46results about How to "Reduce the number of alerts" patented technology

The invention discloses comprehensive device monitoring system architecture. The comprehensive device monitoring system architecture comprises a data collection layer, a data processing layer and a data presentation layer; the data collection layer comprises a data collection engine and a data collection script and monitors the automatic generation of a configuration file; the data processing layer comprises a CMDB library data processing module, a business engine, a data collection engine monitoring configuration file transmission module, a collected transmission module of a data collection engine and a business engine and an analyzing and processing module of alarm data; the comprehensive device monitoring system architecture disclosed by the invention has a large alarm data size, thereby requiring a good alarm collection processing means to ensure the instantaneity; as the definitions of alarm fields of different industries and manufacturers are different, a large amount of works are required to trim the alarms; a flat management structure collectively processes the alarms in the industries on the basis of standardization of the alarms, thereby requiring an extract alarm association and preprocessing rule; and the incidence relation among the alarms, the IT resources and business is confirmed, and a model of alarm influence analysis is established.

The invention provides a network attack detection method and device. The method includes the steps that behavior characteristic parameters of a preset user and the number of intrusion prevention alarming times of the preset user are obtained in a preset period of time; the deviation degree of the preset user and each standard user is calculated according to behavior characteristic parameters of each standard user in a pre-built standard user model and the behavior characteristic parameters of the preset user, the pre-built standard user model corresponds to the preset user, and the deviation degree is used for representing the similarity of the behavior characteristic parameters of two users; the minimum deviation degree in the deviation degrees of the preset user and the standard users is determined; according to a weighted summation result of the number of intrusion prevention alarming times and the minimum deviation degree, network attack warning is generated for the preset user. The method and device can reduce the number of warning times and improve the effective rate of warning.

The invention discloses a fault detection method and device for a big data cluster, and relates to the technical field of computers. A specific embodiment of the method comprises the steps of collecting index data and log data of a big data cluster; determining abnormal information and a corresponding processing scheme according to the index data and the log data; performing machine learning on the abnormal information and the corresponding processing scheme, and storing a learning result into an operation and maintenance library; and performing fault detection on the big data cluster based ona learning result in the operation and maintenance library. According to the embodiment, the technical problems of difficult fault source detection and high operation and maintenance cost can be solved.

The invention relates to an abnormity detection system based on time sequence data in a cloud environment. The system comprises the following modules: a Collector data acquisition module, a data storage module, an Analyst analysis module and an alarm notification module. The Collector data collection module collects service index data of a device where the Collector data collection module is located at regular time and transmits the service index data to the data storage module through the convergence module. The storage module is used for storing time sequence data and transmitting the data to the analysis module, and the Analyst analyzer module is used for analyzing the time sequence data and pushing a notification message to a user rate through the alarm notification module. According to the scheme, the dynamic model is established through an algorithm to carry out abnormal detection, the operation and maintenance efficiency of the data center is improved, and the system is suitablefor centralized operation environments such as enterprise private clouds and data centers and does not depend on fixed empirical threshold setting. The monitoring system and the dynamic algorithm provided by the invention are used for detecting abnormities, so that the stiff setting of regularized alarms can be avoided.

The invention discloses a method for quickly testing compliance by a database auditing system. According to the invention, a 'black and white list' mode is introduced into database auditing products, so that the database auditing system is enabled to quickly screen out suspicious data from massive information, the number of alarm per day is effectively reduced, and the daily work burden of administrators is greatly reduced.

The invention discloses a method of a network element management system reporting the warning number message to a network management system, which aims at reporting the warning occurrence number message and reducing the warning number at the same time. The method is characterized in recoding the warning occurrence total number which is received by the network element management system, and the warning number which is received in a time interval; wherein, the warning occurrence total number is the unrestored warning total number which is received by the network element management system; the network element management system takes the warning occurrence total number and the warning number as the content of warning number message to report to the network management system. By adopting the method provided by the invention, the EMS can report the warning number message to the NMS while reduce the warning number at the same time, thus facilitate the NMS to obtain more warning related messages, and also facilitate the management and maintenance work of the managers.

The invention discloses a root alarm analysis and identification method and device. The method comprises the following steps: establishing an alarm correlation analysis model according to historical alarm data and resource information of the historical alarm data; collecting real-time alarm data and corresponding resource information, filtering invalid real-time alarm data in the real-time alarm data, and storing the valid real-time alarm data into an alarm database; inputting the effective real-time alarm data into the alarm correlation analysis model, obtaining the correlation between the effective real-time alarm data, confirming a root alarm and a derivative alarm thereof in the real-time alarm data, and obtaining an associated alarm data set; and establishing an alarm tree according to the associated real-time alarm data set. According to the method, the alarm set with the incidence relation is analyzed, and the root alarm in the alarm set is confirmed, so that maintenance personnel can quickly position and remove faults.

The invention discloses a ship network real-time abnormity detection method based on a programmable data plane. The method comprises the following steps: 1) collecting network state data of each nodei in a network; 2) at each time point t, inputting the sequence data of the network state data into a hierarchical memory network HTM to obtain a prediction error; 3) taking the distribution of the original prediction error as a measure, calculating the likelihood value of the abnormal degree by using the distribution, and judging whether to trigger an abnormal alarm; 4) in multivariable joint anomaly detection, decomposing the input into a plurality of sub-modules according to the number of parameters, and obtaining a global metric through joint likelihood anomaly score calculation to represent an abnormity likelihood score of the whole system; and 5) carrying out joint estimation on the distribution of the original abnormity scores of the plurality of detection systems, and judging whether to trigger an anomaly alarm. The invention provides the abnormity detection method capable of quantitatively evaluating the abnormity degree of a network.

The invention discloses a network auditing method and device of an industrial control system, and relates to the technical field of industrial automation control. One specific embodiment of the methodcomprises the following steps: industrial firewall equipment and an industrial control monitoring terminal being used for identifying and alarming, putting the identified alarms into a filter table,receiving each alarm in the filter table by a unified security management platform, and for each alarm, obtaining a total threat value of each alarm according to a threat value list pre-stored in theunified security management platform; and determining the threat level of each alarm based on the acquired total threat value of each alarm, and determining the display of the alarm according to the determined threat level. According to the embodiment, high-risk alarm identification can be carried out on the alarm information generated by violation of the white list rule, a large number of high-risk alarms caused by incomplete white list learning data are avoided, the number of the high-risk alarms is reduced, and a user can process the high-risk alarms conveniently and preferentially.

The invention discloses a tracheal cannula with function of automatically eliminating phlegm, which comprises two ventilation ducts, namely an air inlet and outlet duct (1) and a special exhaust duct(2); and the special exhaust duct (2) is provided with a phlegm eliminating device (3). The invention also discloses an automatic phlegm eliminating system comprising the tracheal cannula with the function of automatically eliminating phlegm. The air inlet and outlet duct (1) and/or the special exhaust duct (2) of the tracheal cannula with the function of automatically eliminating phlegm are respectively connected with a respirator (5) or are integrated into a common duct and then connected with the respirator (5). The tracheal cannula has the function of automatically sucking the phlegm, greatly lightens the work load of medical care personnel, reduces the alarm frequency of an artificial respirator, relieves the pain of the patient due to phlegm sucking, and has low cost and great marketand social values.

The invention relates to the technical field of Internet and multimedia, and provides an alarm intelligent analysis and display method which is characterized by comprising the following steps of Step1, receiving the collected engine alarm data; step2, after the aggregation analysis is conducted on the engine alarm data, extracting the specified attribute data; step3, persisting the clustering result to an interface of a third-party full-text retrieval engine, and providing a data filtering interface for displaying the clustering data at a Web front end; and step 4, outputting a clustering alarm message.

The invention discloses a safety protection system and method. The system comprises: a threat event detection module which is suitable for carrying out threat detection on a to-be-protected object so as to obtain a plurality of threat events generated in the threat detection process; an aggregation module which is suitable for performing aggregation processing on the plurality of generated threat events so as to generate at least one security event corresponding to the plurality of threat events, wherein one security event is formed by aggregating a plurality of threat events; and an alarm module which is suitable for generating alarm information corresponding to the security event. By adopting the scheme, the closed-loop processing of the threat event can be realized, the processing efficiency is improved, and the effective protection of the security protection object is realized; moreover, according to the scheme, the number of events to be processed and the number of alarms can be greatly reduced through aggregation processing of the threat events, and the processing precision is further improved on the basis of saving system resources and improving the processing efficiency.