Junhao Ye,Yuanyuan Zhu,Lu Chen

DOI: https://doi.org/10.1109/icde55515.2023.00130

2023-01-01

Abstract:Community search on attributed graphs has been widely studied recently. Most earlier works aim to retrieve communities relevant to the query nodes Q U and query keywords Q W , and some recent works begin to focus on keyword-based attributed community search (KACS) with only query keywords Q W , aiming to return a structural cohesive community with the highest score relevant to Q W . However, these scores only consider the semantic similarity between user attributes and Q W and neglect the semantic similarity between users in the community. Thus, we propose a new community model which considers both semantic similarities and uses triangle-connected k-truss to ensure structural cohesiveness, and study the top-r keyword-based attributed community search (rKACS) problem for a given Q W to provide more candidates for users to choose the preferred communities. To find the top-r communities, we first propose the Basic algorithm, which gradually finds the communities with large scores through maximal clique enumerations. Then, we further propose an improved algorithm Incremental based on two novel optimization techniques, which can significantly reduce the search space and find the maximal cliques incrementally. Extensive experimental studies on four real-world datasets validated the effectiveness and efficiency of our methods.

Keli Zhang,Marcus Kalander,Min Zhou,Xi Zhang,Junjian Ye

DOI: https://doi.org/10.1007/978-3-030-76352-7_16

2021-01-01

Abstract:Alarm root cause analysis is a significant component in the day-to-day telecommunication network maintenance, and it is critical for efficient and accurate fault localization and failure recovery. In practice, accurate and self-adjustable alarm root cause analysis is a great challenge due to network complexity and vast amounts of alarms. A popular approach for failure root cause identification is to construct a graph with approximate edges, commonly based on either event co-occurrences or conditional independence tests. However, considerable expert knowledge is typically required for edge pruning. We propose a novel data-driven framework for root cause alarm localization, combining both causal inference and network embedding techniques. In this framework, we design a hybrid causal graph learning method (HPCI), which combines Hawkes Process with Conditional Independence tests, as well as propose a novel Causal Propagation-Based Embedding algorithm (CPBE) to infer edge weights. We subsequently discover root cause alarms in a real-time data stream by applying an influence maximization algorithm on the weighted graph. We evaluate our method on artificial data and real-world telecom data, showing a significant improvement over the best baselines.

Xiao-Niu Yang,Hong-Wa Yang,Zhen Wu,Zhe-Ming Lu

DOI: https://doi.org/10.1109/IMCCC.2013.216

2013-01-01

Abstract:For a complex network, detecting the key links is of great importance. In recent years, many community detecting algorithms have been proposed, which have both advantages and disadvantages. In this paper, we propose and compare some classical community detecting algorithms and choose the best one of them to detect the key links of the complex network.

Qun-Xiong Zhu,Yi Luo,Yan-Lin He

DOI: https://doi.org/10.1021/acs.iecr.9b02963

2019-11-04

Abstract:Process monitoring and alarm systems play an important role in production safety. Distributed alarm systems have been utilized to effectively reduce the burden of data calculations, contributing to fast-track root causes of alarms. However, the traditional distributed contribution analysis method cannot be well applied to online monitoring in time. In addition, the correlation-based variable reconstruction method cannot accurately explain the actual process. To solve this problem, a novel distributed alarm analysis model based on multicorrelation blocks and an improved contribution graph is proposed. The proposed multicorrelation blocks are based on partial least squares. The computational burden is reduced, but accuracy is ensured by multicorrelation block partial least squares. In addition, an improved alarm analysis strategy using the contribution value is adopted, so that the results of the distributed contribution analysis method can be used for essential variable analysis online. Simulation results of a case study using the Tennessee Eastman process verify the effectiveness and practicability of the proposed method and indicate that the online analysis performance in terms of actual industrial process monitoring and root cause analysis is improved.

engineering, chemical

Yi Li,Zhangbing Zhou,Shuiguang Deng,Xiao Sun,Xiao Xue,Sami Yangui,Walid Gaaloul

DOI: https://doi.org/10.1109/icws62655.2024.00077

2024-01-01

Abstract:Anomaly detection is a long-standing research topic to support the prompt remedy of potential risks for dependency-aware tasks, where Graph Neural Networks (GNNs) models have been adopted to differentiate anomalies from normal patterns. Generally, GNN models utilize time series data to construct graph structures for capturing task dependencies between Internet of Things (IoT) devices, such that deviations from predicted behaviours are assumed as anomalies. Current forecasting-based anomaly detection methods can hardly detect anomalies, which are uncovered by historical sensory data, but are explicitly specified by domain knowledge. To solve this issue, this paper proposes a Knowledge-enhanced graph attention-based Anomaly Detection (KeAD) method. Specifically, a knowledge-enhanced graph structure is constructed by incorporating domain-specific knowledge to represent spatio-temporal dependencies between IoT devices. Thereafter, a knowledge-enhanced graph attention-based forecasting network is developed to predict future behaviours of IoT devices. Anomalies are detected by analyzing deviations from these predicted behaviours, taking domain-specific knowledge into account. Extensive experiments are conducted based on publicly-available datasets, and evaluation results demonstrate that our KeAD outperform the state-of-the-art techniques in terms of the accuracy of anomaly detection.

宋珊珊,李建华,张少俊

DOI: https://doi.org/10.3969/j.issn.1009-8054.2009.07.041

2009-01-01

Abstract:Network alarm causal correlation technology can help network administrators construct attack scenarios and take timely responses by unveiling the causal relationship of intrusion alarms. Existing causal correlation technologies is mainly based on predefined correlation knowledge base, and cannot adapt to the appearance of new network attack types. This paper presents a data mining based method for constructing causal correlation knowledge database. By implementing this method, the self-improvement of the knowledge base is achieved and the failure rate of alarm correlation reduced.

Wenxin Guo,Liuhong Wei,Fushuan Wen,Zhiwei Liao,Junhui Liang,Chung-Li Tseng

DOI: https://doi.org/10.1109/SUPERGEN.2009.5347900

2009-01-01

Abstract:The volume of alarm messages could be very large in modern large-scale power systems. Many intelligent methods have been developed for alarm processing in order to provide summarized and synthesized information instead of a flood of raw alarm data. The timestamps of alarms represent the temporal relationship among event occurrences. However, the temporal information has not yet been appropriately utilized in traditional intelligent methods. A temporal constraint network (TCN) is a kind of directed acyclic graph (DAG) which is of promise for the representation of temporal logics. Based on TCN, an on-line intelligent alarm analyzer with the temporal information of alarms taken into account is proposed for on-line operational environment. The advanced intelligent alarm analyzer is able to infer what events cause the reported alarms and to estimate when these events occurred, as well as to identify the abnormal or missing alarms. Finally, a case study is served for demonstrating the feasibility and efficiency of the proposed method.

Wang Jiandong,Yang Zijiang,Zhou Donghua

2019-01-01

Abstract:The invention belongs to the technical field of industrial alarm system management, in particular to an industrial alarm root cause identification method based on a probability graph model, comprisingthe steps of obtaining alarm variables and alarm root cause variables, calculating probabilities when each alarm root cause variable is 1 and 0; obtaining the probability when the alarm variable is 0and 1 under the given condition, and composing a prior condition probability parameter set theta; adopting the prior conditional probability theta (t) of the current data sample X (t) to theta for on-line iterative updating, wherein when the alert variable is calculated to be xa, the alarm source variable is derived from the posterior conditional probability; calculating the posterior probabilityvector when the alarm variable is 1, classifying the elements of the vector in descending order, wherein the first row element is the source of the alarm; determining if the alarm source of the alarmvariable is not a known source. The present invention can solve the problems of inaccurate identification of alarm source caused by factors such as omission of alarm and false alarm, coexistence of multiple alarm sources and incompleteness of known alarm sources, etc. in current identification of alarm source.

Qiuhua Zheng,Weihua Hu,Yuntao Qian,Min Yao,Xianglin Wang,Jing Chen

DOI: https://doi.org/10.1109/FSKD.2008.163

2008-01-01

Abstract:This paper proposes a novel network event correlation approach based on set covering. Firstly, we present a triple-layer belief network FPM by considering alarm loss and spurious faults into the bipartite graph FPM which used by IHU algorithm, then present the measurement of fault hypothesis. On basic of this model, we present a recursive algorithm for creating fault hypotheses. Compared with the IHU-based approach, the RHC algorithm can get all hypotheses which satisfy the relevance and non-redundant indexes during the hypotheses creating procedure. Simulations show the RHC algorithm is more accuracy than the IHU algorithm, especially in the circumstances with alarm losses and spurious alarms.

Jing Ma,Yaohui Pan,Chih-Yi Su

DOI: https://doi.org/10.1007/s11192-021-04219-z

IF: 3.801

2022-01-18

Scientometrics

Abstract:This study aims to investigate how to test and assess the dichotomy of roles from an organization-oriented perspective for technology opportunity analysis, in context of the development of technological knowledge networks. We present a future oriented framework based on the link prediction methods. An empirical study of Alzheimer’s disease (AD) related patents was conducted to illustrate this framework. The results show that link prediction indices are feasible and effective for predicting emerging links. Organizations differ in their predictive ability as knowledge providers and being predicted as knowledge consumers. The framework and results in this study offer a new clue to understand innovation activities and broaden organizations’ technological frontiers.

information science & library science,computer science, interdisciplinary applications

Jianfeng Zhu,Chunli Wang,Chuankun Li,Xinjiang Gao,Jinsong Zhao

DOI: https://doi.org/10.1016/j.cjche.2016.04.017

IF: 3.8

2016-01-01

Chinese Journal of Chemical Engineering

Abstract:Alarm systems play important roles for the safe and efficient operation of modern industrial plants. Critical alarms are configured with a higher priority and are safety related among many other alarms. If critical alarms can be predicted in advance, the operator will have more time to prevent them from happening. In this paper,we present a dynamic alarm prediction algorithm, which is a probabilistic model that utilizes alarm data from distributed control system, to calculate the occurrence probability of critical alarms. It accounts for the local interdependences among the alarms using the n-gram model, which occur because of the nonlinear relationships between variables. Finally, the dynamic alarm prediction algorithm is applied to an industrial case study.

Lingyu Zhang,Jiabao Zhao,Min Zhang

DOI: https://doi.org/10.1109/icnsc48988.2020.9238084

2020-01-01

Abstract:With the development of Internet technology, IT systems are getting more and more complex, in which there are two main relationships among system components: service call relationship and deployment configuration relationship. Once a local anomaly occurs in the system, it tends to spread, triggering emergent and dense concurrent alarms. Hence, it is important to quickly and precisely locate the root cause of concurrent alarms. In this paper, we first construct an anomaly propagation graph using collected system data. Then, based on the graph, we propose two optional algorithms: random walk and state iteration, to track anomaly propagation process and locate the root cause. Simulation experiments demonstrate that our proposed method can localize root causes correctly and rapidly for scenarios with complex call chains and resource competition, and is robust to alarm error. The proposed method pays more attention to system characteristics and depends little on experience knowledge of IT operators.

Chang Guo,Dechang Pi,Jianjun Cao,Xixuan Wang,Hao Liu

DOI: https://doi.org/10.1007/s12652-022-04493-6

IF: 3.662

2022-12-20

Journal of Ambient Intelligence and Humanized Computing

Abstract:The control system is an important part of the industrial infrastructure. Once the abnormal is likely to cause equipment failure, production interruption and other serious consequences, a timely and effective anomaly detection method is of great significance to the industrial control system. This paper presents a predictive maintenance strategy–early warning model that includes two modules, prediction and alarm, which can also realize online status monitoring. In the prediction module, a two-channel input model using a graphical neural network and a temporal convolutional network, and the graph structure learning module in the graph neural network is improved to optimize the graph structure. For the alarm module, combining expert experience and mathematical statistics knowledge, a hierarchical alarm mechanism based on abnormal scores and abnormal interval accumulation is proposed. We use the real data to verify the performance of the prediction algorithm and the effectiveness of the early warning index. Experimental results with the real data and the open data show that the prediction performance of the proposed early-warning model is better than the state-of-the-art methods. On the real TRT dataset, the evaluation indicator MAPE is 6.5693%, and on the open dataset, MAPE is 1.3368%. At the same time, its early-warning performance is better than the existing automatic interpretation and manual interpretation methods on the industrial internet.

computer science, information systems,telecommunications, artificial intelligence

Wei Chen,Hui Qu,Kuo Chi

DOI: https://doi.org/10.3390/su13021003

IF: 3.9

2021-01-19

Sustainability

Abstract:To enhance competitiveness and protect interest, an increasing number of organizations cooperate on patent applications. Partner selection has attracted much more attention because it directly affects the success of patent cooperation. By collecting some cooperative patents applied for by different categories of organizations in China from 2007 to 2015, an interorganizational patent cooperation network was built for this paper. After analyzing certain basic properties of the network, it was found that the network possessed some typical characteristics of social networks. Moreover, the network could be divided into communities, and three communities were selected to analyze as representative. Furthermore, to explore the partner selection in the patent cooperation network, eight link prediction approaches commonly used in social networks were introduced to run on another interorganizational patent cooperation network built by the patents applied for in 2016. The precision metric results of the eight link prediction approaches show that they are effective in partnership prediction; in particular, the Common Neighbors (CN) index can be effectively applied to the selection of unfamiliar partners for organizations in patent cooperation. Moreover, this paper also verified the trust transitivity based not only on historical cooperation but also on geographical location, and the complementarity of capabilities still plays an important role in partner selection for organizations.

environmental sciences,environmental studies,green & sustainable science & technology

Min Li,Mengyuan Yang,Pengfei Chen

DOI: https://doi.org/10.3389/fcomp.2023.1211739

2023-07-06

Frontiers in Computer Science

Abstract:With the growing demand for data computation and communication, the size and complexity of communication networks have grown significantly. However, due to hardware and software problems, in a large-scale communication network (e.g., telecommunication network), the daily alarm events are massive, e.g., millions of alarms occur in a serious failure, which contains crucial information such as the time, content, and device of exceptions. With the expansion of the communication network, the number of components and their interactions become more complex, leading to numerous alarm events and complex alarm propagation. Moreover, these alarm events are redundant and consume much effort to resolve. To reduce alarms and pinpoint root causes from them, we propose a data-driven and unsupervised alarm analysis framework, which can effectively compress massive alarm events and improve the efficiency of root cause localization. In our framework, an offline learning procedure obtains results of association reduction based on a period of historical alarms. Then, an online analysis procedure matches and compresses real-time alarms and generates root cause groups. The evaluation is based on real communication network alarms from telecom operators, and the results show that our method can associate and reduce communication network alarms with an accuracy of more than 91%, reducing more than 62% of redundant alarms. In addition, we validate it on fault data coming from a microservices system, and it achieves an accuracy of 95% in root cause location. Compared with existing methods, the proposed method is more suitable for operation and maintenance analysis in communication networks.

Hongyu Yang,Le Zhang,Xugao Zhang,Jiyong Zhang

DOI: https://doi.org/10.1007/s11036-021-01837-y

2021-10-27

Mobile Networks and Applications

Abstract:With the rapid development of the Internet of things (IoT) technology, how to effectively predict the network security situation of the IoT has become particularly important. It is difficult to quantify the IoT network situation due to a large number of historical data dimensions, and there are also has the problem of low accuracy for IoT network security situation prediction with multi-peak changes. To solve the above problems, this paper proposed an adaptive IoT network security situation prediction model, which makes the IoT network security situation prediction accuracy higher. Firstly, the paper used the entropy correlation method to calculate the network security situation value sequence in each quantization period according to Alarm Frequency (AF), Alarm Criticality (AC), and Alarm Severity (AS). Then, the security situation values arranged in time series are fragmented through the sliding window mechanism, and then the adaptive cubic exponential smoothing method is used to initially generate the IoT network security situation prediction results. Finally, the paper built the time-varying weighted Markov chain to predict the error value and modify the initial predicted value based on the error state. The experimental results show that the model has a better fitting effect and higher prediction accuracy than other models, and this model’s determination coefficient is 0.811. Compared with the other two models, the sum of squared errors in this model is reduced by 78 %-82 %. The model can better reflect the changes in the IoT network security situation over a while.

computer science, information systems,telecommunications, hardware & architecture

Wu Jian,Li Xing Ming

DOI: https://doi.org/10.1109/COMSWA.2008.4554520

2008-01-01

Abstract:Nowadays, communication network turns to be more complex, once there occurs a failure, there will result in multi-alarm-events which require relevant transactions. This paper describes the alarm correlation in communication networks based on data mining. The association rules from self-adaptation for dynamic net-work resource and service that build new rule by fully utilizing and maintaining rules formed before while transactions grow/delete or minimum support changes which enables the framework is easily updated and new discovery methods be readily incorporated within it. Both theoretical analysis and computer simulations illustrate outstanding performance of the proposed models, which can be further optimized by experiments for specific environment.

Fan Yang,Sirish Lalji Shah,Deyun Xiao,Tongwen Chen

DOI: https://doi.org/10.1016/j.isatra.2012.03.005

IF: 7.3

2012-01-01

ISA Transactions

Abstract:The problem of multivariate alarm analysis and rationalization is complex and important in the area of smart alarm management due to the interrelationships between variables. The technique of capturing and visualizing the correlation information, especially from historical alarm data directly, is beneficial for further analysis. In this paper, the Gaussian kernel method is applied to generate pseudo continuous time series from the original binary alarm data. This can reduce the influence of missed, false, and chattering alarms. By taking into account time lags between alarm variables, a correlation color map of the transformed or pseudo data is used to show clusters of correlated variables with the alarm tags reordered to better group the correlated alarms. Thereafter correlation and redundancy information can be easily found and used to improve the alarm settings; and statistical methods such as singular value decomposition techniques can be applied within each cluster to help design multivariate alarm strategies. Industrial case studies are given to illustrate the practicality and efficacy of the proposed method. This improved method is shown to be better than the alarm similarity color map when applied in the analysis of industrial alarm data.

Wu Ping,Zhu Donglai

DOI: https://doi.org/10.3969/j.issn.1000-386X.2008.03.066

2008-01-01

Abstract:Fault diagnosis and location is the vital core of network management.Data mining provides a new approach to knowledge update during the analysis of alarm correlation.Based on the research on network weighted alarm association rules,the network alarm correlation mining system is designed and implemented.The system is valuable and useful to the alarm correlation analysis and fault diagnosis and location in networks.

Shaojun Zhang,Jianhua Li,Xiuzhen Chen,Lei Fan

DOI: https://doi.org/10.1016/j.cose.2008.05.005

IF: 5.105

2008-01-01

Computers & Security

Abstract:Most network administrators have got unpleasant experience of being overwhelmed by tremendous unstructured network security alerts produced by heterogeneous devices. To date, various approaches have been proposed to correlate security alerts, including the adoption of attack graphs to clarify their causal relationship. However, there still lacks an efficient and operational method to generate attack graphs tailored to alert causal correlation. In this paper, we propose a kind of ''one-step worst'' attack graph which can be built in polynomial time using an intuitive object-oriented method. Based on the graph, a principle is given out to correlate security alerts into scenarios. To prove its feasibility, we implemented a prototype system which can efficiently divide real-time alert streams into plausible attack scenarios.