Method and device for evaluating host risk

By combining static and dynamic data in a risk prediction model, the problem of low efficiency in IT equipment risk assessment is solved, enabling intelligent and accurate assessment of host risks and improving equipment management efficiency.

CN115114124BActive Publication Date: 2026-06-23CHINA MOBILE GROUP SICHUAN +1

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
CHINA MOBILE GROUP SICHUAN
Filing Date
2021-03-17
Publication Date
2026-06-23

AI Technical Summary

Technical Problem

Existing IT equipment risk assessment methods are inefficient, consume a lot of human resources, and lack accuracy, especially when dealing with host aging and failures, where timeliness is low.

Method used

By acquiring static and dynamic indicator data within the host cycle, risk assessment is performed using a trained risk prediction model. A combined model of logistic regression and random forest algorithms is used for risk prediction, and the trained model is optimized to improve accuracy.

Benefits of technology

It enables intelligent and accurate assessment of host risks, reduces resource and manpower consumption, improves equipment management efficiency, and can quickly determine the risk level of the host.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN115114124B_ABST
    Figure CN115114124B_ABST
Patent Text Reader

Abstract

The application discloses a host risk evaluation method and an evaluation device. The evaluation method comprises the following steps: obtaining historical data in a host cycle, wherein the historical data comprises static data and dynamic index data; inputting the static data and the dynamic index data into a trained risk prediction model, and predicting a risk evaluation value of the host by using the risk prediction model, wherein the risk prediction model is used for evaluating the risk of the host according to the static data and the dynamic index data; and obtaining a prediction result output by the risk prediction model, and obtaining the risk evaluation value of the host.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of equipment management, and more particularly to a method and apparatus for assessing host risk. Background Technology

[0002] With the development and advancement of technologies such as cloud computing and microservices, enterprise data center IT modules are rapidly expanding. As the number of IT devices increases, the number of faulty and aging devices is also rising. To ensure better operation of business systems, risk management of such devices is generally required, and they are handled according to processes such as decommissioning, retirement, and service termination. During device management, a discretization method is used to monitor devices and detect anomalies. Then, data mining is performed on the large amount of logs generated by the devices using correlation analysis methods to obtain information on devices requiring attention and action.

[0003] In actual cleanup operations, the large number of IT devices and the complex relationships between them lead to problems such as lengthy host evaluation times, difficulty in standardizing cleanup criteria, and reliance on manual processing. This results in significant manpower expenditure on continuous data collection, processing, and subjective assessments, hindering the smooth progress of device decommissioning. While log relationship analysis for data mining can accurately pinpoint device decommissioning times, its timeliness is low, offering little help to host maintenance and consuming substantial resources. Furthermore, it fails to address the impact of static data such as host age, exceeding service life, and historical failures on host decommissioning, leading to significant accuracy errors. Summary of the Invention

[0004] This application discloses a method and apparatus for assessing host risk, in order to solve the problem of low efficiency in the current risk assessment methods used for IT equipment.

[0005] To solve the above problems, this application adopts the following technical solution:

[0006] In a first aspect, embodiments of this application disclose a method for assessing host risk, comprising: acquiring historical data within a host period, the historical data including static data and dynamic indicator data; inputting the static data and the dynamic indicator data into a trained risk prediction model, and predicting the risk assessment value of the host through the risk prediction model, wherein the risk prediction model is used to assess the risk of the host based on the static data and the dynamic indicator data; and obtaining the prediction result output by the risk prediction model to obtain the risk assessment value of the host.

[0007] Secondly, embodiments of this application disclose a host risk assessment device, comprising: an acquisition module for acquiring historical data of the host within a period, the historical data including static data and dynamic indicator data; a prediction module for inputting the static data and the dynamic indicator data into a trained risk prediction model, and predicting the risk assessment value of the host through the risk prediction model, wherein the risk prediction model is used to assess the risk of the host based on the static data and the dynamic indicator data; and a determination module for acquiring the prediction result output by the risk prediction model to obtain the risk assessment value of the host.

[0008] Thirdly, embodiments of this application disclose an electronic device, including a processor, a memory, and a program or instructions stored in the memory and executable on the processor, wherein the program or instructions, when executed by the processor, implement the steps of the evaluation method as described in the first aspect.

[0009] The technical solutions disclosed in this application can achieve the following beneficial effects:

[0010] This application provides a method for assessing host risk. By collecting historical static data and dynamic indicator data within a host's lifecycle, combining and processing the two types of data, a risk prediction model is used to predict the host's risk assessment value. Based on the prediction results, the risk assessment value is obtained, thereby quickly determining the host's risk level and enabling subsequent device operations. This achieves intelligent and accurate assessment, avoiding excessive resource and manpower consumption and improving the overall efficiency of device management. In other words, this application discloses a host risk assessment method that can efficiently determine the host's risk level, solving the problem of low efficiency in current IT equipment risk assessment methods. Attached Figure Description

[0011] Figure 1 This is a flowchart illustrating a host risk assessment method disclosed in an embodiment of this application;

[0012] Figure 2 This is a flowchart illustrating another host risk assessment method disclosed in an embodiment of this application;

[0013] Figure 3 This is a flowchart illustrating another host risk assessment method disclosed in an embodiment of this application;

[0014] Figure 4 This is a schematic diagram of the structure of a host risk assessment device disclosed in an embodiment of this application;

[0015] Figure 5This is a schematic diagram of the structure of an electronic device disclosed in an embodiment of this application. Detailed Implementation

[0016] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.

[0017] The terms "first," "second," etc., used in the specification and claims of this application are used to distinguish similar objects and not to describe a specific order or sequence. It should be understood that such use of data can be interchanged where appropriate so that embodiments of this application can be implemented in orders other than those illustrated or described herein, and the objects distinguished by "first," "second," etc., are generally of the same class and the number of objects is not limited; for example, a first object can be one or more. Furthermore, in the specification and claims, "and / or" indicates at least one of the connected objects, and the character " / " generally indicates that the preceding and following objects are in an "or" relationship.

[0018] The following description, in conjunction with the accompanying drawings, details a host risk assessment method and apparatus provided in this application through specific embodiments and application scenarios.

[0019] Figure 1 A flowchart illustrating a method for assessing host risk is shown, such as... Figure 1 As shown in the figure, this application discloses a method for assessing host risk, which includes the following steps:

[0020] S110: Obtain historical data within the host cycle. Historical data includes static data and dynamic indicator data.

[0021] In assessing host risk, static data generally includes, but is not limited to, the following: lack of maintenance indicators, exceeding service life, high energy consumption, maintenance costs, and outdated technology. Dynamic indicators include, but are not limited to, fault information and utilization rate. Of course, static and dynamic indicators may also include other indicators, and this application does not impose specific limitations on them. By collecting static and dynamic indicators, it is possible to combine the two to form historical data. When detecting host risk, a wider range of detection factors are considered, thereby improving the accuracy of host risk assessment.

[0022] S120: Input static data and dynamic indicator data into the trained risk prediction model, and predict the risk assessment value of the host through the risk prediction model. The risk prediction model is used to assess the risk of the host based on static data and dynamic indicator data.

[0023] After collecting historical data, it is necessary to conduct a specific analysis of the host risk based on the historical data to predict whether the host risk is significant. Specifically, static data and dynamic indicator data can be input into the trained risk prediction model. Through the risk prediction model, historical data can be analyzed to predict the host risk assessment value.

[0024] In one possible implementation, the risk prediction model is a novel combined algorithm model obtained by combining the AI ​​capabilities of logistic regression and random forest algorithms. Based on static and dynamic indicator data, it calculates historical data of the host's operation within a cycle, and after intelligent evaluation by the model, it can predict the host's risk assessment value. Of course, the risk prediction model can also be a novel combined algorithm model obtained by combining the AI ​​capabilities of other supervised algorithms, as long as it can achieve the same function as the logistic regression and random forest algorithms. This application does not impose specific limitations on this.

[0025] S130: Obtain the prediction results output by the risk prediction model to obtain the risk assessment value of the host.

[0026] After obtaining the risk assessment value, the risk level of the host can be determined. In one possible approach, a risk assessment value of 0-25 indicates a strong shutdown level; a risk assessment value of 25-50 indicates a recommended shutdown level; a risk assessment value of 50-75 indicates a recommended retention level; and a risk assessment value of 75-100 indicates a normal usage level. Once the host's risk assessment value is obtained, the risk score range can be determined, thus defining the host's risk level and allowing for continued equipment operation.

[0027] This application provides a method for assessing host risk. By collecting historical static data and dynamic indicator data within a host's lifecycle, combining and processing the two types of data, and then using a risk prediction model to predict the host's risk assessment value, the method quickly determines the host's risk level and allows for subsequent device operations. This achieves intelligent and accurate assessment, avoiding excessive resource and manpower consumption and improving the overall efficiency of device management. In other words, this application discloses a host risk assessment method that efficiently determines the host's risk level, solving the problem of low efficiency in current IT equipment risk assessment methods.

[0028] In the embodiments of this application, Figure 2 A flowchart illustrating another method for assessing host risk is shown, such as... Figure 2 As shown, the method includes the following steps:

[0029] S210: Obtain historical data within the host cycle. Historical data includes static data and dynamic indicator data.

[0030] S220: Input static data and dynamic indicator data into the trained risk prediction model, and predict the risk assessment value of the host through the risk prediction model. The risk prediction model is used to assess the risk of the host based on static data and dynamic indicator data.

[0031] Steps S210 and S220 can be adopted Figure 1 The similar descriptions of steps S110 and S120 in the embodiments will not be repeated here.

[0032] S230: Use static data, dynamic indicator data, and risk assessment values ​​as training data to optimize and train the risk prediction model.

[0033] To correct the coefficients of the risk prediction model and improve its accuracy, one possible approach is to use static data, dynamic data, and risk assessment values ​​as training data for automatic model retraining. Typically, dynamic indicator data can be classified using a random forest algorithm to obtain results for host utilization and high host failure rates. After obtaining the processed static and dynamic indicator data, a logistic regression algorithm is generally used to calculate the risk assessment value. To avoid the relatively poor initial performance of the random forest algorithm and the difficulty in ensuring model quality and reliability of the results due to the simplistic nature of logistic regression, after completing a batch of predictions and obtaining risk assessment values, static data, dynamic data, and risk assessment values ​​can be used as training data to increase the training samples. This allows for iterative training and optimization of the risk prediction model, enabling adaptive improvement and outputting the optimal weight coefficients for each component, preventing overfitting and improving model accuracy.

[0034] S240: Obtain the prediction results output by the risk prediction model to obtain the risk assessment value of the host.

[0035] Another host risk assessment method disclosed in this application optimizes the risk prediction model by using static data, dynamic indicator data, and risk assessment values ​​as training data. This improves the accuracy of the risk prediction model, prepares it for the next batch of host risk assessments, and makes the risk prediction model more accurate. This results in a more accurate risk assessment value and a more precise determination of the host's risk level.

[0036] In addition, one possible approach is, such as Figure 3 As shown, the risk prediction model predicts the risk assessment value of the host, including:

[0037] Step 1: Classify the dynamic indicator data according to the preset classification algorithm to obtain the first discrete result of the dynamic indicator data.

[0038] The dynamic indicator data can be classified using the random forest algorithm to obtain the first discrete result of the dynamic indicator data. The first discrete result can be the discrete indicator result of host utilization and host high failure rate. Specifically, host hardware alarm information within a year can be used, and the number of hardware alarms on the failed and out-of-service hosts can be used as the feature value to calculate and classify: high failure rate is 1, and low failure rate is 0; based on the comprehensive value of host CPU utilization, memory utilization, and disk I / O rate, it can be calculated and classified as: high utilization rate is 1, and low utilization rate is 0.

[0039] Step 2: Normalize and classify the static data to obtain the second discrete result of the static data.

[0040] As mentioned above, static data can include: no maintenance indicators, exceeding the time limit, high energy consumption, maintenance costs, and old technology. It can be discretized by normalization to obtain a second discrete result. Specifically, no maintenance indicators are processed as 0-1, with 0 for maintenance and 1 for no maintenance.

[0041] Overdue period: The overdue period can be converted using the generalized normalization formula, which can map the overdue period from 1 to 60 months, distributing it between 0 and 1. The larger the number, the longer the overdue period.

[0042] High energy consumption: According to the standard definition of high energy consumption equipment, its energy consumption value range is set to 0-1, with high energy consumption equipment defined as 1 and non-high energy consumption equipment defined as 0;

[0043] Maintenance fees: Maintenance fees are calculated based on whether they are high or low, with a high maintenance fee of 1 and a low maintenance fee of 0.

[0044] Old technology: According to regulations, its value range is set to 1 for old equipment host and 0 for non-old equipment host.

[0045] Step 3: Align the data and data time of the first and second discrete results.

[0046] By aligning the data and data time of the first and second discrete results, the data and data time of the host's seven categories of indicators can be aligned, thereby determining the specific risk location and time period of the host, and thus quickly determining the host's risk category.

[0047] Step 4: Calculate the first and second discrete results after alignment according to the preset regression algorithm to obtain the risk classification of the host.

[0048] Specifically, the risk classification of the host can be recalculated using a logistic regression algorithm.

[0049] Step 5: Calculate the risk assessment value for each risk category based on a percentage system and weighting coefficients.

[0050] One possible approach is to calculate the score based on the weighting coefficients. The higher the score, the greater the weight of the corresponding dimension. Then, subtract the scores calculated for each dimension from the total score to obtain the risk assessment value for each risk category.

[0051] After obtaining the risk assessment value, the risk assessment value, static data, and dynamic data can be used as training data and fed back into the risk prediction model for the same training process to optimize the risk prediction model. Specifically, the training data can be labeled, and the labeled results can be used as the training set input into the risk prediction model. The training data can then be used to optimize the model, and the optimal model and key parameters can be output and then input into the risk prediction model.

[0052] The technical solution provided in this application provides an intelligent method for assessing host risk. This method combines static and dynamic operational indicators of the host, employing an improved supervised learning algorithm for multi-indicator correlation to accurately classify risky hosts. Furthermore, in this application, the results of the two types of supervised learning algorithms are automatically fed back into the training set, allowing the model parameters to self-correct and optimize, iterating and adapting gradually to make the model more accurate and effective.

[0053] In addition, before acquiring historical data within the host cycle, the method includes the following steps:

[0054] Step 1: Build a risk prediction model.

[0055] To ensure that the risk prediction model can accurately predict and obtain risk prediction values, it is necessary to build the risk prediction model in advance and collect a certain amount of training data to train the risk prediction model to ensure its accuracy.

[0056] Step 2: Collect training samples, which include: static data of the sample hosts, dynamic indicator data of the sample hosts, and risk values ​​of the sample hosts. Specifically, this can be collected historical operational anomaly data, historical fault data, historical faulty hosts, and other indicator information of the hosts, which are then digitized.

[0057] Step 3: Train the risk prediction model using training samples.

[0058] Specifically, the digitized training samples are input into the risk prediction model for training, which can then yield a risk prediction model with good accuracy, thus ensuring a certain level of efficiency in assessing host risks.

[0059] In one possible implementation, after obtaining the prediction results output by the risk prediction model and obtaining the risk assessment value of the host, the classification results of the host risk detection that strongly recommend elimination can be taken offline. Therefore, the host risk assessment method disclosed in this application embodiment further includes: if the risk assessment value of the host exceeds a predetermined value, the host is added to the offline process to take the host offline.

[0060] When the risk assessment value of the host exceeds the predetermined value, the host is in a dangerous level and needs to be added to the offline process. In one possible way, the predetermined value can be the risk definition value of the host. When the risk assessment value exceeds the risk definition value, the host is in a dangerous level. When the host's risk level is in a dangerous level, the host is added to the offline process and processed through a standardized procedure to take the host offline. In this way, the risk accumulation of the entire device can be reduced.

[0061] Based on the host risk assessment method described above, such as Figure 4 As shown in the figure, this application discloses a host risk assessment device 400, which includes:

[0062] The acquisition module 420 is used to acquire historical data within the host cycle. The historical data includes static data and dynamic indicator data.

[0063] The prediction module 430 is used to input static data and dynamic indicator data into the trained risk prediction model, and to predict the risk assessment value of the host through the risk prediction model. The risk prediction model is used to assess the risk of the host based on the static data and dynamic indicator data.

[0064] The determination module 450 is used to obtain the prediction results output by the risk prediction model and obtain the risk assessment value of the host.

[0065] This application discloses a host risk assessment device 400. After acquiring static and dynamic indicator data through an acquisition module 420, a prediction module 430 inputs the combined static and dynamic indicator data into a trained risk prediction model to predict the host's risk assessment value. Then, a determination module 450 obtains the prediction result output by the risk prediction model to obtain the host's risk assessment value. Finally, the risk level of the host is determined based on the range of the risk assessment value. This method achieves intelligent and accurate assessment, avoiding excessive time, resources, and manpower consumption, and improving equipment management efficiency.

[0066] like Figure 4 As shown in the embodiments of this application, the device may include:

[0067] The first training module 440 is used after the prediction module 430 to optimize and train the risk prediction model by using static data, dynamic indicator data, and risk assessment values ​​as training data.

[0068] The first training module 440 can optimize the risk prediction model, enabling the model to improve adaptively, output the weight coefficients of each component corresponding to the optimal model, prevent overfitting, improve model accuracy, and prepare for the assessment of host risk in the next batch.

[0069] In one possible implementation, the device may include:

[0070] The second training module 410 is used to build a risk prediction model before the acquisition module 420 acquires historical data within the period.

[0071] Collect training samples, which include: static data of the sample host, dynamic indicator data of the sample host, and risk value of the sample host;

[0072] The risk prediction model is trained using training samples.

[0073] The second training module 410 can be used to build a risk prediction model that needs to be used in advance and collect a certain amount of training samples as basic data to make predictions on the risk prediction model. In this way, the risk prediction model has a certain accuracy basis when assessing the host risk and will not have large errors.

[0074] In addition, the device may also include: a decommissioning module 460, used to add the host to the decommissioning process when the host's risk assessment value exceeds a predetermined value, so as to decommission the host.

[0075] It's important to note that the preset value is a pre-defined risk assessment value for the host. This value categorizes hosts into two risk levels: safe and dangerous. If a host's risk assessment value exceeds the preset value, it is classified as dangerous and must be added to the offline process. This method automatically pushes risky hosts into the offline process based on the relationship between the risk assessment value and the preset value, thus reducing the accumulation of risk across the entire device.

[0076] The evaluation device in the embodiments of this application can be a device, or it can be a component, integrated circuit, or chip in an electronic device.

[0077] The evaluation device in this application embodiment can be a device with an operating system. This operating system can be Android, iOS, or other possible operating systems; this application embodiment does not specifically limit the specific operating system used.

[0078] The evaluation apparatus provided in this application embodiment can achieve... Figures 1 to 3 The various processes implemented in the method embodiments are not described in detail here to avoid repetition.

[0079] Optional, such as Figure 5As shown, this application embodiment also provides an electronic device 500, including a processor 501, a memory 502, and a program or instructions stored in the memory 502 and executable on the processor 501. When the program or instructions are executed by the processor 501, they implement the various processes of the above-described test state detection method embodiment and achieve the same technical effect. To avoid repetition, they will not be described again here.

[0080] This application also provides a readable storage medium storing a program or instructions. When the program or instructions are executed by a processor, they implement the various processes of the above-described test state detection method embodiment and achieve the same technical effect. To avoid repetition, they will not be described again here.

[0081] The processor 501 is the processor in the electronic device 500 described in the above embodiments. The readable storage medium includes computer-readable storage media, such as computer read-only memory (ROM), random access memory (RAM), magnetic disk, or optical disk.

[0082] This application embodiment also provides a chip, which includes a processor and a communication interface. The communication interface and the processor are coupled. The processor is used to run network-side device programs or instructions to implement the various processes of the above-described test state detection method embodiment, and can achieve the same technical effect. To avoid repetition, it will not be described again here.

[0083] This application also provides a computer program product, which includes a processor, a memory, and a program or instructions stored in the memory and executable on the processor. When the program or instructions are executed by the processor, they implement the various processes of the above-described noise reduction method embodiments and achieve the same technical effect. To avoid repetition, they will not be described again here.

[0084] The above embodiments of this application focus on describing the differences between the various embodiments. As long as the different optimization features between the various embodiments are not contradictory, they can be combined to form a better embodiment. For the sake of brevity, they will not be described in detail here.

[0085] The above description is merely an embodiment of this application and is not intended to limit the scope of this application. Various modifications and variations can be made to this application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of this application should be included within the scope of the claims of this application.

Claims

1. A method for assessing host risk, characterized in that, include: Acquire historical data within the host cycle, including static data and dynamic indicator data; The static data and the dynamic indicator data are input into the trained risk prediction model, and the risk prediction model is used to predict the risk assessment value of the host. The risk prediction model is used to assess the risk of the host based on the static data and the dynamic indicator data. Obtain the prediction results output by the risk prediction model to obtain the risk assessment value of the host. The risk prediction model predicts the risk assessment value of the host, including: The dynamic index data is classified according to a preset classification algorithm to obtain the first discrete result of the dynamic index data; The static data is normalized and classified to obtain the second discrete result of the static data; Align the data and data time of the first discrete result and the second discrete result; The risk classification of the host is obtained by calculating the aligned first discrete result and the second discrete result according to the preset regression algorithm. The risk assessment value for the risk category is calculated on a percentage basis according to the weighting coefficients.

2. The evaluation method according to claim 1, characterized in that, After inputting the static data and the dynamic indicator data into the trained risk prediction model, and using the risk prediction model to predict the risk assessment value of the host, the method includes: The static data, the dynamic indicator data, and the risk assessment value are used as training data to optimize and train the risk prediction model.

3. The evaluation method according to claim 1, characterized in that, Before acquiring historical data within the host cycle, the method includes: Construct the risk prediction model; Collect training samples, wherein the training samples include: static data of the sample host, dynamic indicator data of the sample host, and risk value of the sample host; The risk prediction model is trained using the training samples.

4. The evaluation method according to any one of claims 1 to 3, characterized in that, After obtaining the prediction result output by the risk prediction model and obtaining the risk assessment value of the host, the method further includes: If the risk assessment value of the host exceeds a predetermined value, the host will be added to the offline process to remove the host from the network.

5. A device for assessing host risk, characterized in that, include: The acquisition module is used to acquire historical data within the host cycle, the historical data including: static data and dynamic indicator data; The prediction module is used to input the static data and the dynamic indicator data into the trained risk prediction model, and to predict the risk assessment value of the host through the risk prediction model, wherein the risk prediction model is used to perform risk assessment on the host based on the static data and the dynamic indicator data. The determination module is used to obtain the prediction results output by the risk prediction model and obtain the risk assessment value of the host. In the prediction module, the risk prediction model predicts the risk assessment value of the host, including: The dynamic index data is classified according to a preset classification algorithm to obtain the first discrete result of the dynamic index data; The static data is normalized and classified to obtain the second discrete result of the static data; Align the data and data time of the first discrete result and the second discrete result; The risk classification of the host is obtained by calculating the aligned first discrete result and the second discrete result according to the preset regression algorithm. The risk assessment value for the risk category is calculated on a percentage basis according to the weighting coefficients.

6. The evaluation apparatus according to claim 5, characterized in that, The device includes: The first training module is used, after the prediction module, to optimize and train the risk prediction model by using the static data, the dynamic indicator data, and the risk assessment value as training data.

7. The evaluation apparatus according to claim 5, characterized in that, The device includes: a second training module, used for: The risk prediction model is constructed before the acquisition module acquires historical data within the host cycle; Collect training samples, wherein the training samples include: static data of the sample host, dynamic indicator data of the sample host, and risk value of the sample host; The risk prediction model is trained using the training samples.

8. The evaluation apparatus according to any one of claims 5 to 7, characterized in that, The device further includes a shutdown module, used to add the host to the shutdown process when the host's risk assessment value exceeds a predetermined value, so as to perform shutdown processing on the host.

9. An electronic device, characterized in that, It includes a processor, a memory, and a program or instructions stored in the memory and executable on the processor, wherein the program or instructions, when executed by the processor, implement the steps of the evaluation method as described in any one of claims 1 to 4.