Similarity Analysis of Alarm Sequences by a Shuffling Method

Modern telecommunication systems produce large amounts of alarm messages, and alarm management is vital for telecommunication systems’ high-quality performance. Building functional networks by observing the pair similarity between time series is a useful way to filter and reduce alarm messages. Because of the coexistence of positive and negative correlations among telecommunication devices, most of the similarity measures have troubles in computing the complex correlations. In this paper, we propose an index of measuring how much two-alarm series deviate from the uncorrelated situation to detect the correlation of both sides. Synthetic sequences verify our method. Furthermore, we apply our method to analyze telecommunication devices’ alarm correlation in a province of China. Our index of pair similarities is capable of measuring other discrete event data.

A Hybrid Alarm Association Method Based on AP Clustering and Causality

Internet of Things (IoT) brought great convenience to people’s daily lives. Meanwhile, the IoT devices are facing severe attacks from hackers and malicious attackers. Hackers and malicious attackers use various methods to invade the Internet of Things system, causing the Internet of Things to face a large number of targeted, concealed, and penetrating potential threats, which makes the privacy problem of the Internet of Things suffers serious challenges. But the existing methods and technologies cannot fully identify the attacker’s attack process and protect the privacy of the Internet of Things. Alarm correlation method can construct a complete attack scenario and identify the attacker’s intention by alarming the alarm data which provides an effective protection for user privacy. However, the existing alarm correlation methods still have the disadvantages of low correlation accuracy, poor correlation efficiency, and strong dependence on the knowledge base. To address these issues, we propose an alarm correlation method based on Affinity Propagation (AP) clustering algorithm and causal relationship. Our method considers that the alarm data triggered by the same attack process has high similarity characteristics, adopts the AP algorithm to improve the correlation efficiency, and at the same time constructs a complete attack process based on the causal correlation idea. The new alarm correlation method has a high correlation effect and builds a complete attack process to help managers identify attack intentions and prevent attacks.

Alarm Correlation in Mobile Telecommunications Networks based on k-means Cluster Analysis Method

Event correlation and root cause analysis play a fundamental role in the process of troubleshooting all technical faults and malfunctions. An in-depth, complicated multiprotocol analysis can be greatly supported or even replaced by a troubleshooting methodology based on data analysis approaches. The mobile telecommunications domain has been experiencing rapid development recently. Introduction of new technologies and services, as well as multivendor environment distributed across the same geographical area create a lot of challenges in network operation routines. Maintenance tasks have been recently becoming more and more complicated, time consuming and require big data analyses to be performed. Most network maintenance activities are completed manually by experts using raw network management information available in the network management system via multiple applications and direct database queries. With these circumstances considered, identification of network failures is a very difficult, if not an impossible task. This explains why effective yet simple tools and methods providing network operators with carefully selected, essential information are needed. Hence, in this paper efficient approximated alarm correlation algorithm based on the k-means cluster analysis method is proposed.