跳到主要內容

臺灣博碩士論文加值系統

(2600:1f28:365:80b0:1742:3a1e:c308:7608) 您好!臺灣時間:2024/12/08 08:37
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:謝智聿
研究生(外文):Chih-Yu Hsieh
論文名稱:以序列探勘理論實作之網路異常型樣驗證
論文名稱(外文):Network Anomalous Pattern Identification Using Sequence Mining Method
指導教授:劉安之劉安之引用關係
學位類別:碩士
校院名稱:逢甲大學
系所名稱:資訊工程所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2002
畢業學年度:90
語文別:中文
論文頁數:88
中文關鍵詞:錯誤知識模型事件萃取序列型樣
外文關鍵詞:Event ExtractSequence PatternFault Knowledge Model
相關次數:
  • 被引用被引用:6
  • 點閱點閱:198
  • 評分評分:
  • 下載下載:20
  • 收藏至我的研究室書目清單書目收藏:1
在網路的快速建構與擴張下,網路環境日益複雜及龐大,使得網路管理系統的建置更加不易,而網路管理系統的建置重點為事件關聯規則即錯誤知識庫,意即當網路發生問題時,所伴隨發生的事件即為判斷錯誤根源的最佳來源,而透過網路問題或錯誤的行為知識的建立,才得以完成完善的網路管理系統實作。在大部分的案例當中,網路的錯誤行為知識的建立是需要網管專家去驗證問題的型樣的,但是這樣的推導過程方式是非常耗時間以及容易出錯的,所以我們依據網管專家所累積的經驗設計一個半自動化的事件型樣驗證系統,讓系統可以輔助網管專家分析異常的事件型樣,使其網路問題的行為知識的建立能更快且更有效率,將可大大的縮短網管系統建置所需的時程。
在本篇論文中,我們提出在網路管理的平台上,如何結合廣為探討的序列探勘演算法來實作一個網路異常事件型樣的驗證系統,並配合已有的網管系統錯誤知識模型定義,去建構一個以半自動並輔以專家互動的系統,能有效、迅速並正確的擷取網路中所發生的重要事件序列型樣,並經由網管專家的驗證後得以加入網管系統的錯誤行為知識庫當中,使得網管系統錯誤知識的建立更快速有效。
首先,我們提出事件萃取模組,設計以靜態和動態的方式來萃取網路環境中異常的事件,並透過不同的方式來展示事件、設備及時間的三維互動關係,以使網管專家能對於網路異常事件的發生能作初步的設想及歸納。
其次,為使找出的事件序列型樣能符合網路錯誤知識模型的定義,我們設計一序列資料探勘演算法,使驗證過後的事件序列型樣可以符合錯誤知識模型的需求。
最後,以實際網路所驗證出來的事件序列型樣,加以說明整個系統的操作流程及結果,並以網管專家的角度來驗證所得與本系統驗證出來的事件序列型樣作比較,並以一合理的方式來解釋其驗證的正確性。
Since network constructs and extends rapidly, network environment is getting more and more complicated and immense. It makes the construction of network management system harder. The developing point of network management system is the event correlation rule, the fault knowledge base. It means that if there is something wrong with the network, the following events are the best source to gauge the fault root. We can achieve faultless realizing of network management system by setting up the behavior knowledge of network problems or faults.
Among the most cases, it requires experts to identify the event patterns but it takes time and is easy to get error in the process of reasoning. Therefore, according to the experiences accumulated by network manager, we design a semi-automatic event pattern identification system to help network experts analyze anomalous event patterns. It helps to build the behavior knowledge of network problem faster and more effectively and the needed time would be much shortened.
In this thesis, we propose a sequence mining algorithm that is generally explored to produce an identifying system of network anomalous pattern. With the definition of the fault knowledge model of network management system, we can construct a semi-automatic system that interacts with the experts to gather the important event sequence pattern happened in the network effectively. After being identified the event sequence pattern by network experts, we can put the result into the fault knowledge base of network management system to make it faster and more effectively to build up the fault knowledge of network management system.
First, we offer event extraction module and design a static and dynamic way to get the anomalous event in a network environment. Meanwhile we would display the 3-D interaction relation between the events, equipment and time to help the network expert assume and generalize at the time the anomalous pattern happens in the network.
Second, in order to make the event sequence pattern that we find out to conform to the definition of network fault knowledge model, we design a sequence mining algorithm. Thus, the identified event sequence patterns are able to conform to the requirement of fault knowledge model.
Finally, we explain the whole processes and results of the entire system by the identified event sequence pattern from a real network. Besides, we will compare and explain the accuracy of the result identified by network experts with the event sequence pattern identified by our system.
摘要2
ABSTRACT4
章節目錄6
表格目錄10
第一章 導論11
1.1 研究動機及目的11
1.2 系統架構12
1.3 論文章節概要13
第二章 相關研究14
2.1 警訊與事件的意義14
2.3 網路異常事件型樣的驗證15
2.4 NAPIS系統18
第三章 網路異常型樣驗證流程之探討20
3.1 知識萃取流程分析20
3.1.1 資料探勘型樣萃取程序20
3.1.2 網路錯誤分析模組28
3.1.3 融合錯誤分析模組之知識萃取31
3.2 三階段式驗證系統架構33
3.2.1 事件的萃取彙整34
3.2.2 型樣探勘演算法38
3.2.3 型樣結果後端處理42
第四章 探勘演算法之考量與設計43
4.1 網路錯誤蔓延時空解析43
4.1.1 錯誤蔓延的三個種類44
4.1.2 事件的偶發性質47
4.1.3 序列的多樣性49
4.2 序列探勘器之設計50
4.2.1 順序式探勘演算法修改52
4.2.2 眾多事件序列收斂機制53
4.3 知識表示與回饋機制54
4.3.1 規則描述語法54
4.3.2 知識轉換介面55
第五章 系統實作56
5.1 NAPIS系統架構56
5.2實驗環境58
5.3事件萃取與瀏覽器實作59
5.4序列探勘器的實作64
5.4.1順序式探勘器運作流程圖65
5.4.2錯誤實驗67
5.4.3網路歷史資訊的事件型樣探勘72
5.5系統經驗與結果分析76
5.5.1 解決人工方式數據分析效率問題77
5.5.2 NAPIS網路異常型樣驗證系統的速度瓶頸與極限78
5.5.3 支持度設定範圍與修正調整建議78
第六章 結論與未來展望80
參考文獻82
附錄87
附錄A、事件的種類87
[ALSA97]K. Alsabti, S.Ranka, and V. Singh, “An Efficient K-Means Clustering Algorithm” PPS/SPDP Workshop on High performance Data Mining, 1997.[AGRA93]R. Agrawal, T. Imielinski, and A. Swami. “Mining Association Rules Between Sets of Items in Large Databases” Proc. of Very Large Data Bases, PP. 207—216 , 1993.[AGRA95]R. Agrawal and R. Strikant “Mining sequential pattern” Proc. 1995 Int. Conf. Data Engineering, PP. 3—14 , 1995. [BURN01]L. Burns, J.L. Hellerstein, S. Ma, C.S. Pernf, D.A. Rabenhorst and D.J. Taylor “Towards Discovery of Event Correlation Rules” Integrated Network Management Proceedings, 2001 IEEE/IFIP International Symposium on 2001, PP. 345 —359 [COOL97]R. Cooley, J. Srivastava, and B. Mobasher. “Web mining: information and pattern discovery on the world wide web” 9th IEEE International Conference on Tools with Artificial Intelligence (ICTAI’97), 1997.[FAYY96a]U. M. Fayyad, G. Piatetsky-Shapiro, and P. Smyth. “The KDD process for extracting useful knowledge from volumes of data” Communications of the ACM, 39(11): PP. 27-34, 1996.[FAYY96b]U. M. Fayyad, G. Piatetsky-Shapiro, and P. Smyth. “From data mining to knowledge discovery: An overview” Advance in Knowledge Discovery and Data Mining, PP.1-34 AAAI Press, Menlo Park, CA,1996.[GARD97]D. Robert Gardner and David A. Harle. “Fault resolution and alarm correlation in high-speed networks using database mining techniques” Information, Communications and Signal Processing, 1997. ICICS., Proceedings of 1997 International Conference on , Vol 3 , PP. 1423 -1427 1997.[GARD98]Robert D. Gardner and David A. Harle. “Pattern discovery and specification techniques for alarm correlation” Network Operations and Management Symposium, 1998. NOMS 98., IEEE , vol.3, PP. 713 -722 1998[HOLL99]Ho, L.L.; Cavuto, D.J.; Hasan, M.Z.; Feather, F.E.; Papavassiliou, S.; Zawadzki, A.G “Adaptive network/service fault detection in transaction-oriented wide area networks” Integrated Network Management, 1999. Distributed Management for the Networked Millennium. Proceedings of the Sixth IFIP/IEEE International Symposium on , 1999 PP. 761 —775[HARR94]Harrison, K.A., INCL, Hewlett-Packard Bristol Laboratories, “Event Correlation in Telecommunications Network Management” 20-09-1994.[HPCO95]Hewlett-Packard Company, “Event Correlation Services Designer’s Reference” 24-11- 1995.[KLEM96]Kimmo Hatonen, Mika Klemettinen, Heikki Mannila, Pirjo Ronkainen, and Hannu Toivonen “TASA: Telecommunication Alarm Sequence Analyzer or how to enjoy faults in your network, ” Network Operations and Management Symposium, IEEE , vol.2 , PP. 520 —529 1996.[KLEM97]Mika Klemettinen, Heikki Mannila, Pirjo Ronkainen, and Hannu Toivonen “A data mining methodology and its application to semi-automatic knowledge acquisition” Proceedings of the 8th International Workshop on Database and Expert Systems Applications (DEXA’97), PP. 670—677, Toulouse, France, 1997. IEEE Computer Society Press.[KLEM99]M. Klemettinen, H. Mannila, H. Toivonen. “Interactive exploration of interesting findings in the Telecommunication Network Alarm Sequence Analyzer TASA” Information and Software Technology 41 , PP. 557-567 1999[LAWR01]L. Lawrence Ho, David J. Cavuto, Symeon Papavassiliou, and Anthony G. Zawadzki “Adative Anomaly Detection in Transaction Oriented Networks” Journal of Network and Systems Management. Vol. 9. No. 2 PP:139-159, 2001[LEIN96]Allen. Leinwand, Karen Fang. Conroy “Network Management-A Practical Perspective” Addision Wesley. , 1996[LEE01]S. H. Lee “Network Fault Identification with Temporal Consideration” Master Thesis, Institute of Information Engineering, Feng Chia University, Jan 2000[MANN95]H. Mannila, H. Toivonen. and I. Verkamo. “Discovering frequent episodes in sequences” of frequent episodes in event sequences” In Proceedings of the First Int’l Conference on Knowledge Discovery and Data Mining (KDD’95), PP. 210-215 , 1995. [MANN96]H. Mannila and H. Toivonen.. “Discovering generalized episodes using minimal occurences” In Proceedings of the Second Int’l Conference on Knowledge Discovery and Data Mining (KDD’96), PP.146-151, 1996.[MANN97]H. Mannila, H. Toivonen. and A. Verkamo. “Discovery of frequent episodes in event sequences” Data Mining and Knowledge Discovery, 1(3) , 1997.[MARI 99]Marina Thottan “Fault prediction at the network layer using intelligent agents” Integrated Network Management, Distributed Management for the Networked Millennium. Proceedings of the Sixth IFIP/IEEE International Symposium on , PP. 745 —759, 1999[MIKA97]Mika Klemettinen, Heikki Mannila and Hannu Toivonen. “A data mining methodology and its application to semi-automatic knowledge acquisition” Database and Expert Systems Applications, Proceedings., Eighth International Workshop on , PP: 670 —677 1997.[NG94]R. T. Ng and J. Han, “Efficient and Effective Clustering Methods for Spatial Data Mining” Proc of the 20th Int'1 Conf. On Very Large Database, Santiago, Chile, PP: 144—155, 1994.[PAPA00]Papavassiliou, S.; Pace, M.; Zawadzki, A. “Proactive maintenance tools for transaction oriented wide area networks” Network Operations and Management Symposium, 2000. NOMS 2000. 2000 IEEE/IFIP, PP. 847 —860, 2000[QUIL86]“Induction of decision trees” Machine Learning, PP. 81-106,1986[QUIL93]“C4.5: Programs for Machine Learning” 1993[RICA 01]Ricardo Vilalta and Sheng Ma and Joseph Hellerstein “Rule Induction of Computer Events” 12th International Worshop on Distributed Systems: Operations and Management DSOM''2001 Nancy France, October 15-17, 2001.[THOT 01]Marina Thottan “MIB variable based fault classification:the next step towards proactive management” Integrated Network Management Proceedings, 2001 IEEE/IFIP International Symposium on , PP. 469 —481, 2001[YU99]C. H. Yu, An Experiment-based Knowledge Database of Local Area Network Fault Behavior, Master Thesis, Institute of Information Engineering, Feng Chia University, Jun. 1999.[ZHU01]Dong Zhu,Adarshpal S. Sethi “SEL, A New Event Pattern Specification Language for Event Correlation” Computer Communications and Networks, 2001. Proceedings. Tenth International Conference on, PP. 586 -589 , 2001.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top