Intelligent data governance method and system based on double-library cooperation and knowledge graph
By employing a dual-database collaboration and knowledge graph-based intelligent data governance approach, the problem of the disconnect between monitoring and governance in the data governance system has been solved, achieving an automated closed loop for data governance and improving the system's adaptability and intelligence level.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- ZHUGEYUN (SICHUAN) DIGITAL TECHNOLOGY CO LTD
- Filing Date
- 2026-05-07
- Publication Date
- 2026-06-09
AI Technical Summary
In existing technologies, the monitoring and governance processes of data governance systems are disconnected, resulting in delayed problem response. Compliance rules and historical cases are stored in a scattered manner, lacking unified organization, making it difficult to achieve self-optimization and intelligence.
An intelligent data governance approach based on dual-database collaboration and knowledge graphs is adopted to achieve real-time data monitoring, root cause analysis, automated processing, and rule optimization through the collaborative work of the monitoring database and the knowledge base.
It has achieved an automated closed loop for data governance, improved processing efficiency, reduced delays caused by manual intervention, and enhanced the system's adaptability and intelligence.
Smart Images

Figure CN122174952A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the fields of data governance and knowledge graph technology, and in particular to intelligent data governance methods and systems based on dual-database collaboration and knowledge graphs. Background Technology
[0002] In enterprise data governance and compliance management practices, existing technical solutions have long faced the core problem of a disconnect between monitoring and governance. Traditional data governance systems generally deploy monitoring and governance functions separately, requiring manual intervention to initiate subsequent governance processes after anomalies are identified. This not only introduces significant time delays but also causes lags in problem response in time-sensitive business scenarios, increasing compliance risks. Because governance results cannot be automatically fed back to the monitoring system, monitoring rules cannot be dynamically optimized based on actual governance effects, creating information silos that gradually become ineffective and unable to adapt to changes in the data environment. Simultaneously, compliance rules, historical cases, and expert experience are scattered across different systems, lacking a unified organizational structure and correlation mechanisms. This results in the inability to effectively integrate historical knowledge during root cause analysis, limited analytical depth, low efficiency in matching solutions, and recurring similar problems requiring repeated investment of significant resources. Although existing technologies can achieve preliminary identification of data anomalies, the entire data governance process, from anomaly detection to root cause analysis, matching of remedial measures, effect evaluation, and knowledge accumulation, lacks an end-to-end automated closed-loop mechanism. Governance experience cannot be continuously accumulated, and the system is difficult to self-optimize, which restricts the efficiency and intelligence level of data governance.
[0003] The above content is only used to help understand the technical solution of this application and does not represent an admission that the above content is prior art. Summary of the Invention
[0004] The main purpose of this application is to provide an intelligent data governance method and system based on dual-database collaboration and knowledge graphs, aiming to improve the system's adaptability and intelligence level.
[0005] To achieve the above objectives, this application proposes an intelligent data governance method based on dual-database collaboration and knowledge graphs. The method includes: Raw data is obtained from multiple data sources, and the raw data is cleaned and standardized to obtain preprocessed data; The preprocessed data is input into the monitoring library, and the preprocessed data is monitored in real time based on the preset monitoring rules in the monitoring library to generate anomaly detection results; The anomaly detection results are input into the knowledge base, and root cause analysis is performed on the anomaly detection results based on the knowledge graph in the knowledge base to generate root cause analysis results. Based on the root cause analysis results, the corresponding treatment plan is matched from the knowledge base, treatment plan data is generated, and the treatment operation corresponding to the treatment plan data is executed to generate the treatment execution result; Based on the execution results of the aforementioned actions, a retrospective analysis is conducted on the anomaly detection results, root cause analysis results, and action plan data to generate retrospective analysis data. The retrospective analysis data is fed back to the knowledge base to update the nodes and edge relationships of the knowledge graph in the knowledge base, and to generate an updated knowledge graph. Based on the updated knowledge graph, the monitoring rules in the monitoring database are adjusted to generate optimized monitoring rules.
[0006] In one embodiment, the steps of inputting the preprocessed data into a monitoring database, and performing real-time monitoring of the preprocessed data based on preset monitoring rules in the monitoring database to generate anomaly detection results include: Multiple monitoring indicators are extracted from the preprocessed data to generate monitoring indicator data; The monitoring indicator data is compared with the threshold rules in the monitoring database. When the monitoring indicator data exceeds the threshold rules, rule abnormal data is generated. Time series feature analysis is performed on the monitoring indicator data to calculate the statistical feature change rate within a preset time window. When the statistical feature change rate exceeds the preset change rate threshold in the monitoring database, statistical anomaly data is generated. Based on the monitoring index data, a monitoring feature vector is constructed, and the distance between the monitoring feature vector and the normal pattern feature vector pre-stored in the monitoring database is calculated. When the distance exceeds the preset distance threshold in the monitoring database, abnormal pattern data is generated. The anomaly detection results are generated by performing confidence assessment and multi-level fusion processing on the rule-based anomaly data, statistical anomaly data, and pattern anomaly data.
[0007] In one embodiment, the steps of performing confidence assessment and multi-level fusion processing on the rule-based anomaly data, statistical anomaly data, and pattern anomaly data to generate the anomaly detection result include: Obtain historical accuracy data of the rule anomaly data, statistical anomaly data, and pattern anomaly data recorded in the monitoring database; Based on the historical accuracy data, confidence weights are calculated for the rule-related anomaly data, statistical anomaly data, and pattern anomaly data respectively, generating historical confidence data. Based on the characteristics of the current business scenario and the quality of real-time data, calculate the dynamic adjustment factor and generate dynamic adjustment factor data. The historical confidence data is multiplied by the dynamic adjustment factor data to obtain the comprehensive confidence data. Based on the comprehensive confidence data, the rule-based anomaly data, statistical anomaly data, and pattern anomaly data are fused to generate the anomaly detection result.
[0008] In one embodiment, the steps of inputting the anomaly detection results into a knowledge base, performing root cause analysis on the anomaly detection results based on the knowledge graph in the knowledge base, and generating root cause analysis results include: Extract abnormal features from the anomaly detection results to generate abnormal feature data; The abnormal feature data is matched with the question nodes in the knowledge graph of the knowledge base in multiple dimensions to generate matching question data; Based on the causal relationship edges in the knowledge graph, a multi-path graph traversal is performed starting from the node corresponding to the matching question data to generate multiple possible causal paths; Based on the edge confidence and node association strength of each cause path, the overall credibility of each cause path is calculated to generate path credibility data; Based on the path credibility data, the root cause node on the path with the highest overall credibility is selected as the root cause, and the root cause analysis results are generated.
[0009] In one embodiment, the step of calculating the comprehensive credibility of each cause path based on the edge confidence and node association strength on each cause path, and generating path credibility data, includes: Obtain historical verification data for each causal relationship edge in the knowledge graph, including the number of verifications, the number of successes, and the most recent verification time, and generate historical edge data; Based on the historical edge data, calculate the historical confidence score for each edge to generate historical edge confidence data; Business feature data is generated based on the context information of the current business environment, and a context adjustment factor is calculated based on the business feature data; Multiply the historical edge confidence data by the context adjustment factor to obtain the current edge confidence data; For each cause path, the current edge confidence data of all edges on the path are multiplied together, and the path length is taken into account for attenuation processing to generate the path confidence data.
[0010] In one embodiment, based on the root cause analysis results, corresponding treatment plans are matched from the knowledge base to generate treatment plan data, including: Root cause features, business scenario features, and scope of impact features are extracted from the root cause analysis results to generate governance feature data; The governance feature data is compared with the historical case feature data in the knowledge base using a multi-dimensional similarity calculation to generate multi-dimensional similarity data. Based on the multi-dimensional similarity data, a weighted comprehensive scoring algorithm is used to rank historical cases and generate candidate case ranking data. Candidate cases with comprehensive scores exceeding a preset score threshold are selected from the candidate case ranking data for adaptation analysis of the treatment plan, and adaptation data of the plan is generated. Based on the adaptability data of the proposed solutions, a solution is selected from the candidate cases, and the solution data is generated.
[0011] In one embodiment, the step of performing a debriefing analysis on the anomaly detection results, root cause analysis results, and treatment plan data based on the treatment execution results, and generating debriefing analysis data includes: Obtain actual effect indicator data from multiple dimensions corresponding to the execution results of the aforementioned actions; Obtain the expected effect indicator data corresponding to the treatment plan data; Compare the actual performance metrics data of each dimension with the corresponding expected performance metrics data, calculate the performance achievement rate of each dimension, and generate performance achievement rate data. Based on the aforementioned effect achievement rate data, a multi-objective evaluation algorithm is used to calculate the comprehensive effectiveness score of the treatment plan, generating comprehensive effectiveness data; The anomaly detection results, root cause analysis results, treatment plan data, actual effect index data, and comprehensive effectiveness data are integrated to generate the debriefing analysis data.
[0012] In one embodiment, the steps of feeding the retrospective analysis data back to the knowledge base, updating the nodes and edge relationships of the knowledge graph in the knowledge base, and generating an updated knowledge graph include: Effective handling characteristics, ineffective handling characteristics, and improvement suggestion characteristics are extracted from the retrospective analysis data to generate governance experience data. The governance experience data is transformed into knowledge graph nodes and edge data, and the node type, attribute information and edge relationship type are determined. The knowledge graph nodes and edge data are inserted into the knowledge graph of the knowledge base, and a graph structure consistency check is performed to generate an intermediate knowledge graph. For potential knowledge conflicts in the intermediate knowledge graph, a conflict resolution strategy based on confidence comparison is adopted to process them and generate a knowledge graph after conflict resolution. The association strength and confidence scores of relevant nodes in the knowledge graph after conflict resolution are updated, the importance scores of the nodes are recalculated, and the updated knowledge graph is generated.
[0013] In one embodiment, the step of adjusting the monitoring rules in the monitoring database and generating optimized monitoring rules based on the updated knowledge graph includes: Extract nodes and edges directly associated with the monitoring rules from the updated knowledge graph to generate rule-related subgraph data; Analyze the pattern evolution trend in the rule association subgraph data, identify the adjustment direction and magnitude of the rule threshold, and generate rule adjustment analysis data; Based on the rule adjustment analysis data, specific rule parameter adjustment suggestions and rule logic optimization suggestions are generated, and rule adjustment scheme data is generated. The effectiveness and stability of the rule adjustment scheme data are verified in a simulation environment, and verification result data is generated. Based on the verification results, an effective rule adjustment scheme is applied to the monitoring library to update the threshold parameters and detection logic of the monitoring rules, thereby generating the optimized monitoring rules.
[0014] Furthermore, to achieve the above objectives, this application also proposes an intelligent data governance system based on dual-database collaboration and knowledge graphs. The intelligent data governance system based on dual-database collaboration and knowledge graphs includes: a memory, a processor, and an intelligent data governance program based on dual-database collaboration and knowledge graphs stored in the memory and executable on the processor. The intelligent data governance program based on dual-database collaboration and knowledge graphs is configured to implement the steps of the intelligent data governance method based on dual-database collaboration and knowledge graphs.
[0015] The intelligent data governance method and system proposed in this application, based on dual-database collaboration and knowledge graphs, solves the problem of disconnect between monitoring and governance in existing technologies through a closed-loop process including data acquisition, cleaning, monitoring, root cause analysis, disposal, review, knowledge updating, and rule adjustment. It can realize an automated closed loop of data governance, improve processing efficiency, reduce delays caused by manual intervention, and dynamically optimize monitoring rules to enhance the system's adaptability and intelligence. Attached Figure Description
[0016] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with this application and, together with the description, serve to explain the principles of this application.
[0017] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, for those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0018] Figure 1 This is a flowchart illustrating an embodiment of the intelligent data governance method based on dual-database collaboration and knowledge graphs provided in this application. Figure 2This is a schematic diagram of the structure of an embodiment of the intelligent data governance system based on dual-database collaboration and knowledge graphs in this application.
[0019] Explanation of icon numbers: 10. Memory; 20. Processor.
[0020] The purpose, features, and advantages of this application will be further explained in conjunction with the embodiments and with reference to the accompanying drawings. Detailed Implementation
[0021] The technical solutions of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, and not all embodiments. The components of this application described and shown in the accompanying drawings can generally be arranged and designed in various different configurations. Therefore, the following detailed description of the embodiments of this application provided in the accompanying drawings is not intended to limit the scope of this application, but merely represents selected embodiments of this application. All other embodiments obtained by those skilled in the art based on the embodiments of this application without inventive effort are within the scope of protection of this application.
[0022] It should be understood that similar reference numerals and letters in the following figures indicate similar items; therefore, once an item is defined in one figure, it does not need to be further defined and explained in subsequent figures. Furthermore, in the description of this application, the terms "first," "second," etc., are used only to distinguish descriptions and should not be construed as indicating or implying relative importance.
[0023] In existing technologies, data governance systems suffer from a disconnect between monitoring and governance, leading to time delays in problem response and hindering the automatic feedback of governance results to optimize monitoring rules, thus creating information silos. Furthermore, the fragmented storage of compliance rules, historical cases, and expert experience lacks a unified organization and correlation mechanism, resulting in insufficient depth of root cause analysis, inefficient matching of remedial solutions, and difficulty in achieving continuous accumulation of governance experience and system self-optimization.
[0024] Based on this, the embodiments of this application provide an intelligent data governance method based on dual-database collaboration and knowledge graphs, referring to... Figure 1 The intelligent data governance method based on dual-database collaboration and knowledge graph includes steps S100 to S700, wherein: Step S100: Obtain raw data from multiple data sources, clean and standardize the raw data to obtain preprocessed data; Step S200: Input the preprocessed data into the monitoring library, and monitor the preprocessed data in real time based on the preset monitoring rules in the monitoring library to generate anomaly detection results; Step S300: Input the anomaly detection result into the knowledge base, perform root cause analysis on the anomaly detection result based on the knowledge graph in the knowledge base, and generate root cause analysis results; Step S400: Based on the root cause analysis results, match the corresponding treatment plan from the knowledge base, generate treatment plan data, execute the treatment operation corresponding to the treatment plan data, and generate treatment execution results; Step S500: Based on the handling execution results, perform a review analysis on the anomaly detection results, root cause analysis results, and handling plan data to generate review analysis data; Step S600: Feed the review analysis data back to the knowledge base, update the node and edge relationships of the knowledge graph in the knowledge base, and generate the updated knowledge graph; Step S700: Based on the updated knowledge graph, adjust the monitoring rules in the monitoring database to generate optimized monitoring rules.
[0025] In this embodiment, the monitoring database is configured to store preset monitoring rules, threshold rules, and historical monitoring indicator data. Its main function is to monitor input data in real time, identify potential data anomalies, and generate anomaly detection results. The knowledge base is configured to store knowledge graphs, historical cases, handling plans, and related business context information. Its core function is to support root cause analysis of anomaly detection results, match appropriate handling plans, and serve as a carrier for knowledge accumulation and updating. The knowledge graph, as a core component of the knowledge base, is constructed as a structured knowledge representation, using nodes to represent entities or concepts and edges to represent relationships between entities or concepts. This knowledge graph supports complex knowledge reasoning and association analysis, thereby improving the depth and accuracy of root cause analysis. Dual-database collaboration refers to the linkage mechanism established between the monitoring database and the knowledge base. The monitoring database is responsible for real-time anomaly detection at the front end and transmits anomaly information to the knowledge base for in-depth analysis and decision-making; the knowledge base, after completing analysis and handling, feeds back experience and optimization suggestions to the monitoring database to achieve adaptive adjustment of monitoring rules, thus forming a continuously optimized closed-loop system.
[0026] In this embodiment, the intelligent data governance method based on dual-database collaboration and knowledge graphs first obtains raw data from multiple data sources and then cleans and standardizes this raw data to obtain preprocessed data. For example, the raw data can be automatically collected from business systems, databases, or log files through data interfaces, or imported in batches through file uploads. Cleaning can include operations such as removing duplicates, handling missing values, and correcting format errors, while standardization can unify data of different formats into a preset data model.
[0027] In this embodiment, the preprocessed data is input into a monitoring database. Based on preset monitoring rules in the database, the preprocessed data is monitored in real time, and anomaly detection results are generated. For example, the monitoring database can preset simple fixed threshold rules, such as marking a data field as abnormal if its value exceeds a specific range; or it can preset simple pattern matching rules based on human experience, such as detecting abnormal frequency of specific keywords. When data meets these preset rules, it is identified as an anomaly, and corresponding detection results are generated.
[0028] Furthermore, the anomaly detection result is input into a knowledge base. Root cause analysis is then performed on the anomaly detection result based on the knowledge graph within the knowledge base, generating root cause analysis results. For example, the knowledge graph can be pre-constructed as a structure containing nodes such as data entities, business processes, and system components, as well as simple relationships between them. Root cause analysis can perform keyword matching in the knowledge graph based on anomaly features to find simple cause nodes directly associated with the anomaly features, thereby initially identifying possible root causes.
[0029] Based on this, and using the root cause analysis results, the system matches corresponding treatment plans from the knowledge base, generates treatment plan data, and executes the corresponding treatment operations to generate treatment execution results. For example, the knowledge base can store a series of predefined treatment plans, each simply associated with a specific root cause or anomaly type. Once a root cause is identified, the system can manually search the knowledge base based on the root cause type or use simple mapping based on fixed rules to select one or more corresponding treatment plans. Treatment operations can be performed manually or automatically through pre-set simple scripts, such as triggering a data repair script or sending an alarm notification.
[0030] In this embodiment, based on the execution result of the action, a debriefing analysis is performed on the anomaly detection result, root cause analysis result, and action plan data to generate debriefing analysis data. For example, the debriefing analysis may include manual evaluation of whether the action was successful and whether the anomaly was eliminated, or statistical analysis based on preset simple indicators (such as anomaly duration and action time). These evaluation results are correlated with the original anomaly detection result, root cause analysis result, and the action plan adopted to form preliminary debriefing analysis data.
[0031] Furthermore, the retrospective analysis data is fed back into the knowledge base to update the nodes and edges of the knowledge graph, generating an updated knowledge graph. For example, the retrospective analysis data can be used to manually modify the node attributes or edge relationships in the knowledge graph related to the anomaly, or simple rules can be used, such as increasing the weight of relevant nodes and edges for successfully handled cases and decreasing the weight for failed cases, thus achieving an initial update of the knowledge graph. Finally, based on the updated knowledge graph, the monitoring rules in the monitoring database are adjusted to generate optimized monitoring rules. For example, the threshold parameters of the monitoring rules can be manually modified based on the updated root causes and handling solutions in the knowledge graph, or new patterns or new relationships identified in the knowledge graph can be transformed into new monitoring rules in the monitoring database or existing rules can be adjusted based on simple mapping rules.
[0032] In this embodiment, a dual-database collaborative mechanism of a monitoring database and a knowledge base is constructed to achieve real-time monitoring of data anomalies, intelligent root cause analysis, and automated matching and execution of handling solutions. Furthermore, the results of the handling execution are reviewed and analyzed, and fed back to the knowledge base for continuous updating of the knowledge graph, thereby optimizing monitoring rules. This effectively solves problems in traditional data governance such as the disconnect between monitoring and governance, response delays, information silos, and difficulty in knowledge accumulation, improving the automation level and adaptability of data governance.
[0033] In one feasible implementation, the steps of inputting the preprocessed data into a monitoring database and performing real-time monitoring on the preprocessed data based on preset monitoring rules in the monitoring database to generate anomaly detection results include: extracting multiple monitoring indicators from the preprocessed data to generate monitoring indicator data; comparing the monitoring indicator data with threshold rules in the monitoring database, and generating rule anomaly data when the monitoring indicator data exceeds the threshold rules; performing time series feature analysis on the monitoring indicator data to calculate the statistical feature change rate within a preset time window, and generating statistical anomaly data when the statistical feature change rate exceeds a preset change rate threshold in the monitoring database; constructing a monitoring feature vector based on the monitoring indicator data, calculating the distance between the monitoring feature vector and a pre-stored normal pattern feature vector in the monitoring database, and generating pattern anomaly data when the distance exceeds a preset distance threshold in the monitoring database; and performing confidence assessment and multi-level fusion processing on the rule anomaly data, statistical anomaly data, and pattern anomaly data to generate the anomaly detection results.
[0034] In this embodiment, multiple monitoring indicators are extracted from preprocessed data to generate monitoring indicator data, which aims to quantify key parameters reflecting data quality, business status, or system behavior. These monitoring indicators may include, but are not limited to, data integrity (e.g., the proportion of missing values), data consistency (e.g., logical relationships between different fields), data timeliness (e.g., data update frequency), data distribution characteristics (e.g., mean, variance, skewness, kurtosis), and business indicators (e.g., transaction volume, user activity). Extraction methods can employ field mapping and calculation based on predefined data dictionaries and metadata rules, or identify and extract specific field values from structured or unstructured data using a data parsing engine. Alternatively, statistical analysis methods can be used to aggregate and transform data to generate new indicators.
[0035] In this embodiment, the monitoring indicator data is compared with threshold rules in the monitoring database. When the monitoring indicator data exceeds the threshold rule, rule anomaly data is generated. Threshold rules are pre-defined static or dynamic boundary values used to determine whether data is abnormal. Examples include the numerical range of a certain indicator (e.g., age must be between 0-150), the enumerated value set of a certain field (e.g., gender can only be "male" or "female"), and the upper or lower limit of a certain ratio (e.g., success rate cannot be lower than 90%). The comparison process involves logically judging the real-time generated monitoring indicator data against these preset thresholds. When the monitoring indicator data violates any threshold rule, it is identified as a rule anomaly, and relevant anomaly information, such as the abnormal indicator, abnormal value, triggering rule, etc., is recorded, forming rule anomaly data.
[0036] In this embodiment, time series feature analysis is performed on the monitoring indicator data to calculate the rate of change of statistical features within a preset time window. When the rate of change of statistical features exceeds a preset rate of change threshold in the monitoring database, statistical anomaly data is generated. Time series feature analysis aims to capture the dynamic patterns of data changes over time. Statistical features may include mean, median, standard deviation, maximum, minimum, etc. The preset time window may be the past hour, day, week, etc. The rate of change can be calculated as the percentage difference between the statistical features of the current time window and the statistical features of the previous time window, or as the deviation from the historical average. When this rate of change (e.g., the day-on-day growth rate or decline rate of a certain business indicator) exceeds a preset rate of change threshold in the monitoring database (e.g., the growth or decline exceeds 20%), it indicates a significant deviation in data behavior, is judged as statistical anomaly, and statistical anomaly data is generated.
[0037] In this embodiment, a monitoring feature vector is constructed based on monitoring indicator data. The distance between the monitoring feature vector and the pre-stored normal pattern feature vector in the monitoring database is calculated. When the distance exceeds a preset distance threshold in the monitoring database, abnormal pattern data is generated. The monitoring feature vector is a multi-dimensional vector that combines multiple monitoring indicators (such as data volume, error rate, response time, etc.) to comprehensively describe the current state of the data or system. The normal pattern feature vector is a representative vector obtained by learning and modeling data under historical normal operating conditions (e.g., using clustering algorithms, principal component analysis, or autoencoders). Distance calculation can use various measurement methods such as Euclidean distance, Mahalanobis distance, and cosine similarity. When the distance between the real-time monitoring feature vector and the pre-stored normal pattern feature vector exceeds the preset distance threshold, it indicates that there is a significant deviation between the current data pattern and the historical normal pattern, and it is identified as an abnormal pattern, thus generating abnormal pattern data.
[0038] In this embodiment, confidence assessment and multi-level fusion processing are performed on rule-based anomaly data, statistical anomaly data, and pattern-based anomaly data to generate anomaly detection results. Confidence assessment refers to quantifying the reliability of anomaly data identified by different anomaly detection methods (rule-based, statistical, and pattern-based). For example, an initial confidence level can be assigned to each anomaly type based on historical false positive rates, false negative rates, or expert experience. Multi-level fusion processing is the process of comprehensively judging anomaly data from different sources and of different types. This can employ methods such as weighted summation, Bayesian networks, decision trees, or machine learning classifiers. For example, if a data point triggers multiple high-confidence anomaly rules simultaneously, its final anomaly confidence level will be higher. Fusion processing aims to eliminate redundancy, reduce false positives, and provide a more comprehensive and accurate anomaly detection result, which may include information such as anomaly type, anomaly severity, and confidence score.
[0039] In this embodiment, when monitoring preprocessed data in real time, the approach is no longer limited to a single detection dimension. Instead, it extracts monitoring indicators, compares threshold rules, performs time-series feature analysis, and constructs monitoring feature vectors for comparison with normal patterns. This allows for comprehensive capture of data anomalies from multiple dimensions, including rule deviations, statistical fluctuations, and pattern anomalies. Simultaneously, confidence assessment and multi-level fusion processing are performed on anomaly data from different sources, effectively improving the accuracy and robustness of anomaly detection, reducing the risk of false positives and false negatives, ensuring the comprehensiveness and reliability of anomaly detection results, and providing high-quality input for subsequent root cause analysis. This, in turn, enhances the effectiveness of the entire intelligent data governance method.
[0040] In one feasible implementation, the steps of performing confidence assessment and multi-level fusion processing on the rule-based anomaly data, statistical anomaly data, and pattern anomaly data to generate the anomaly detection result include: obtaining historical accuracy data of the rule-based anomaly data, statistical anomaly data, and pattern anomaly data recorded in the monitoring database; calculating confidence weights for the rule-based anomaly data, statistical anomaly data, and pattern anomaly data respectively based on the historical accuracy data to generate historical confidence data; calculating dynamic adjustment factors based on current business scenario characteristics and real-time data quality to generate dynamic adjustment factor data; multiplying the historical confidence data with the dynamic adjustment factor data to obtain comprehensive confidence data; and fusing the rule-based anomaly data, statistical anomaly data, and pattern anomaly data based on the comprehensive confidence data to generate the anomaly detection result.
[0041] In this embodiment, historical accuracy data of the rule-based anomaly data, statistical anomaly data, and pattern anomaly data recorded in the monitoring database are obtained. This step aims to establish a reliability baseline for each anomaly detection method based on past performance. The monitoring database can continuously record the authenticity of each detected rule-based anomaly data, statistical anomaly data, and pattern anomaly data after manual confirmation or subsequent system verification. For example, it can record the number of times a certain type of rule-based anomaly is confirmed as a real anomaly and the number of times it is confirmed as a false alarm, thereby forming its historical accuracy data. This historical data can be stored in a structured form, for example, as time series data or statistical summary data, for subsequent analysis and calculation.
[0042] In this embodiment, based on the historical accuracy data, confidence weights are calculated for the rule-based anomaly data, statistical anomaly data, and pattern anomaly data respectively, generating historical confidence data. This step transforms the original historical accuracy into a quantified confidence score that can be used for fusion. The methods for calculating confidence weights can be varied. For example, historical accuracy can be directly used as the confidence weight; that is, if the historical accuracy of a certain type of anomaly is 90%, its initial confidence weight is 0.9. Alternatively, a more complex statistical model, such as the Bayesian method, can be used to combine historical true positive and false positive rates to calculate a comprehensive confidence score, thus more comprehensively reflecting its reliability.
[0043] In this embodiment, a dynamic adjustment factor is calculated based on the characteristics of the current business scenario and the real-time data quality, generating dynamic adjustment factor data. This step introduces an adaptive consideration to changes in the current environment to ensure the real-time nature and accuracy of the confidence assessment. The characteristics of the current business scenario may include, but are not limited to, system load, peak business periods, data source stability, and network latency. For example, when the system load is high or the data source fluctuates, the false alarm rate of some anomaly detection methods may temporarily increase. Real-time data quality can encompass indicators such as data integrity, data freshness, and data consistency. The dynamic adjustment factor can be calculated using preset business rules, expert systems, or machine learning-based models (such as decision trees and regression models) to reflect the impact of these real-time factors on the reliability of anomaly detection. For example, when the real-time data integrity of data source A is below a certain threshold, the dynamic adjustment factor for pattern anomaly detection based on that data source can be set to a value less than 1 to reduce its current confidence level.
[0044] In this embodiment, the historical confidence data is multiplied by the dynamic adjustment factor data to obtain the comprehensive confidence data. This step combines historical experience with real-time environmental factors to generate a comprehensive confidence score that considers both long-term performance and the current situation. Through multiplication, the dynamic adjustment factor can effectively correct the historical confidence score, allowing it to flexibly adapt to the constantly changing operating environment. For example, if the historical confidence score of a certain type of anomaly is 0.8, and the current dynamic adjustment factor is 0.7, then its comprehensive confidence score will become 0.56, reflecting a decrease in its reliability under the current environment.
[0045] In this embodiment, based on the comprehensive confidence data, the rule-based anomaly data, statistical anomaly data, and pattern anomaly data are fused to generate the anomaly detection result. This step intelligently integrates signals from different anomaly detection methods using the previously calculated comprehensive confidence score. The fusion method can employ a weighted voting mechanism, where the comprehensive confidence score of each type of anomaly data is used as a weight for weighted summation. When the weighted sum exceeds a preset threshold, it is determined as the final anomaly detection result. Alternatively, more complex decision fusion algorithms, such as DS evidence theory or fuzzy fusion, can be used to integrate anomaly information from different sources and their comprehensive confidence scores to arrive at the final anomaly judgment. The final anomaly detection result can be a binary judgment (yes / no anomaly) or a quantified anomaly score.
[0046] In this embodiment, through the above technical solution, this application can fully utilize historical experience data to provide an objective confidence assessment basis for different types of anomaly detection results. Simultaneously, by combining current business scenario characteristics and real-time data quality, the confidence level is dynamically adjusted, making the anomaly detection fusion process more adaptable and real-time. This multi-level fusion processing based on comprehensive confidence effectively avoids the limitations of static fusion strategies, improves the accuracy and reliability of anomaly detection results, and reduces false positive and false negative rates. This provides more accurate input for subsequent root cause analysis, thereby improving the efficiency and effectiveness of the entire data governance process.
[0047] In one feasible implementation, the steps of inputting the anomaly detection results into a knowledge base and performing root cause analysis on the anomaly detection results based on the knowledge graph in the knowledge base to generate root cause analysis results include: extracting anomaly features from the anomaly detection results to generate anomaly feature data; performing multi-dimensional similarity matching between the anomaly feature data and problem nodes in the knowledge graph of the knowledge base to generate matching problem data; performing multi-path graph traversal based on causal relationship edges in the knowledge graph, starting from the nodes corresponding to the matching problem data, to generate multiple possible causal paths; calculating the comprehensive credibility of each causal path based on the edge confidence and node association strength on each causal path to generate path credibility data; and selecting the causal node on the causal path with the highest comprehensive credibility as the root cause based on the path credibility data to generate the root cause analysis results.
[0048] In this embodiment, anomaly features are extracted from the anomaly detection results to generate anomaly feature data. This step aims to extract key information from the original anomaly detection results for subsequent accurate matching and analysis. Anomaly features may include, but are not limited to, anomaly type (e.g., missing data, format errors, out-of-bounds values, data drift, etc.), timestamp of the anomaly occurrence, affected data fields or tables, severity of the anomaly, and specific values of monitoring indicators that caused the anomaly. The extraction process can be implemented using predefined rules, pattern matching algorithms, or natural language processing techniques (for anomalies described in text), structuring this discrete or semi-structured information into anomaly feature data that is easy for machines to process.
[0049] In this embodiment, the abnormal feature data is matched with problem nodes in the knowledge graph of the knowledge base using multi-dimensional similarity matching to generate matched problem data. This step compares the extracted abnormal feature data with existing problem nodes in the knowledge graph to identify the known problems most relevant or similar to the current abnormality. Problem nodes in the knowledge graph typically represent specific data quality issues, system failures, business rule conflicts, etc., that have occurred in the past, and may include attributes such as the problem description, scope of impact, and conditions under which it occurred. Multi-dimensional similarity matching can employ various techniques, such as cosine similarity calculation based on the vector space model, feature set similarity comparison based on the Jaccard coefficient, or semantic similarity matching based on machine learning. The matching process comprehensively considers multiple dimensions such as abnormality type, affected objects, and time features to generate one or more sets of problem nodes that highly match the current abnormality, i.e., matched problem data.
[0050] Building upon this foundation, based on the causal relationship edges in the knowledge graph, a multi-path graph traversal is performed starting from the node corresponding to the matched question data to generate multiple possible causal paths. This step utilizes pre-constructed causal relationship edges in the knowledge graph to explore the potential causes of these problems, starting from the matched question node. Causal relationship edges represent causal connections between different entities or events, such as "A causes B" or "C affects D." Multi-path graph traversal refers to using graph search algorithms (such as Depth-First Search (DFS) or Breadth-First Search (BFS)) to explore along the causal relationship edges in the knowledge graph to discover the complete path tracing back from the matched question node to its upstream cause node. Each path represents a possible causal chain from the root cause to the observed anomaly, thus generating multiple possible causal paths.
[0051] In this embodiment, the overall credibility of each causal path is calculated based on the edge confidence and node association strength, generating path credibility data. This step aims to quantify the reliability of each possible causal path. Edge confidence reflects the reliability of a causal relationship edge in the knowledge graph being verified or confirmed, for example, based on historical verification data or expert experience. Node association strength indicates the degree of association between a specific node (such as a system component, data source, or business process) and a specific problem or anomaly type. The overall credibility can be calculated using various methods, such as multiplying the confidence of all edges on the path and weighting it by combining the association strength of key nodes in the path, or considering path length for attenuation processing to avoid excessively long paths obtaining unreasonably high credibility. In this way, each causal path is assigned a quantified credibility score, forming path credibility data.
[0052] In this embodiment, finally, based on the path credibility data, the root cause node on the cause path with the highest overall credibility is selected as the root cause, generating the root cause analysis result. This step is the final decision-making stage of root cause analysis. After calculating the overall credibility of all possible cause paths, the system selects the cause path with the highest overall credibility based on the path credibility data. On this highest credibility path, the most upstream, most basic, or most fundamental cause node is usually identified as the root cause leading to the current anomaly. For example, if a path is "data source failure -> data transmission anomaly -> data quality problem," and this path has the highest credibility, then "data source failure" may be identified as the root cause. Finally, the identified root cause node and its related information are output as the root cause analysis result.
[0053] In this embodiment, through the above technical solution, this application can improve the accuracy and efficiency of intelligent data governance methods in anomaly root cause analysis. First, by accurately extracting anomaly features from anomaly detection results, high-quality input is provided for subsequent matching and analysis. Second, utilizing the multi-dimensional similarity matching capability of knowledge graphs, current anomalies can be quickly and accurately associated with known historical issues in the knowledge base, avoiding blind searches and reliance on human experience. Furthermore, based on the rich causal relationship edges in the knowledge graph, multi-path graph traversal can systematically explore all possible causal chains, ensuring the comprehensiveness of root cause analysis. Finally, by comprehensively evaluating the confidence of edges and the strength of node associations on each causal path, and selecting the causal node on the causal path with the highest comprehensive confidence as the root cause, misjudgments are effectively avoided, ensuring the accuracy and reliability of root cause identification. This structured and intelligent root cause analysis process not only significantly shortens problem localization time and reduces the complexity and cost of manual analysis, but also provides a solid foundation for subsequent handling solution matching and execution, thereby comprehensively improving the intelligence level and response speed of data governance.
[0054] In one feasible implementation, the step of calculating the comprehensive credibility of each causal path and generating path credibility data based on the edge confidence and node association strength of each causal path includes: obtaining historical verification data for each causal relationship edge in the knowledge graph, including the number of verifications, the number of successes, and the most recent verification time, to generate edge historical data; calculating the historical confidence score of each edge based on the edge historical data to generate edge historical confidence data; generating business feature data based on the context information of the current business environment, and calculating a context adjustment factor based on the business feature data; multiplying the edge historical confidence data with the context adjustment factor to obtain the current edge confidence data; and for each causal path, multiplying the current edge confidence data of all edges on the path and considering the path length for attenuation processing to generate the path credibility data.
[0055] In this embodiment, when acquiring historical verification data for each causal relationship edge in the knowledge graph, including the number of verifications, the number of successes, and the most recent verification time, and generating edge history data, a metadata storage area can be maintained for each causal relationship edge in the knowledge base. After a certain action plan is executed, its effect is reviewed and analyzed. If the action is successful and associated with a causal relationship edge, the number of verifications and successes for that edge will increase accordingly, and the most recent verification time will be updated. This data can be stored as edge attributes or a separate edge history table. For example, when the exception of "database connection timeout" causing "application service unavailable" is successfully resolved, the number of verifications and successes for the causal relationship edge connecting "database connection timeout" and "application service unavailable" will be updated.
[0056] In this embodiment, based on the historical edge data, a historical confidence score is calculated for each edge to generate historical edge confidence data. The historical confidence score can be calculated using various statistical methods. For example, the ratio of the number of successful verifications to the number of verifications can be used as the basic confidence level. To avoid excessive fluctuations in confidence when the number of verifications is low, Bayesian averaging or Laplace smoothing can be introduced. Furthermore, the impact of the most recent verification time on the confidence level can be considered; for example, more recent verification results have higher weights, and an exponential decay function can be used to weight older verification data.
[0057] In this embodiment, business feature data is generated based on the context information of the current business environment, and a context adjustment factor is calculated based on the business feature data. The context information of the business environment may include, but is not limited to: current system load, network conditions, specific service version, deployment region, holidays, or promotional activities. This information can be obtained through system monitoring tools, business logs, or configuration management systems. The business feature data can be a quantitative representation of this context information. The context adjustment factor can be calculated using a preset rule engine or machine learning model. For example, if the current system load is too high, the confidence of certain causal relationships (such as "slow database query" leading to "slow application response") may be amplified, while others (such as "configuration error" leading to "service startup failure") may be unaffected. The adjustment factor can be a value between 0 and 1, used for multiplicative adjustment.
[0058] In this embodiment, the historical edge confidence data is multiplied by the context adjustment factor to obtain the current edge confidence data. This is a direct multiplication operation, allowing the context adjustment factor to directly enhance or weaken the historical confidence, thereby achieving dynamic adaptation. For example, an edge with a historical confidence of 0.9, under a specific high-load environment, will have a current confidence of 0.99 if the context adjustment factor is 1.1; and will have a current confidence of 0.72 if the context adjustment factor is 0.8.
[0059] In this embodiment, for each causal path, the current edge confidence data of all edges on the path are multiplied together, and a decay process is applied considering the path length to generate the path confidence data. For a causal path consisting of N edges, its path confidence can be initially calculated as the product of the current edge confidence data of all edges on the path. To account for the decay due to path length, a decay factor (between 0 and 1) can be introduced. For example, the path confidence can be expressed as the product of the current edge confidences multiplied by the decay factor to the power of N-1, or the geometric mean of the current edge confidences. The purpose of the decay process is to reflect the empirical fact that the longer the causal chain, the lower its overall reliability, and to avoid overestimating excessively long paths with high confidence levels for each edge.
[0060] In this embodiment, through the above technical solution, this application can dynamically and accurately evaluate the credibility of each causal relationship edge in the knowledge graph, and comprehensively consider the impact of path length on the overall credibility. Specifically, by acquiring historical verification data and calculating historical confidence scores, an objective reliability basis is provided for each edge; at the same time, contextual information of the current business environment is introduced to calculate the context adjustment factor, so that the confidence of the edge can adapt to changes in the business scenario in real time, avoiding the limitations of static confidence evaluation. Finally, by multiplying the current confidence of all edges on the path and performing path length decay processing, the comprehensive credibility of each causal path can be more accurately quantified, improving the accuracy and reliability of root cause analysis results, thereby ensuring the matching degree and effectiveness of subsequent handling solutions, and improving the overall efficiency of intelligent data governance methods.
[0061] In one feasible implementation, based on the root cause analysis results, corresponding treatment plans are matched from the knowledge base to generate treatment plan data, including: extracting root cause features, business scenario features, and impact scope features from the root cause analysis results to generate governance feature data; performing multi-dimensional similarity calculations on the governance feature data and historical case feature data in the knowledge base to generate multi-dimensional similarity data; ranking historical cases using a weighted comprehensive scoring algorithm based on the multi-dimensional similarity data to generate candidate case ranking data; selecting candidate cases with comprehensive scores exceeding a preset scoring threshold from the candidate case ranking data for treatment plan adaptability analysis to generate plan adaptability data; and selecting treatment plans from the candidate cases based on the plan adaptability data to generate the treatment plan data.
[0062] In this embodiment, root cause features, business scenario features, and impact scope features are extracted from the root cause analysis results to generate governance feature data. This step aims to transform the abstract root cause analysis results into a quantifiable and comparable set of features, providing accurate input for subsequent solution matching. Root cause features may include the type of root cause node (e.g., data source failure, ETL error, inconsistent data model, incorrect business rule configuration, etc.), the severity of the root cause, its frequency of occurrence, and the data tables or fields involved. These features can be obtained from the attributes and relationships of root cause nodes in a knowledge graph. Business scenario features cover the time period of the anomaly (e.g., peak business hours, specific batch processing windows), the business systems involved, the affected business processes, and the business domain to which the data belongs. These features can be extracted from the contextual information of the anomaly detection results. Impact scope features refer to the specific impact of the anomaly on data quality, business operations, user experience, etc., such as the amount of data affected, the number of affected users, potential economic losses, compliance risk levels, etc. These features can be obtained by analyzing the anomaly detection results and related business indicators. Finally, the extracted features are structurally integrated to form a unified feature vector or JSON object, which serves as the input for subsequent matching.
[0063] In this embodiment, the governance feature data and historical case feature data in the knowledge base are subjected to multi-dimensional similarity calculation to generate multi-dimensional similarity data. This step is used to quantify the similarity between the current problem and existing historical handling cases in the knowledge base, providing a basis for selecting appropriate handling solutions. Each historical handling case stored in the knowledge base should contain its corresponding root cause features, business scenario features, and scope of impact features, and these features should be consistent with the structure of the current governance feature data. Multi-dimensional similarity calculation can employ various methods. For example, cosine similarity can be calculated after vectorizing the feature data; Jaccard similarity can be used for discrete or aggregate features; and Euclidean distance can be calculated for numerical features, with smaller distances indicating higher similarity. Furthermore, different weights can be assigned based on the importance of different features to perform weighted similarity calculations. The calculation result can be a vector or dictionary containing multiple similarity scores, with each score corresponding to a dimension or a calculation method.
[0064] Based on this, a weighted comprehensive scoring algorithm is used to rank historical cases using the multi-dimensional similarity data, generating candidate case ranking data. This step aims to integrate multi-dimensional similarity information into a single comprehensive score, and prioritize all historical cases accordingly for subsequent selection. The weighted comprehensive scoring algorithm can assign different weights to different similarity dimensions (e.g., root cause similarity, business scenario similarity, and scope of influence similarity), and then sum or average these weighted similarity scores to obtain a comprehensive score for each historical case. For example, the comprehensive score can be represented as "w1 × root cause similarity + w2 × scenario similarity + w3 × impact similarity," where the weights "w1," "w2," and "w3" can be trained and optimized based on expert experience or machine learning models. Based on the calculated comprehensive score, all historical cases are ranked from highest to lowest, forming an ordered list of candidate cases.
[0065] In this embodiment, candidate cases with comprehensive scores exceeding a preset scoring threshold are selected from the candidate case ranking data for adaptation analysis of the handling solutions, generating solution adaptation data. This step is used to further filter out historical cases highly relevant to the current problem and evaluate the applicability of their handling solutions in the current environment. The preset scoring threshold can be set based on practical experience to filter out historical cases with low similarity and little reference value. For the selected candidate cases, a more detailed evaluation of their included handling solutions is required, which may include: resource availability, i.e., whether the human resources, tools, and system resources involved in the solution are currently available; environmental compatibility, i.e., whether the solution is compatible with the current data architecture, technology stack, and business processes; risk assessment, i.e., the potential risks and side effects that the solution execution may bring; and timeliness, i.e., whether the solution can be completed within the required time. The result of the adaptation analysis can be an adaptation score or a multi-dimensional adaptation assessment report, used to quantify the applicability of each candidate solution.
[0066] In this embodiment, finally, based on the adaptability data of the proposed solutions, a solution is selected from the candidate cases to generate the solution data. This step is the final decision-making process, determining the most suitable solution for the current problem based on the comprehensive score and adaptability analysis results. The selection strategy can prioritize the solution with the highest adaptability score, or, among multiple highly adaptable solutions, make a manual or automated decision based on other factors (such as cost, execution difficulty, historical success rate, etc.). The selected solution typically includes detailed execution steps, tools involved, responsible personnel, expected results, rollback plans, and other information. This information is structured into solution data for subsequent execution.
[0067] In this embodiment, detailed governance features are systematically extracted from root cause analysis results, and multi-dimensional, refined similarity calculations are performed with historical cases in the knowledge base. A weighted comprehensive scoring algorithm is used to rank historical cases, and further adaptive analysis is conducted on highly relevant candidate solutions. This ensures that the selected solutions are not only highly relevant to the current problem but also highly feasible and effective in the current business environment. This improves the accuracy and efficiency of solution selection during data governance, effectively avoiding resource waste and poor governance results caused by inappropriate solution selection, thereby optimizing the overall intelligence level of data governance.
[0068] In one feasible implementation, the step of performing a debriefing analysis on the anomaly detection results, root cause analysis results, and treatment plan data based on the treatment execution results to generate debriefing analysis data includes: obtaining actual effect indicator data for multiple dimensions corresponding to the treatment execution results; obtaining expected effect indicator data corresponding to the treatment plan data; comparing the actual effect indicator data for each dimension with the corresponding expected effect indicator data, calculating the effect achievement rate for each dimension, and generating effect achievement rate data; calculating the comprehensive effectiveness score of the treatment plan using a multi-objective evaluation algorithm based on the effect achievement rate data, and generating comprehensive effectiveness data; and integrating the anomaly detection results, root cause analysis results, treatment plan data, actual effect indicator data, and comprehensive effectiveness data to generate the debriefing analysis data.
[0069] In this embodiment, actual effect indicator data across multiple dimensions corresponding to the action execution results are obtained. The action execution results are the actual output after taking governance actions against data anomalies. The actual effect indicator data aims to quantify the specific impact of these operations in different dimensions, such as the degree of data quality improvement, the reduction in business process downtime, and changes in resource consumption. This data is typically acquired in real-time or periodically from multiple data sources such as business systems, log systems, databases, or API interfaces through an automated data acquisition system, ensuring a comprehensive understanding of the action's effectiveness.
[0070] In this embodiment, the expected effect indicator data corresponding to the disposal plan data is obtained. The expected effect indicator data are the goals that are pre-set through the disposal operation, based on a deep understanding of the abnormal problem, historical experience, or predictive models, when the disposal plan is formulated. This data is usually stored in a knowledge base as a benchmark for evaluating the success of the disposal plan. For example, for a data inconsistency problem, the expected effect indicator might be set as "data consistency reaches 99.9%" or "the error rate of related business reports is reduced by 80%".
[0071] In this embodiment, the actual effect indicator data for each dimension is compared with the corresponding expected effect indicator data to calculate the effect achievement rate for each dimension, generating effect achievement rate data. The effect achievement rate data is a key quantitative indicator for measuring the gap between actual results and expected goals. This comparison process is typically implemented through mathematical operations, such as calculating the ratio of actual values to expected values, or the percentage difference. By calculating the achievement rate for each dimension, the performance of the treatment plan in various aspects can be clearly understood, identifying areas with significant or poor results.
[0072] Based on this, and using the aforementioned effectiveness achievement rate data, a multi-objective evaluation algorithm is employed to calculate the comprehensive effectiveness score of the treatment plan, generating comprehensive effectiveness data. This comprehensive effectiveness data provides a complete and objective evaluation of the overall effectiveness of the treatment plan, avoiding the bias that may arise from a single indicator. The multi-objective evaluation algorithm can employ various methods, such as weighted summation, the Analytic Hierarchy Process (AHP), or the Top-Optimal Solution (TOPSIS). In the weighted summation method, different weights are assigned based on the importance of different effectiveness dimensions (such as data quality, business impact, cost-effectiveness, etc.). Then, the effectiveness achievement rate of each dimension is multiplied by its corresponding weight and summed to obtain a comprehensive score representing the overall effectiveness of the treatment plan. These weights can be dynamically adjusted based on business priorities, expert experience, or historical data.
[0073] In this embodiment, the anomaly detection results, root cause analysis results, remediation plan data, actual effect index data, and comprehensive effectiveness data are integrated to generate the debriefing analysis data. The debriefing analysis data is a complete and structured record of the entire anomaly management process. The integration process involves collecting and organizing the aforementioned key data to form a unified data package or record. This includes a detailed description of the anomaly, the identified root cause, the remediation measures taken, a quantitative assessment of the actual effect after remediation, and a comprehensive evaluation of the effectiveness of the remediation plan. This integrated data provides comprehensive and high-quality input for subsequent knowledge graph updates and monitoring rule adjustments.
[0074] In this embodiment, the above-described technical solution enables multi-dimensional and quantitative post-analysis of the disposal results, allowing for accurate evaluation of the actual effectiveness and overall validity of the disposal plan. This ensures that the data subsequently fed back to the knowledge base is verified and quantified, thereby improving the accuracy and reliability of knowledge graph updates and providing a solid data foundation for optimizing and adjusting monitoring rules. This enhances the continuous optimization capability and scientific rigor of the entire intelligent data governance method.
[0075] In one feasible implementation, the steps of feeding back the debriefing analysis data to a knowledge base, updating the nodes and edge relationships of the knowledge graph in the knowledge base, and generating an updated knowledge graph include: extracting effective handling features, ineffective handling features, and improvement suggestion features from the debriefing analysis data to generate governance experience data; converting the governance experience data into knowledge graph node and edge data, determining the node type, attribute information, and edge relationship type; inserting the knowledge graph node and edge data into the knowledge graph of the knowledge base, performing a graph structure consistency check, and generating an intermediate knowledge graph; for any knowledge conflicts that may exist in the intermediate knowledge graph, using a conflict resolution strategy based on confidence comparison to process them, and generating a conflict-resolved knowledge graph; updating the association strength and confidence score of relevant nodes in the conflict-resolved knowledge graph, recalculating the importance score of the nodes, and generating the updated knowledge graph.
[0076] In this embodiment, effective handling features, ineffective handling features, and improvement suggestion features are extracted from the debriefing analysis data to generate governance experience data. The aim is to extract structured experience information from the original debriefing analysis data that can be used for knowledge graph updates. Effective handling features may include handling plans that successfully resolved anomalies, applicable business scenarios, and key parameter configurations; ineffective handling features may include handling plans that failed to resolve anomalies, inapplicable conditions, or operations that led to negative impacts; improvement suggestion features cover optimization suggestions for monitoring rules, root cause analysis models, or the handling plan library. These features can be extracted using Natural Language Processing (NLP) technology to perform entity recognition and relation extraction on text-based debriefing reports, or by extracting them from structured data using preset rules and templates.
[0077] In this embodiment, the governance experience data is transformed into knowledge graph nodes and edge data, determining the node type, attribute information, and edge relationship type. This step maps the extracted governance experience data to the ontology structure of the knowledge graph. For example, "effective treatment plan" can be mapped to a node of type "treatment plan," and attributes such as "success rate" and "applicable scenario" can be added; "root cause" can be mapped to a node of type "root cause"; and relationships such as "cause" or "solve" can be mapped to edges between nodes. The node type, attribute information, and edge relationship type are part of the predefined knowledge graph ontology, ensuring the structure and understandability of the new knowledge.
[0078] In this embodiment, the knowledge graph nodes and edge data are inserted into the knowledge graph of the knowledge base, and a graph structure consistency check is performed to generate an intermediate knowledge graph. When adding newly generated node and edge data to the existing knowledge graph, preliminary structural verification is required. Graph structure consistency checks include, but are not limited to: ensuring that newly inserted nodes or edges do not disrupt the graph's connectivity, avoiding the creation of duplicate nodes, verifying the existence and type matching of the nodes at both ends of an edge, and checking for structures that do not conform to a preset graph pattern. Through these checks, the physical integrity of the knowledge graph can be guaranteed, forming a preliminarily integrated intermediate knowledge graph.
[0079] Based on this, a conflict resolution strategy based on confidence comparison is adopted to handle potential knowledge conflicts in the intermediate knowledge graph, generating a conflict-resolved knowledge graph. Knowledge conflicts may manifest as different descriptions of the same fact, contradictory attribute values, or contradictory relationships. The confidence comparison strategy means that a confidence score is associated with each fact (node, edge, attribute) in the knowledge graph. This score can be determined based on factors such as the reliability of the data source, the number of historical verifications, timestamps, or expert evaluations. When a conflict is detected, the system compares the confidence scores of the conflicting parties, prioritizing the fact with the higher confidence score to resolve the conflict and ensure the logical consistency and accuracy of the knowledge graph.
[0080] In this embodiment, the final step is to update the association strength and confidence scores of relevant nodes in the conflict-resolved knowledge graph, recalculate the importance scores of the nodes, and generate the updated knowledge graph. This step aims to dynamically adjust the weights and priorities of the knowledge graph. Association strength reflects the closeness of the relationship between nodes and can be strengthened or weakened based on the number of times new experiences are verified or their impact. Confidence scores are updated based on the verification results of new data; for example, a solution that has been successfully verified multiple times will have a higher confidence score. The recalculation of node importance scores is based on a comprehensive evaluation of the knowledge graph topology and node attribute weights to reflect the node's influence and centrality in the entire knowledge system. Specifically, it combines multiple dimensions of indicators, including the number of associated nodes, the average edge confidence score, historical verification frequency, and solution success rate, to quantify the calculation. First, the in-degree and out-degree of nodes are statistically analyzed to reflect the breadth of association. Then, the average confidence score of associated edges, the total number of historical verifications, and the success rate of associated solution execution are integrated. The score calculation is completed through weighted integration of multiple indicators, and the weights of each indicator can also be dynamically adjusted according to the business scenario.
[0081] In this embodiment, through the above technical solution, this application can systematically transform complex retrospective analysis data into structured knowledge that the knowledge graph can understand, and effectively handle knowledge conflicts, ensuring the accuracy, consistency, and timeliness of the knowledge graph. This avoids the problem of knowledge graph quality degradation due to direct or improper updates, enabling the knowledge graph to continuously learn and evolve, thereby providing more accurate and reliable knowledge support for subsequent anomaly detection, root cause analysis, and matching of remediation plans, and improving the overall effectiveness and adaptability of intelligent data governance methods.
[0082] In one feasible implementation, the step of adjusting the monitoring rules in the monitoring library and generating optimized monitoring rules based on the updated knowledge graph includes: extracting nodes and edges directly related to the monitoring rules from the updated knowledge graph to generate rule association subgraph data; analyzing the pattern evolution trend in the rule association subgraph data, identifying the adjustment direction and magnitude of the rule thresholds, and generating rule adjustment analysis data; generating specific rule parameter adjustment suggestions and rule logic optimization suggestions based on the rule adjustment analysis data, and generating rule adjustment scheme data; verifying the effectiveness and stability of the rule adjustment scheme data in a simulation environment, and generating verification result data; and applying the effective rule adjustment scheme to the monitoring library based on the verification result data, updating the threshold parameters and detection logic of the monitoring rules, and generating the optimized monitoring rules.
[0083] In this embodiment, extracting nodes and edges directly related to monitoring rules from the updated knowledge graph to generate rule-related subgraph data refers to identifying knowledge elements that explicitly point to or influence monitoring rules from a vast knowledge graph. For example, a node might represent a specific data quality indicator, which is concerned by a certain monitoring rule; or an edge might represent the relationship between a certain anomaly pattern and a specific monitoring threshold. This can be achieved by filtering nodes (such as "data quality indicator," "anomaly type," and "business scenario") and their connecting edges (such as "impact," "related," and "detected") related to the concept of "monitoring rule" through predefined metadata tags, semantic association analysis, or graph query languages. These extracted nodes and edges collectively constitute the rule-related subgraph data, which is a subset focusing on knowledge related to monitoring rules.
[0084] In this embodiment, the evolution trend of patterns in the rule-related subgraph data is analyzed to identify the adjustment direction and magnitude of rule thresholds, generating rule adjustment analysis data. The aim is to discover how these knowledge elements (such as the frequency of specific anomalies, changes in root causes, and feedback on treatment effects) influence or indicate the effectiveness of monitoring rules. For example, if the association strength between a node of a certain anomaly type and a certain monitoring rule in the knowledge graph continuously increases, and the success rate of handling that anomaly is high, it may mean that the monitoring rule needs a more sensitive threshold. Identifying the adjustment direction (e.g., tightening or loosening) and magnitude (e.g., the specific percentage or value of adjustment) of rule thresholds can be achieved by analyzing historical data, statistical information (such as anomaly occurrence rate, false alarm rate, and false negative rate), and changes in the confidence of nodes and edges in the subgraph. This may involve time series analysis, trend prediction algorithms, or rule-based inference engines to generate rule adjustment analysis data containing specific adjustment suggestions.
[0085] In this embodiment, based on the rule adjustment analysis data, specific rule parameter adjustment suggestions and rule logic optimization suggestions are generated, thus generating rule adjustment scheme data. This transforms insights into how monitoring rules should change into actionable rule adjustment plans. Specifically, generating rule adjustment scheme data can combine rule adaptability analysis with business scenario matching. First, the upper and lower limits of threshold adjustment are determined based on the evolution trend of rule association subgraph patterns. Then, the specific values of parameter adjustments are determined by combining real-time data characteristics, historical anomaly rates, and false positive / false negative rates. Rule logic optimization involves sorting out the relationship between anomalies and monitoring rules, adding missing detection conditions, eliminating redundant judgment logic, and optimizing the execution priority of multiple rules. The parameter adjustment values, logic optimization steps, and applicable business scenarios are integrated into structured rule adjustment scheme data. Specific rule parameter adjustment suggestions may include modifying a threshold (e.g., adjusting the alarm threshold of a certain indicator from 95% to 98%), adjusting the time window, and changing the sampling frequency. Rule logic optimization suggestions can involve deeper changes, such as adding new judgment conditions, deleting outdated judgment conditions, adjusting the priority between multiple rules, or introducing new detection algorithms. Generating rule adjustment scheme data means encoding these suggestions in a structured form for subsequent verification and application.
[0086] In this embodiment, verifying the effectiveness and stability of the rule adjustment scheme data in a simulation environment and generating verification result data is to evaluate any modifications to the monitoring rules before actual application. The simulation environment is a controlled environment that simulates real data flow and business scenarios. Applying the rule adjustment scheme data to the simulation environment allows for replay testing using historical or simulated data to evaluate the performance (effectiveness) of the adjusted rules in detecting known anomalies and avoiding false positives and false negatives. Simultaneously, it is also necessary to evaluate the impact of the new rules on system resources, processing latency, and robustness (stability) under different data modes. Specifically, verifying the effectiveness and stability of the rule adjustment scheme data in the simulation environment can be achieved by combining historical data replay with simulated data injection. Effectiveness verification involves importing historical anomaly / normal datasets, statistically analyzing anomaly detection rates, false positive rates, and false negative rates, and comparing the results with those before optimization to determine the effectiveness. Stability verification involves inputting simulated data with different traffic volumes and distributions to detect fluctuations in detection accuracy, changes in processing time, and system resource utilization under high concurrency, data drift, and scenario switching. The effectiveness and stability indicators, along with the anomaly scenario adaptation results, are then integrated into the verification result data.
[0087] In this embodiment, applying effective rule adjustment schemes to the monitoring library based on the verification result data, updating the threshold parameters and detection logic of the monitoring rules, and generating the optimized monitoring rules are key steps in deciding whether to deploy new rules based on the verification results. Only when the verification results show that the rule adjustment scheme is effective and stable will it be formally applied to the monitoring library. The application process includes updating the threshold parameters of the monitoring rules (e.g., modifying the configuration table in the database or the parameter settings of the rule engine) and the detection logic (e.g., updating the rule script or modifying the algorithm model). This process needs to ensure atomicity and rollbackability to prevent problems from occurring during deployment. Ultimately, the monitoring library will contain optimized monitoring rules that can more accurately and promptly identify data anomalies, thereby improving the efficiency and accuracy of overall data governance.
[0088] In this embodiment, through the above technical solution, this application can effectively feed back the updated and analyzed knowledge graph in the knowledge base to the optimization of monitoring rules in the monitoring library. Specifically, by extracting knowledge directly related to the monitoring rules from the updated knowledge graph and analyzing its pattern evolution trend, it is possible to dynamically identify how the monitoring rule thresholds should be adjusted and how the detection logic should be optimized. Furthermore, these adjustment schemes are rigorously verified in a simulation environment to ensure their effectiveness and stability, avoiding the introduction of new problems. Finally, the verified optimization schemes are applied to the monitoring library, enabling the monitoring rules to continuously adapt to new data patterns, business changes, and anomaly types, thereby improving the early detection capability of data anomalies and the accuracy of monitoring, effectively avoiding the problems caused by the lag in monitoring rules, and realizing closed-loop optimization and forward-looking management of data governance.
[0089] In one feasible implementation, after the steps of inputting the preprocessed data into the monitoring library, monitoring the preprocessed data in real time based on the preset monitoring rules in the monitoring library, and generating anomaly detection results, the method further includes: when the monitoring library generates anomaly detection results, sending the anomaly feature data in the anomaly detection results to a knowledge base; the knowledge base searching for similar problem nodes in a knowledge graph based on the received anomaly feature data, generating knowledge retrieval result data; when the knowledge retrieval result data contains similar problem nodes, feeding back relevant information on historical handling solutions corresponding to the similar problem nodes to the monitoring library; and the monitoring library adjusting the monitoring rules in the monitoring library based on the received relevant information on historical handling solutions.
[0090] In this embodiment, when the monitoring database generates anomaly detection results during real-time monitoring, the system immediately extracts key anomaly feature data from these results and sends it to the knowledge base. This anomaly feature data may include, but is not limited to, the anomaly type, the specific data fields where the anomaly occurred, the range of anomaly values, the timestamp of the anomaly occurrence, and the affected business systems or data domains. This step aims to achieve rapid linkage between the monitoring process and the knowledge base, providing an information foundation for subsequent rapid response.
[0091] In this embodiment, upon receiving the anomalous feature data, the knowledge base immediately operates based on its internally constructed knowledge graph. Specifically, the knowledge base uses the anomalous feature data as query conditions to search for problem nodes in the knowledge graph that are highly similar to the current anomalous features. This search process can employ various similarity matching algorithms, such as matching based on semantic similarity, structural similarity, or attribute similarity. Through this search, the knowledge base can quickly identify whether the current anomaly is related to historically occurring and resolved problems, and generate knowledge retrieval result data, which includes the identifiers or relevant information of the matched similar problem nodes.
[0092] In this embodiment, when the knowledge retrieval results indicate the existence of similar problem nodes in the knowledge graph that match the current anomaly characteristics, the knowledge base will feed back information related to historical handling solutions associated with these similar problem nodes to the monitoring database. This information may include, but is not limited to, the types of solutions successfully handled in the past for the similar problem node, key parameters, handling effect evaluations, and recommended rule adjustment suggestions. This feedback mechanism enables the monitoring database to obtain effective solutions for similar problems in real time, avoiding repeated, time-consuming root cause analysis.
[0093] In this embodiment, after receiving information related to historical handling schemes from the knowledge base, the monitoring library adjusts its monitoring rules based on this information. These adjustments may include, but are not limited to, modifying threshold parameters of existing monitoring rules, adding new anomaly detection modes, temporarily disabling certain rules with high false alarm rates, or activating dedicated monitoring logic for specific anomaly scenarios. Through this adjustment, the monitoring library can quickly optimize its detection capabilities based on historical experience, improving the efficiency and accuracy of identifying known anomalies, thereby achieving more intelligent and real-time anomaly monitoring.
[0094] In this embodiment, through the above technical solution, after the anomaly detection results are generated in the monitoring database, this application no longer needs to wait for a complete root cause analysis, action execution, and review analysis cycle. Instead, it can immediately send the anomaly characteristic data to the knowledge base. The knowledge base uses its knowledge graph to quickly find similar problem nodes and promptly feeds back relevant information from corresponding historical action plans to the monitoring database. Based on this historical experience, the monitoring database can quickly adjust monitoring rules, thereby achieving rapid response and processing of known or recurring anomalies. This shortens the time from anomaly discovery to rule optimization, improves the real-time performance and efficiency of data governance, effectively avoids repeated analysis and processing of the same or similar problems, reduces operating costs, and improves the overall intelligence level of the data governance system.
[0095] In the embodiments of this application, the intelligent data governance method based on dual-database collaboration and knowledge graph solves the problem of disconnect between monitoring and governance in the prior art through a closed-loop process including data acquisition, cleaning, monitoring, root cause analysis, disposal, review, knowledge update and rule adjustment. It can realize an automated closed loop of data governance, improve processing efficiency, reduce delays caused by manual intervention, and dynamically optimize monitoring rules to enhance the system's adaptability and intelligence level.
[0096] It should be noted that the above examples are only for understanding this application and do not constitute a limitation on the intelligent data governance method based on dual-database collaboration and knowledge graphs in this application. Any simple modifications based on this technical concept are within the protection scope of this application.
[0097] This application also provides an intelligent data governance system based on dual-database collaboration and knowledge graphs, referencing... Figure 2 The intelligent data governance system based on dual-database collaboration and knowledge graph includes: a memory 10, a processor 20, and an intelligent data governance program based on dual-database collaboration and knowledge graph stored on the memory 10 and executable on the processor 20. The intelligent data governance program based on dual-database collaboration and knowledge graph is configured to implement the steps of the intelligent data governance method based on dual-database collaboration and knowledge graph.
[0098] The intelligent data governance system based on dual-database collaboration and knowledge graphs provided in this application adopts the intelligent data governance method based on dual-database collaboration and knowledge graphs in the above embodiments, which can improve the system's adaptability and intelligence level. Compared with the prior art, the beneficial effects of the intelligent data governance system based on dual-database collaboration and knowledge graphs provided in this application are the same as the beneficial effects of the intelligent data governance method based on dual-database collaboration and knowledge graphs provided in the above embodiments, and other technical features of the intelligent data governance system based on dual-database collaboration and knowledge graphs are the same as the features disclosed in the methods of the above embodiments, and will not be repeated here.
[0099] It should be understood that the various parts disclosed in this application can be implemented using hardware, software, firmware, or a combination thereof. In the description of the above embodiments, specific features, structures, materials, or characteristics can be combined in any suitable manner in one or more embodiments or examples.
[0100] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. All equivalent structural transformations made under the technical concept of this application using the contents of the specification and drawings of this application, or direct / indirect applications in other related technical fields, are included within the scope of patent protection of this application.
Claims
1. An intelligent data governance method based on dual-database collaboration and knowledge graph, characterized in that, The method includes: Raw data is obtained from multiple data sources, and the raw data is cleaned and standardized to obtain preprocessed data; The preprocessed data is input into the monitoring database, and the preprocessed data is monitored in real time based on the preset monitoring rules in the monitoring database to generate anomaly detection results; The anomaly detection results are input into the knowledge base, and root cause analysis is performed on the anomaly detection results based on the knowledge graph in the knowledge base to generate root cause analysis results. Based on the root cause analysis results, the corresponding treatment plan is matched from the knowledge base, treatment plan data is generated, and the treatment operation corresponding to the treatment plan data is executed to generate the treatment execution result; Based on the execution results of the aforementioned actions, a retrospective analysis is conducted on the anomaly detection results, root cause analysis results, and action plan data to generate retrospective analysis data. The retrospective analysis data is fed back to the knowledge base to update the nodes and edge relationships of the knowledge graph in the knowledge base, and to generate an updated knowledge graph. Based on the updated knowledge graph, the monitoring rules in the monitoring database are adjusted to generate optimized monitoring rules.
2. The intelligent data governance method based on dual-database collaboration and knowledge graph as described in claim 1, characterized in that, The steps of inputting the preprocessed data into the monitoring database, and generating anomaly detection results by real-time monitoring of the preprocessed data based on preset monitoring rules in the monitoring database include: Multiple monitoring indicators are extracted from the preprocessed data to generate monitoring indicator data; The monitoring indicator data is compared with the threshold rules in the monitoring database. When the monitoring indicator data exceeds the threshold rules, rule abnormal data is generated. Time series feature analysis is performed on the monitoring indicator data to calculate the statistical feature change rate within a preset time window. When the statistical feature change rate exceeds the preset change rate threshold in the monitoring database, statistical anomaly data is generated. Based on the monitoring index data, a monitoring feature vector is constructed, and the distance between the monitoring feature vector and the normal pattern feature vector pre-stored in the monitoring database is calculated. When the distance exceeds the preset distance threshold in the monitoring database, abnormal pattern data is generated. The anomaly detection results are generated by performing confidence assessment and multi-level fusion processing on the rule-based anomaly data, statistical anomaly data, and pattern anomaly data.
3. The intelligent data governance method based on dual-database collaboration and knowledge graph as described in claim 2, characterized in that, The steps for performing confidence assessment and multi-level fusion processing on the rule-based anomaly data, statistical anomaly data, and pattern anomaly data to generate the anomaly detection results include: Obtain historical accuracy data of the rule anomaly data, statistical anomaly data, and pattern anomaly data recorded in the monitoring database; Based on the historical accuracy data, confidence weights are calculated for the rule-related anomaly data, statistical anomaly data, and pattern anomaly data respectively, generating historical confidence data. Based on the characteristics of the current business scenario and the real-time data quality, calculate the dynamic adjustment factor and generate dynamic adjustment factor data. The historical confidence data is multiplied by the dynamic adjustment factor data to obtain the comprehensive confidence data. Based on the comprehensive confidence data, the rule-based anomaly data, statistical anomaly data, and pattern anomaly data are fused to generate the anomaly detection result.
4. The intelligent data governance method based on dual-database collaboration and knowledge graph as described in claim 1, characterized in that, The steps of inputting the anomaly detection results into a knowledge base, performing root cause analysis on the anomaly detection results based on the knowledge graph in the knowledge base, and generating root cause analysis results include: Extract abnormal features from the anomaly detection results to generate abnormal feature data; The abnormal feature data is matched with the question nodes in the knowledge graph of the knowledge base in multiple dimensions to generate matching question data; Based on the causal relationship edges in the knowledge graph, a multi-path graph traversal is performed starting from the node corresponding to the matching question data to generate multiple possible causal paths; Based on the edge confidence and node association strength of each cause path, the overall credibility of each cause path is calculated to generate path credibility data; Based on the path credibility data, the root cause node on the path with the highest overall credibility is selected as the root cause, and the root cause analysis results are generated.
5. The intelligent data governance method based on dual-database collaboration and knowledge graph as described in claim 4, characterized in that, The steps for generating path credibility data, based on the edge confidence and node association strength of each causal path, include: Obtain historical verification data for each causal relationship edge in the knowledge graph, including the number of verifications, the number of successes, and the most recent verification time, and generate historical edge data; Based on the historical edge data, calculate the historical confidence score for each edge to generate historical edge confidence data; Business feature data is generated based on the context information of the current business environment, and a context adjustment factor is calculated based on the business feature data; Multiply the historical edge confidence data by the context adjustment factor to obtain the current edge confidence data; For each cause path, the current edge confidence data of all edges on the path are multiplied together, and the path length is taken into account for attenuation processing to generate the path confidence data.
6. The intelligent data governance method based on dual-database collaboration and knowledge graph as described in claim 1, characterized in that, Based on the root cause analysis results, corresponding treatment plans are matched from the knowledge base to generate treatment plan data, including: Root cause features, business scenario features, and scope of impact features are extracted from the root cause analysis results to generate governance feature data. The governance feature data is compared with the historical case feature data in the knowledge base in a multi-dimensional similarity calculation to generate multi-dimensional similarity data. Based on the multi-dimensional similarity data, a weighted comprehensive scoring algorithm is used to rank historical cases and generate candidate case ranking data. Candidate cases with comprehensive scores exceeding a preset score threshold are selected from the candidate case ranking data for adaptation analysis of the treatment plan, and adaptation data of the plan is generated. Based on the adaptability data of the proposed solutions, a solution is selected from the candidate cases, and the solution data is generated.
7. The intelligent data governance method based on dual-database collaboration and knowledge graph as described in claim 1, characterized in that, Based on the execution results of the aforementioned actions, the steps for generating review analysis data include: (1) Debriefing analysis of the anomaly detection results, root cause analysis results, and action plan data. Obtain actual effect indicator data from multiple dimensions corresponding to the execution results of the aforementioned actions; Obtain the expected effect indicator data corresponding to the treatment plan data; Compare the actual performance metrics data of each dimension with the corresponding expected performance metrics data, calculate the performance achievement rate of each dimension, and generate performance achievement rate data. Based on the aforementioned effect achievement rate data, a multi-objective evaluation algorithm is used to calculate the comprehensive effectiveness score of the treatment plan, generating comprehensive effectiveness data; The anomaly detection results, root cause analysis results, treatment plan data, actual effect index data, and comprehensive effectiveness data are integrated to generate the debriefing analysis data.
8. The intelligent data governance method based on dual-database collaboration and knowledge graph as described in claim 1, characterized in that, The steps of feeding the retrospective analysis data back to the knowledge base, updating the nodes and edge relationships in the knowledge graph of the knowledge base, and generating the updated knowledge graph include: Effective handling characteristics, ineffective handling characteristics, and improvement suggestion characteristics are extracted from the retrospective analysis data to generate governance experience data. The governance experience data is transformed into knowledge graph nodes and edge data, and the node type, attribute information and edge relationship type are determined. The knowledge graph nodes and edge data are inserted into the knowledge graph of the knowledge base, and a graph structure consistency check is performed to generate an intermediate knowledge graph. For potential knowledge conflicts in the intermediate knowledge graph, a conflict resolution strategy based on confidence comparison is adopted to process them and generate a knowledge graph after conflict resolution. The association strength and confidence scores of relevant nodes in the knowledge graph after conflict resolution are updated, the importance scores of the nodes are recalculated, and the updated knowledge graph is generated.
9. The intelligent data governance method based on dual-database collaboration and knowledge graph as described in claim 1, characterized in that, The steps for adjusting the monitoring rules in the monitoring database and generating optimized monitoring rules based on the updated knowledge graph include: Extract nodes and edges directly associated with the monitoring rules from the updated knowledge graph to generate rule-related subgraph data; Analyze the pattern evolution trend in the rule association subgraph data, identify the adjustment direction and magnitude of the rule threshold, and generate rule adjustment analysis data; Based on the rule adjustment analysis data, specific rule parameter adjustment suggestions and rule logic optimization suggestions are generated, and rule adjustment scheme data is generated. The effectiveness and stability of the rule adjustment scheme data are verified in a simulation environment, and verification result data is generated. Based on the verification results, an effective rule adjustment scheme is applied to the monitoring library to update the threshold parameters and detection logic of the monitoring rules, thereby generating the optimized monitoring rules.
10. An intelligent data governance system based on dual-database collaboration and knowledge graph, characterized in that, The intelligent data governance system based on dual-database collaboration and knowledge graph includes: a memory, a processor, and an intelligent data governance program based on dual-database collaboration and knowledge graph stored on the memory and executable on the processor. The intelligent data governance program based on dual-database collaboration and knowledge graph is configured to implement the steps of the intelligent data governance method based on dual-database collaboration and knowledge graph as described in any one of claims 1 to 9.