changsha 210023,China)

机构地区：[1]西安电子科技大学计算机科学与技术学院,西安710071 [2]西安电子科技大学数学与统计学院,西安710071 [3]国防科技大学信息通信学院,长沙210023

出　　处：《吉林大学学报（信息科学版）》2023年第1期57-66,共10页Journal of Jilin University（Information Science Edition）

基　　金：国家自然科学基金资助项目(61877067)。

摘　　要：以往告警关联分析算法中将告警重要性视为相同,为区分不同告警的重要性差异,以及告警中包含信息量的差异性,提出一种改进加权方法的告警关联分析算法。首先将告警信息中有关告警重要性的属性量化,并使用极端梯度提升(XGBoost:eXtreme Gradient Boosting)集成学习模型训练,得到告警属性的权重值,并对告警数据赋予权重;然后,将网络拓扑数据加入滑动窗口中,改进传统滑动窗口划分事务存在的问题,改进后的滑动窗口划分的事务集更加真实可靠;最终将加权后的告警事务集使用加权FP-Growth(Frequent Pattern Growth)算法挖掘频繁告警和关联规则。通过实验验证了该改进加权方法的告警关联分析算法在挖掘频繁告警、重要关联规则和时间上都有很好的性能。In the previous alarm correlation analysis algorithms, the alarm importance is regarded as the same. In order to distinguish the difference in importance of different alarms and the difference in the amount of information contained in the alarms, an alarm correlation analysis algorithm with improved weighting method is proposed. First, the attributes related to alarm importance in the alarm information are quantified, and the XGBoost(eXtreme Gradient Boosting) integrated learning model is used to train them to obtain the weight value of the alarm attribute, and the weight assigned to the alarm data. Then, the network topology data is added to the sliding window to improve the problems in the division of transactions by the sliding window. The improved transaction set divided by the sliding window is more realistic and reliable. Finally, the weighted alarm transaction set is used to mine frequent alarms and association rules by using the weighted FP-Growth(Frequent Pattern Growth) algorithm. Experiments show that the alarm correlation analysis algorithm with improved weighting method has good performance in mining frequent alarms, important association rules and time.

关 键 词：告警相关性分析 通信网络 XGBoost算法 加权告警分析 FP-GROWTH算法 

分 类 号：TP131[自动化与计算机技术—控制理论与控制工程]