Alarm intelligent analysis and display method

An intelligent analysis and post-analysis technology, applied in the network field, can solve problems such as imperfect configuration of policy rules, avalanche of alarms, inability to concentrate on troubleshooting network problems, etc., and achieve fast and efficient display, easy processing, and network alarm effects

Active Publication Date: 2019-08-16
HANGZHOU GUYI NETWORK TECH CO LTD
View PDF5 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The alarm events generated by the network system are very important to the safe and stable operation of the network system. Under normal circumstances, the frequency of alarm events should be very low. If there are too many, it means that the configuration of the policy rules for alarm occurrence may not be perfect; however, in abnormal situations When, for example, a large-scale external network attack occurs on the system, a large number of repeated types of alarm events will occur, which may further lead to the occurrence of an alarm avalanche event. Once it occurs, it will be a test for the robustness of the entire network security management system. When faced with a large number of alarms longer than 1 second, personnel cannot concentrate on troubleshooting network problems. These large numbers of irregular alarms cannot effectively assist security personnel to quickly locate and solve network risks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Alarm intelligent analysis and display method
  • Alarm intelligent analysis and display method
  • Alarm intelligent analysis and display method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0045] refer to figure 1 , this embodiment provides a schematic illustration of a method for intelligent analysis and display of alarms.

[0046] A method for intelligent analysis and presentation of an alarm comprises the following steps:

[0047] Step1: Receive the collected engine alarm data;

[0048] In this embodiment, the source of the engine's original alarm data is the network alarm monitoring and collection engine, and the engine sends the original alarm to the alarm collection module of the background service as Json data. Engine raw alarm data, for example, see attached Figure 7 .

[0049] attached Figure 7 Among the displayed attribute names, the most important attribute is the tag attribute, which is mainly used for cluster analysis, and alarms with the same tag are regarded as the same type of alarm.

[0050] Step2: extract specified attribute data after aggregation and analysis of the engine alarm data;

[0051] After consuming data from the acquisition ...

Embodiment 2

[0079] This embodiment allows for updating of the cluster analysis algorithm. The preferred embodiment is the same as the basic embodiment 1, and will not be repeated here.

[0080] Such as image 3 As shown, a kind of alarm intelligent analysis and display method of this embodiment, said Step2 also includes:

[0081] Step21: If the alarm data already exists, update it, if there is a new type, insert the data into the database.

[0082] Correspondingly, an alarm intelligent analysis and display system of this embodiment, such as Figure 4 As shown, the aggregation analysis module also includes:

[0083] The update unit, if the alarm data already exists, it will be updated, if there is a new type, then these data will be inserted into the database.

[0084] If the alarm data has already existed, it will be updated with new data, and if it is new alarm data (tag has not appeared), these data will be inserted into the database.

Embodiment 3

[0086] In this embodiment, a preferred embodiment of a clustering algorithm is selected in consideration of the requirements for the aggregation function of the industrial control platform. The preferred embodiment is the same as the basic embodiment 1, and will not be repeated here.

[0087] Such as Figure 5 As shown, a method for intelligent alarm analysis and display in this embodiment, the aggregation analysis specifically includes:

[0088] Step21: Insert the engine alarm into the full-text search database ElasticSearch, and the ElasticSearch database indexes and encodes the original data according to the specified field, and establishes a mapping table for the encoding and alarm data;

[0089] When inserting into the database, the database builds an index (inverted index) on the original data according to the above-mentioned alarm feature Tag field, that is, encodes the Tag, and creates a mapping table between the code and the alarm data, so that it can be aggregated w...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the technical field of Internet and multimedia, and provides an alarm intelligent analysis and display method which is characterized by comprising the following steps of Step1, receiving the collected engine alarm data; step2, after the aggregation analysis is conducted on the engine alarm data, extracting the specified attribute data; step3, persisting the clustering result to an interface of a third-party full-text retrieval engine, and providing a data filtering interface for displaying the clustering data at a Web front end; and step 4, outputting a clustering alarm message.

Description

technical field [0001] The invention relates to the field of network technology, in particular to a display method and system for realizing alarm intelligent analysis in an industrial control system. Background technique [0002] The description of the background technology in the present invention belongs to the related technology of the present invention, and is only used to illustrate and facilitate the understanding of the content of the present invention. prior art as of the filing date. [0003] The alarm events generated by the network system are very important to the safe and stable operation of the network system. Under normal circumstances, the frequency of alarm events should be very low. If there are too many, it means that the configuration of policy rules for alarm occurrence may not be perfect; however, in abnormal situations When, for example, a large-scale external network attack occurs on the system, a large number of repeated types of alarm events will oc...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/24
CPCH04L41/0604H04L41/0631H04L41/0686
Inventor 夏春宇夏伟东苗维杰
Owner HANGZHOU GUYI NETWORK TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap