北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2020, Vol. 43 ›› Issue (2): 23-28.doi: 10.13190/j.jbupt.2019-113

• 论文 • 上一篇    下一篇

基于Rete规则推理的告警关联性分析

杨杨1, 石晓丹1, 宋双1, 霍永华2, 陈连栋3   

  1. 1. 北京邮电大学 网络与交换技术国家重点实验室, 北京 100876;
    2. 中国电子科技集团公司 第五十四研究所, 石家庄 050000;
    3. 国网河北省电力有限公司 信息通信分公司, 石家庄 050022
  • 收稿日期:2019-06-13 发布日期:2020-04-28
  • 作者简介:杨杨(1981-),女,副教授,E-mail:yyang@bupt.edu.cn.
  • 基金资助:
    国家重点研发计划项目(2019YFB2103200);中央高校基本科研业务费资助项目(500419319 2019PTB-019);2018年工业互联网创新发展工程项目

Alarm Correlation Analysis Based on Rete Rule Reasoning

YANG Yang1, SHI Xiao-dan1, SONG Shuang1, HUO Yong-hua2, CHEN Lian-dong3   

  1. 1. State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China;
    2. The 54 th Research Institute of CETC, Shijiazhuang 050000, China;
    3. State Grid Hebei Electric Power Company Limited Information and Telecommunication Branch, Shijiazhuang 050022, China
  • Received:2019-06-13 Published:2020-04-28

摘要: 针对现有规则推理算法无法实现在当前大规模复杂多变的网络环境中准确、实时地推理告警规则的问题,提出了一种改进的规则推理算法Im_Rete.该算法结合网络告警数据的特点,采用面向告警缺失的模糊推理策略和基于概率关联模型的事实传播策略,在提高推理准确性的同时平衡推理速度,能够更加有效地对告警进行关联分析.通过仿真实验进行对比分析,结果表明Im_Rete算法在推理速度和准确性方面均具有较好的性能.

关键词: 告警, 关联性, 规则推理, 模糊逻辑

Abstract: With the continuous development of networks, alarm correlation analysis has received extensive attention as an important means of fault diagnosis. However, in a complex network environment, problems such as link interruption, congestion caused by network faults may result in the loss of alarm data, and the amount of transient alarms caused by fault propagation may be massive. These problems make existing rule-based reasoning algorithms are difficult to meet the accuracy and real-time requirements of root cause alarm reasoning. The algorithm based on the characteristics of network alarm uses fuzzy logic-based reasoning strategies and fact-based communication strategies based on probabilistic association models to balance the speed of reasoning while improving the accuracy of reasoning. The algorithm can more effectively correlate alarms. Finally, through simulation experiments, the experimental results show that the Im_Rete algorithm has better performance in terms of speed and accuracy.

Key words: alarm, correlation, rule reasoning, fuzzy logic

中图分类号: