CN116016121B - Method, device, equipment and storage medium for determining associated data of alarm data - Google Patents

Abstract

The present application provides a method, device, equipment and storage medium for determining associated data of alarm data. The method includes: obtaining alarm data and a network topology diagram, the network topology diagram including the association relationship between the alarm devices that generate the alarm data, and the alarm devices include physical devices and virtual devices; The alarm data is mined to obtain a plurality of initial association rules, the initial association rules include two interrelated alarm data; according to the network topology map, the two alarm data in the plurality of initial association rules correspond to The initial association rule that has an association relationship between the alarm devices is determined as the target association rule; according to the target association rule, the associated data associated with the alarm data to be analyzed is determined. The method of the present application improves the mining accuracy of association rules.

Description

Method, device, equipment and storage medium for determining associated data of alarm data

technical field

The present application relates to communication technology, and in particular to a method, device, device and storage medium for determining associated data of alarm data.

Background technique

In the telecommunications network, management service operation and maintenance face millions of massive alarm data every day, and there are many problems in the traditional alarm processing method. For example, the monitoring workload is heavy and the manual load is high; the phenomenon of alarm swiping is easy to occur, resulting in the failure to find important alarms in time, resulting in delays in alarm processing; simultaneous processing of multiple alarms of the same root cause waste of resources, etc.

Therefore, at present, all alarms in a certain period of time are usually obtained, and the alarms are used as the input of the association rule algorithm through the association rule algorithm to generate association rules between alarms.

However, most of the association rules obtained through the above methods are algorithmically related but not logically related, and there are many invalid association rules, resulting in low closed-loop efficiency and inaccurate association rules.

Contents of the invention

The present application provides a method, device, device, and storage medium for determining associated data of alarm data, which are used to solve the problem of inaccurate association rules of alarm data currently obtained through association rule algorithms.

In a first aspect, the present application provides a method for determining associated data of alarm data, including:

Acquiring alarm data and a network topology diagram, the network topology diagram including associations between alarm devices that generate the alarm data, the alarm devices including physical devices and virtual devices;

Mining the alarm data based on preset mining rules to obtain a plurality of initial association rules, the initial association rules including two associated alarm data;

According to the network topology diagram, an initial association rule with an association relationship between alarm devices corresponding to two alarm data among the plurality of initial association rules is determined as a target association rule;

According to the target association rule, the association data associated with the alarm data to be analyzed is determined.

In a second aspect, the present application provides an apparatus for determining associated data of alarm data, including:

An information acquisition module, configured to acquire alarm data and a network topology diagram, the network topology diagram including associations between alarm devices that generate the alarm data, and the alarm devices include physical devices and virtual devices;

A rule mining module, configured to mine the alarm data based on preset mining rules to obtain a plurality of initial association rules, the initial association rules including two associated alarm data;

The target association rule determining module is configured to determine, according to the network topology diagram, an initial association rule in the plurality of initial association rules that has an association relationship between alarm devices corresponding to two alarm data as a target association rule.

An associated data determining module, configured to determine associated data associated with the alarm data to be analyzed according to the target association rule.

In a third aspect, the present application provides an electronic device, including: a processor, and a memory communicatively connected to the processor; the memory stores computer-executable instructions; the processor executes the computer-executable instructions stored in the memory, To realize the method described in the first aspect.

In a fourth aspect, the present application provides a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and the computer-executable instructions are used to implement the alarm data described in the first aspect when executed by a processor Linked data determination method.

In a fifth aspect, the present application provides a computer program product, including a computer program, and when the computer program is executed by a processor, the method described in the first aspect is implemented.

The method for determining associated data of alarm data provided in this application obtains alarm data and a network topology map, and the network topology map includes the association relationship between alarm devices that generate alarm data, and the alarm devices include physical devices and virtual devices; based on preset Mining rules Mining the alarm data to obtain multiple initial association rules, the initial association rules include two related alarm data; The initial association rule with association relationship is determined as the target association rule; according to the target association rule, the associated data associated with the alarm data to be analyzed is determined. Since the network topology diagram includes the association relationship between the alarm devices that generate the alarm data, the logical relationship between the alarm data can be determined through the network topology diagram, that is, the alarm data is mined through the preset mining rules. After obtaining multiple initial association rules, verify whether there is a logical relationship in the multiple initial association rules through the network topology diagram, and filter out the initial association rules that fail the verification, you can get both algorithm association and logic The associated association rules ensure the accuracy of the obtained target association rules, thereby improving the accuracy of the associated data determined through the target association rules and corresponding to the alarm data to be analyzed.

Description of drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description serve to explain the principles of the application.

Fig. 1 is a method flowchart of a method for determining associated data of alarm data according to an exemplary embodiment;

Fig. 2 is a kind of network topology diagram shown according to the embodiment of Fig. 1;

Fig. 3 is a method flowchart of a method for determining associated data of alarm data according to another exemplary embodiment;

Fig. 4 is a specific implementation flowchart of the method for determining associated data of alarm data according to the embodiment shown in Fig. 3;

Fig. 5 is a method flowchart of a method for determining associated data of alarm data according to yet another exemplary embodiment;

Fig. 6 is a block diagram of an apparatus for determining associated data of alarm data according to an exemplary embodiment;

Fig. 7 is a schematic structural diagram of an electronic device according to an exemplary embodiment.

By means of the above drawings, specific embodiments of the present application have been shown, which will be described in more detail hereinafter. These drawings and text descriptions are not intended to limit the scope of the concept of the application in any way, but to illustrate the concept of the application for those skilled in the art by referring to specific embodiments.

Detailed ways

Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with this application. Rather, they are merely examples of apparatuses and methods consistent with aspects of the present application as recited in the appended claims.

First, the nouns involved in this application are explained:

Alarm data means that when the alarm system fails, the monitoring unit will give an alarm signal depending on the failure situation. Generally, an alarm can be represented by one or more of the time when the alarm occurred, the name of the device where the alarm occurred, the type or name of the alarm, and the time when the alarm was cleared.

Itemsets, single itemsets, k-itemsets and frequent itemsets, where a collection of items is called an itemset. An itemset that contains k items can be called a k-itemset. When k=1, the item set can also be called a single item set. Frequent itemsets are itemsets that appear frequently in a large number of databases. In this application, the items in the itemset are alarms, so the itemset may also be called an alarm itemset or an event itemset.

Support refers to the proportion of an item set in the entire data set.

Confidence, which is defined for an association rule. Given the occurrence of A, the probability of B appearing is deduced from the association rule "A->B".

Association rules, association rules are obtained on the basis of frequent itemsets. Association rules mean that from itemset A, itemset B can be deduced under a certain degree of confidence.

Network topology, network topology refers to the physical layout of various devices interconnected by transmission media, and is a specific physical (that is, real) or logical (that is, virtual) arrangement of devices that constitute a network. If two networks have the same connection structure, we say that their network topology is the same, although their respective internal physical wiring and distance between nodes may be different.

With the development and popularization of virtualized networks, network architectures are becoming more and more complex. Alarms generated by network devices have evolved from original hardware devices to complex alarms that interact and interact with each other between hardware devices and virtual devices. In this context, the number of alarms has increased exponentially. Network operation and maintenance personnel still use the traditional monitoring method in the face of millions of alarms, and there are the following problems: the number of alarms is too large to be fully monitored; important alarms are covered by a large number of alarms and are easy to be missed; Insufficient experience accumulation makes it difficult to sort out all the association rules; the network topology is complex, and the failure of any node on the network structure may affect other nodes. It is becoming more and more difficult to manually sort out the root causes of a large number of alarms. In this context, how to obtain accurate and practical association rules for the new network architecture, compress alarms, and reduce the number of fault orders is particularly important.

At present, the generation of main association rules mainly focuses on two aspects. One is to obtain all alarms within a certain period of time, and use the alarm as the input of the association rule algorithm through the association rule algorithm to generate association rules between alarms. For example, in a related technology, information between alarms is converted into a relationship between vectors, approximate frequent items are obtained according to the relationship between vectors, and alarm association rules are generated based on the approximate frequent items. In another related technology, the alarm family tree is constructed according to the standardized alarm data and the characteristic fields corresponding to each type of alarm data; based on the alarm family tree, the alarm association rules are mined according to the preset alarm rule mining parameters, and the mined alarm association rules are obtained.

In yet another related technology, on the basis of the above related technologies, a network element topology constraint model is added, and a fault is located using the constraint model. For example, by constructing a network element topology constraint model; detecting the running status of each network element device in the managed network to discover fault events; collecting fault events; Spatial layer correlation to determine fault location.

To sum up, in related technologies, most of the alarm associations are algorithmic but not logical, and there are many invalid association rules, resulting in low closed-loop efficiency. When the network element topology constraint is added to the alarm, the topology model is a network element constructed by using protocols such as Simple Network Management Protocol (SNMP) and Internet Control Message Protocol (Internet Control Message Protocol, ICMP). Topology constraints, and in a virtualized network, only using these protocols to construct a topology is no longer applicable; if the topology of a virtualized network cannot be constructed, the constraints are no longer valid. In addition, in all the current schemes, the mining of association rules is completed offline training, and then judged by manual experience, and then applied to the production environment.

The method for determining associated data of alarm data provided in this application aims to solve the above technical problems in the prior art.

The technical solution of the present application and how the technical solution of the present application solves the above technical problems will be described in detail below with specific embodiments. The following specific embodiments may be combined with each other, and the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present application will be described below in conjunction with the accompanying drawings.

Fig. 1 is a method for determining associated data of alarm data according to an exemplary embodiment. As shown in Fig. 1 , the method for determining associated data of alarm data may include:

110. Acquire alarm data and a network topology diagram, where the network topology diagram includes association relationships between alarm devices that generate alarm data, and the alarm devices include physical devices and virtual devices.

Exemplarily, the execution subject of this embodiment may be an electronic device, or a terminal device, or a processing device or device that can execute the method for determining the associated data of the alarm data, or other devices or devices that can execute this embodiment. limit. In this embodiment, the execution subject is an electronic device for description.

In some embodiments, the electronic device may be connected to a database of alarm data, and the database may store alarm data generated in a past period of time and alarm data generated in real time. The electronic device can call the alarm data that occurs within a specified time period from the alarm data database, so as to obtain the alarm data. Wherein, the quantity of the alarm data is multiple. Optionally, the alarm data may include the alarm occurrence time, the name of the device where the alarm occurred, the alarm type, the alarm identifier, the alarm name, and the like.

In some implementations, the electronic device can be connected to the cloud network, so as to generate a network topology map in combination with cloud network resources. Exemplarily, as shown in FIG. 2, the network topology diagram may be a vertical cloud network topology diagram, and the vertical cloudization network topology diagram may include a network element layer, a virtualization layer, a host layer, a TOR layer, an EOR layer, and a routing layer etc., wherein, the network element layer, the virtual layer, the host layer, the TOR layer, the EOR layer and the routing layer are sequentially connected from top to bottom, each layer may include multiple nodes, for example, the network element layer may include node a1, and the virtual layer It may include node b1 to node bn, the host layer may include node c1 to node cn, and the TOR layer may include node d1 to node dn. Nodes between different layers can be connected to each other. For example, node c1 of the host layer is connected to node d1 of the TOR layer, which means that there is an association between the device corresponding to node c1 and the device corresponding to node d1, and can also be regarded as a node There is a logical relationship between the device corresponding to c1 and the device corresponding to node d1. Wherein, some of the plurality of nodes represent physical devices, and some represent virtual devices.

As an example, the network element layer may be a network function virtualization (Network Functions Virtualization, NFV) horizontal cloud network topology diagram generated in combination with cloud network resources. In this network element layer, all basic network elements are connected to On the bus, you can have an overview of the overall situation of the network elements. For details, reference may be made to the network topology diagram of the 5GC network element in the prior art, so details are not described here. Wherein, the network element layer mainly includes physical devices corresponding to nodes. The foregoing alarm data may occur in devices corresponding to any node in the foregoing network topology diagram. Optionally, after the electronic device generates the network topology map through the cloudified network resources, it can store it in its cache.

In this implementation manner, the network topology of the virtualized network integrated horizontally and vertically is introduced into the data mining process of alarm association rules. In the context of the virtual network, the new network topology relationship is logically connected to different devices to ensure that the alarms entering the association rules are all physically and logically related data, ensuring the accuracy of the association rules and improving the association efficiency.

120. Mining the alarm data based on preset mining rules to obtain a plurality of initial association rules, where the initial association rules include two associated alarm data.

In some implementations, the preset mining rules may include an FP-growth algorithm. For the alarm data obtained above, the FP-growth algorithm is used to mine association rules to obtain a plurality of initial association rules. Exemplarily, for example, the obtained multiple initial association rules may include initial association rules u1, initial association rules u2, initial association rules u3... , where the initial association rules u1 may be expressed as: {network management alarm ID1, network management Alarm ID2, support degree S, confidence degree D}, wherein, the network management alarm ID1 and the network management alarm ID2 represent the alarm identifiers of the two alarm data respectively. Similarly, for representations of initial association rules such as initial association rule u2, initial association rule u3, etc., reference may be made to initial association rule u1.

130. According to the network topology diagram, among the multiple initial association rules, an initial association rule that has an association relationship between two alarm devices corresponding to the alarm data is determined as a target association rule.

Exemplarily, taking the initial association rule u1 as an example, the electronic device can find the device that has the alarm data in the network topology map through the network management alarm ID1, and find the device that has the alarm data in the network topology map through the network management alarm ID2. device, and determine whether there is an association relationship between the two devices in the network topology diagram, that is, whether there is a connection between the two devices in the network topology diagram, and if so, determine the initial association rule u1 as the target association rule. By analogy, by traversing each of the multiple initial association rules in the above manner, the target association rules can be filtered out from the multiple initial association rules.

140. Determine associated data associated with the alarm data to be analyzed according to the target association rule.

In some implementation manners, the electronic device may apply the association rules obtained above to an actual production system to mine associated data. Using the above example, for example, in the actual production system, the alarm data corresponding to the network management alarm ID1 is generated. Through the target association rules obtained above, the associated data can be excavated to be the alarm data corresponding to the network management alarm ID2. Wherein, the actual production system can generate alarm data in real time.

It can be seen that, in this embodiment, by acquiring the alarm data and the network topology map, the network topology map includes the association relationship between the alarm devices that generate the alarm data, and the alarm devices include physical devices and virtual devices; the alarm data is mined based on the preset mining rules , to obtain a plurality of initial association rules, the initial association rules include two interrelated alarm data; according to the network topology diagram, the initial association rules that have an association relationship between the alarm devices corresponding to the two alarm data in the multiple initial association rules , is determined as the target association rule; according to the target association rule, the associated data associated with the alarm data to be analyzed is determined. Since the network topology diagram includes the association relationship between the alarm devices that generate the alarm data, the logical relationship between the alarm data can be determined through the network topology diagram, that is, the alarm data is mined through the preset mining rules. After obtaining multiple initial association rules, verify whether there is a logical relationship in the multiple initial association rules through the network topology diagram, and filter out the initial association rules that fail the verification, you can get both algorithm association and logic The associated association rules ensure the accuracy of the obtained target association rules, thereby improving the accuracy of the associated data determined through the target association rules and corresponding to the alarm data to be analyzed.

Fig. 3 is a method for determining associated data of alarm data according to another exemplary embodiment. As shown in Fig. 3 , the method for determining associated data of alarm data may include:

210. Acquire alarm data and a network topology diagram, where the network topology diagram includes association relationships between alarm devices that generate alarm data, and the alarm devices include physical devices and virtual devices.

220. Mining the alarm data based on a preset mining rule to obtain a plurality of initial association rules, where the initial association rules include two associated alarm data.

230. According to the network topology diagram, an initial association rule in which two alarm data corresponding alarm devices have an association relationship among multiple initial association rules is determined as a target association rule.

Wherein, for the specific implementation manners of steps 210 to 230, reference may be made to steps 110 to 130, so details are not repeated here.

240. Mining a plurality of first association rules from the plurality of alarm data generated by the pre-production system according to a preset mining rule; wherein the pre-production system is configured to generate a plurality of alarm data in a specified scenario.

In some implementations, the electronic device may mine the multiple alarm data generated by the pre-production system by using a preset mining rule for mining the initial association rule, so as to obtain the first association rule.

It can be understood that, since the mining environment of the pre-production system may be different from the mining environment corresponding to the initial association rules, the first association rules mined in the production system may be different from the initial association rules, for example, the initial association rules correspond to The designated device in the mining environment corresponding to the first association rule is in the on state, while the designated device in the mining environment corresponding to the first association rule is in the off state.

Optionally, the specified scenario may be a payment scenario, an online car-hailing scenario, a food delivery platform ordering scenario, etc., which are not limited here, and users can set the specified scenario according to their own needs.

250. Determine a second association rule corresponding to the target association rule from multiple first association rules.

In some implementations, the network topology diagram includes a network element topology diagram, and the network element topology diagram includes the name of the network element corresponding to the alarm data, and the alarm data of the first association rule includes main alarm data and sub-alarm data. The specific implementation of step 250 can be include:

For each first association rule in the plurality of first association rules, if it is determined that the first association rule satisfies a specified condition, then the first association rule is determined as the second association rule, wherein the specified condition includes:

The alarm identifier of the main alarm data of the first association rule is the same as the first alarm identifier of the target association rule.

The alarm identifier of the sub-alarm data of the first association rule is the same as the second alarm identifier of the target association rule.

The name of the network element in the network topology map corresponding to the main alarm data is the same as the name of the network element in the network topology map corresponding to the sub-alarm data, and the alarm level of the main alarm data is the same as that of the sub-alarm data.

Exemplarily, the specified conditions pre-stored in the electronic device may include: a main alarm condition, a sub-alarm condition, and an anchor relationship condition between the main and sub-alarms.

As an example, for example, the main alarm condition is: the alarm identifier (that is, the network management alarm ID) of an alarm data in the first association rule is equal to the value of the network management alarm ID1 in the target association rule u1. The condition of the sub-alarm is: the alarm identifier of another alarm data in the first association rule is equal to the value of the network management alarm ID2 in the target association rule u1. The anchor relationship between the main and sub-alarms is: in the first association rule, the network element name of the main alarm is equal to the network element name of the sub-alarm && the alarm level of the main alarm is equal to the alarm level of the sub-alarm. The electronic device may determine the first association rule satisfying the specified condition as the second association rule. Among them, && means to satisfy at the same time.

Optionally, the electronic device may preset an adaptive period T, and during the process of mining the association rules in the pre-production system through the preset mining rules, each time the adaptive period T passes, the passed A specific implementation manner of step 250 is to determine a second association rule corresponding to the target association rule from the plurality of first association rules.

260. Acquire the alarm data set corresponding to the second association rule, and group the alarm data set according to the alarm identifier corresponding to each alarm data in the alarm data set to obtain the alarm data group corresponding to each alarm identifier.

Exemplarily, the electronic device can be grouped according to the network management alarm ID, and the group G obtained is: {network management alarm ID1:{main alarm 1_1{sub-alarm 1_1_1, sub-alarm 1_1_2....}, main alarm 1_2{sub-alarm 1_2_1 , sub-alarm 1_2_2....},...}. Network management alarm ID2: {main alarm 2_1{sub-alarm 2_1_1, sub-alarm 2_1_2...}, main alarm 2_2{sub-alarm 2_2_1, sub-alarm 2_2_2...}...}}, it can be seen that the network management alarm ID1 corresponds An alarm data group, the network management alarm ID2 corresponds to an alarm data group.

270. For the alarm data group corresponding to each alarm identifier, calculate the correlation coefficient of the alarm data group, and when the correlation coefficient is greater than or equal to the coefficient threshold, determine the alarm identifier corresponding to the alarm data group as the target alarm identifier, and set The second association rule corresponding to the target alarm identifier is determined as the third association rule. Among them, the correlation coefficient represents the degree of correlation between the main alarm data and the sub-alarm data in the alarm data group.

In some embodiments, the alarm data group includes a plurality of main alarm data, and the main alarm data includes a plurality of sub-alarm data, and the specific implementation manner of step 270 may include:

271. For the alarm data group corresponding to each alarm identifier, if it is determined according to the network topology that there is no correlation between the main alarm data and the sub-alarm data, delete the sub-alarm data from the alarm data group to obtain a new alarm data group .

Wherein, the specific implementation manner of determining whether there is an association relationship between the main alarm data and the sub-alarm data according to the network topology diagram can refer to step 130, so details are not repeated here.

Following the above example, take the alarm data group corresponding to the network management alarm ID1 {network management alarm ID1:{main alarm 1_1{sub-alarm 1_1_1, sub-alarm 1_1_2...} as an example, if the main alarm 1_1 and sub-alarm are determined according to the network topology diagram If there is no correlation between 1_1_2, the sub-alarm 1_1_2 can be deleted from the alarm data group corresponding to the network management alarm ID1. Obtain a new alarm data group {Network Management Alarm ID1: {Main Alarm 1_1{Sub Alarm 1_1_1....}.

272. Determine the correlation coefficient of the alarm data set according to the new alarm data set and the alarm data set.

In some embodiments, the specific implementation manner of step 272 may include:

Calculate the correlation coefficient of the alarm data group by the following formula:

.

Among them, R is the correlation coefficient of the alarm data group, n is the number of association relationships between the main alarm corresponding network topology map of the new alarm data group and other alarm data, and m is the network topology map corresponding to the main alarm of the alarm data group The number of association relationships between the main alarm data and other alarm data, cnt the number of association relationships between the main alarm data and sub-alarm data, For the alarm data group, /> It is a new alarm data group. Wherein, i represents the i-th alarm data group.

It can be understood that the above-mentioned association relationship may be equivalent to the connection lines in the network topology diagram, so the number of association relationships is equivalent to the number of connection lines.

Following the example above, after the correlation coefficient of each alarm data group is calculated by the above formula, the correlation coefficient of each alarm data group can be compared with the coefficient threshold. If the correlation coefficient is greater than the coefficient threshold, the correlation coefficient can be corresponding to The alarm identifier of the alarm data group is determined as the target alarm identifier, and the second association rule corresponding to the target alarm identifier is determined as the third association rule. For example, if the coefficient threshold is 0.7, if the correlation coefficient of the alarm data group is greater than 0.7, the association rule corresponding to the alarm data group can be retained and determined as the third association rule, otherwise the association rule corresponding to the alarm data group can be deleted .

In some embodiments, after step 271, this step 270 may also include:

If it is determined that the number of deleted sub-alarms in the new alarm data set is greater than or equal to the number threshold, the new alarm data set is deleted from the alarm data set.

Using the above example, if it is determined according to step 271, the new alarm data set If the number of alarms eliminated in the alarm exceeds 50% of the number of alarms in the original alarm data set, the electronic device can add this new alarm data set remove.

280. Go back and execute the operation of mining multiple first association rules from the multiple alarm data generated by the pre-production system according to the preset mining rules until the number of times of execution reaches the specified number of times to obtain multiple third association rules, and perform the operation according to the multiple A third association rule to update the target association rule. Wherein, the specified number of times corresponds to the specified scene.

For example, specified scenarios can be divided into high-frequency scenarios and low-frequency scenarios according to the frequency of use of the pre-production system. For example, the scenarios of booking cars and real estate can be determined as low-frequency scenarios; video scene. The specified number of times corresponding to the high-frequency scene is greater than the specified number of times corresponding to the low-frequency scene.

As an example, the specified number of times can be 20 times, and the electronic device can repeatedly perform the operations from step 240 to step 270 20 times, so that multiple third association rules can be obtained, and the target association rule can be updated according to the multiple third association rules . Optionally, the original target association rules may be replaced with multiple third association rules, so as to update the target association rules. It is also possible to add multiple third association rules to the set of original target association rules, so as to update the target association rules.

290. Determine associated data associated with the alarm data to be analyzed according to the target association rule.

Wherein, for the specific implementation manner of step 290, reference may be made to step 140, so details are not repeated here.

Exemplarily, the specific implementation process of steps 210 to 290 can be shown in FIG. 4 , the electronic device can have an alarm management system, and the alarm management system includes a database, an association rule management module, and a message platform, wherein the database includes alarm data , the association rule management module is used to manage the mined association rules, and the message platform is used to provide the data required by the pre-production system. As an example, the electronic device may call the alarm data from the database, and compress the alarm data to obtain the compressed alarm data.

Then, the preliminary association rules are mined on the compressed alarm data to obtain the preliminary association rules, and at the same time the preliminary association rules can be generated through the cloud network resources to generate the horizontal and vertical cloud network topology (that is, the network topology diagram in the above-mentioned embodiment ), and verify the preliminary association rules in combination with the network topology diagram, and then the verified association rule 1 (that is, the target association rule in the above embodiment) can be obtained. Afterwards, the pre-production system can be provided through the relevant data of the message platform, and the target association rules can be applied to the pre-production system. Association rule 2 (that is, the third association rule in the above-mentioned embodiment) can be obtained after rule optimization combined with the network topology map ), and finally send the association rule 2 to the association rule management module for storage, so that the association rule management module can apply the association rule 2 to the real production system to mine the alarm data generated in real time.

Considering that the above target association rules have not been applied to the required scenarios for optimization, resulting in low accuracy and poor practicability of the associated results, in this embodiment, by applying the association rules to the pre-announcement production system Association of real-time data, and analysis of the results, so as to achieve self-adaptive tuning of the rules and ensure the accuracy of the association rules obtained after tuning.

Fig. 5 is a method for determining associated data of alarm data according to yet another exemplary embodiment. As shown in Fig. 5 , the method for determining associated data of alarm data may include:

310. Acquire alarm data and a network topology diagram, where the network topology diagram includes association relationships between alarm devices that generate alarm data, and the alarm devices include physical devices and virtual devices.

320. Mining the alarm data based on a preset mining rule to obtain a plurality of initial association rules, where the initial association rules include two associated alarm data. The initial association rule includes a first alarm identifier of the first alarm data and a second alarm identifier of the second alarm data.

In some embodiments, the specific implementation manner of step 320 may include:

Through the preset mining parameters and the FP-growth algorithm, the alarm data is mined to obtain multiple initial association rules; among them, the mining parameters include the occurrence time period of the alarm data, the length of the sliding window, the sliding step size, the minimum support and the minimum Confidence.

Exemplarily, the electronic device can set mining parameters: {alarm occurrence time period T[T1, T2], sliding window duration TW, sliding step size TL, minimum support S, minimum confidence D}, based on the FP-growth algorithm Association rule mining is carried out to obtain mining rules U{u1, u2, u3....}, where u1 is {network management alarm ID1, network management alarm ID2, support S, confidence D}.

Among them, the process of constructing the FP tree based on the FP-growth algorithm and finding out the frequent pattern set F (that is, multiple initial association rules) is as follows:

Scan the alarm data set, count all the alarm data that appear as element items, and eliminate the data sets that do not meet the preset minimum support (hereinafter referred to as item sets). Among them, filter and sort each item set above. Filtering is to remove the element items that do not meet the minimum support. The sorting is based on the absolute frequency of occurrence of the element items. The higher the frequency of occurrence, the higher the sorting of the element items. Create a root node containing only an empty collection, add each item set after filtering and sorting to the tree in turn, and increase the value on the corresponding element item if the path already exists in the tree. If the path does not exist, a new path is created. In this way, an FP tree is obtained, and then the frequent item set F is obtained.

It can be understood that the aforementioned network management alarm ID1 and network management alarm ID2 can be mapped to readability rules. For example, network management alarm IDs mined through association rules can map out alarm data such as manufacturer, specialty, device type, alarm level, alarm type, and alarm title.

In some embodiments, the specific implementation manner of step 320 may include:

321. Compress the alarm data to obtain compressed alarm data.

In some embodiments, the specific implementation manner of step 321 may include:

Filter the specified alarm data in the alarm data to obtain the compressed alarm data. The specified alarm data includes alarm data and/or engineering alarms that have not been uploaded to the cloud.

Among them, since most of the alarms that are not uploaded to the cloud are in the commissioning stage and do not need to be focused on, the electronic device can filter the alarm data that has not been uploaded to the cloud in the alarm device. In addition, since the alarms generated in the engineering do not need to be concerned, the electronic device can filter out the engineering alarms in the alarm data at the same time.

In other implementations, the specific implementation of step 321 may include;

Standardize the alarm data to obtain an alarm identifier corresponding to the alarm data. The alarm identifier includes multiple fields, wherein each field in the multiple fields corresponds to a kind of alarm information in the alarm data, and the alarm information includes alarm level, alarm title, Alarm type, alarm explanation, and information about the device where the alarm data occurs; determine the alarm identifier as the compressed alarm data.

Optionally, the specific implementation of standardized processing of alarm data may also include field dimension compression. There are hundreds of field attribute values in existing network management alarms, for example {unique identifier of manufacturer alarm, time of occurrence, specialty, manufacturer, device type , alarm object type, alarm title, alarm type...}. First, the alarms are standardized, and each alarm has a network management alarm ID attribute after being standardized. Network management alarm ID: a uniform code for manufacturer-standardized alarms. This code can determine a type of alarm, such as alarms with the same specialty, manufacturer, device type, alarm title, and manufacturer’s alarm level. Alarms standardized by the network management alarm ID have standard alarm names, alarm levels, and alarm explanations. Take the network management alarm ID shown in Table 1 as an example:

Table 1

Exemplarily, according to Table 1, it can be seen that the left side of Table 1 is the original alarm information that has not been standardized. Among them, the manufacturers’ alarm IDs are expressed in different ways, and the alarm levels are also expressed in different ways. After standardized processing, the alarm ID It is uniformly represented by the network management alarm ID of multiple fields, and the alarm level is also represented by a uniform format, which facilitates subsequent mining of association rules for alarm data. Among them, after standardization, the network management alarm ID is used to represent the relevant alarms. Only the network management alarm ID and time need to be entered into the mining algorithm. The attribute values of multiple fields are mapped in the form of keywords (keys) and values (values), and are mapped into an attribute value. Thereby reducing the consumption of memory matching and improving the efficiency of association mining. The keyword can be the network management alarm ID (that is, the alarm identifier), and the value can represent the alarm level and alarm explanation corresponding to the network management alarm ID.

In some embodiments, the standardization processing of the alarm data may also include alarm classification and grouping. Specifically, the electronic device can classify and group the homogenized alarms according to the network management alarm ID, and the subsequent association rules are also associated according to the network management alarm ID, which can greatly improve the accuracy of the association. As an example, the network management alarm ID can be marked as a series of alarms with the same characteristics, for example: the alarm data corresponding to the alarm ID of the network management alarm ID 2005-001-125-10-000001 includes: professional: virtualization- VEPC, manufacturer: Ericsson, device type: PCRF, alarm object type: PCRF, alarm title: A Fallback Operation will soon be started, alarm type: a series of alarms of the original alarm of the device.

Optionally, the method may further include performing stream processing on the alarm data. Specifically, the electronic device may acquire alarm data within a specified time range, and input the alarm data into the processing engine in a stream input mode as data input for association rule mining. .

322. Mining the compressed alarm data based on preset mining rules to obtain multiple initial association rules.

Wherein, for the specific implementation manner of step 322, reference may be made to step 120, so details are not repeated here.

330. For each of the multiple initial association rules, determine the first alarm device corresponding to the first alarm data according to the first alarm identifier, and determine the second alarm device corresponding to the second alarm data according to the second alarm identifier. Alarm device.

Exemplarily, taking the initial association rule u1 as an example, the initial association rule u1 is expressed as {network management alarm ID1, network management alarm ID2, support S, confidence D}, wherein the network management alarm ID1 is the first alarm identifier, and the network management alarm ID2 It is the second warning sign. Since different fields of the alarm identifier map different alarm data information, the first alarm device that generates the network management alarm ID1 can be mapped according to the corresponding field of the first alarm identifier. According to the corresponding field of the second alarm identifier, the second alarm device that has generated the network management alarm ID2 can be mapped.

340. If it is determined that the first alarm device and the second alarm device have an association relationship in the network topology image, determine the initial association rule as the target association rule.

Following the above example, the electronic device can determine whether there is a connection between the first alarm device and the second alarm device in the network topology diagram, and if so, can determine that there is an association relationship between the first alarm device and the second alarm device, And the initial association rule u1 can be determined as the target association rule.

350. Determine associated data associated with the alarm data to be analyzed according to the target association rule.

Wherein, for the specific implementation manner of step 350, reference may be made to step 140, so details are not repeated here.

Considering that there are too many alarm data attributes in the process of association rule mining, which leads to the need for more hardware resources and time in the mining process, resulting in a decrease in the efficiency of association mining, in this embodiment, by using the data compression feature to extract the alarm data, In this way, the correlation dimension can be reduced, the number of alarms can be reduced, and the correlation efficiency can be improved.

Fig. 6 is an apparatus for determining associated data of alarm data according to an exemplary embodiment. As shown in Fig. 6, the apparatus 400 may include:

The information acquisition module 410 is configured to acquire alarm data and a network topology diagram, the network topology diagram includes associations between alarm devices that generate the alarm data, and the alarm devices include physical devices and virtual devices.

The rule mining module 420 is configured to mine the above-mentioned alarm data based on preset mining rules to obtain a plurality of initial association rules, and the above-mentioned initial association rules include two associated alarm data.

The target association rule determination module 430 is configured to determine, according to the above network topology diagram, an initial association rule among the above multiple initial association rules that has an association relationship between alarm devices corresponding to two alarm data as a target association rule.

The associated data determining module 440 is configured to determine the associated data associated with the alarm data to be analyzed according to the above target association rule.

In some implementations, the above-mentioned initial association rules include the first alarm identifier of the first alarm data and the second alarm identifier of the second alarm data, and the above-mentioned target association rule determination module 430 is specifically used for the above-mentioned multiple initial association rules. For each initial association rule, determine the first warning device corresponding to the first warning data according to the first warning identification, and determine the second warning device corresponding to the second warning data according to the second warning identification; if determined If there is an association relationship between the first alarm device and the second alarm device in the network topology image, the initial association rule is determined as the target association rule.

In some implementation manners, the apparatus 400 may further include: a target association rule updating module, the target association rule updating module including:

The first association rule determination sub-module is used to mine a plurality of first association rules from the plurality of alarm data generated by the pre-production system according to the above-mentioned preset mining rules; wherein, the above-mentioned pre-production system is used to generate multiple alarm data.

The second association rule determining submodule is configured to determine a second association rule corresponding to the above-mentioned target association rule from the above-mentioned plurality of first association rules.

The alarm data group determination sub-module is used to obtain the corresponding alarm data set of the above-mentioned second association rule, and group the above-mentioned alarm data set according to the alarm identifier corresponding to each alarm data in the above-mentioned alarm data set to obtain each alarm data set Identify the corresponding alarm data group.

The second association rule determination submodule is used to calculate the correlation coefficient of the above-mentioned alarm data group for the alarm data group corresponding to each of the above-mentioned alarm identifiers, and when the above-mentioned correlation coefficient is greater than or equal to the coefficient threshold value, the above-mentioned alarm data group The corresponding alarm identifier is determined as the target alarm identifier, and the second association rule corresponding to the above-mentioned target alarm identifier is determined as the third association rule; wherein, the above-mentioned correlation coefficient represents the association between the main alarm data and the sub-alarm data in the above-mentioned alarm data group degree.

Return to the execution sub-module, which is used to return to execute the operation of mining a plurality of first association rules from the plurality of alarm data generated by the pre-production system according to the above-mentioned preset mining rules, until the number of times of execution reaches the specified number of times, and a plurality of first association rules are obtained. Three association rules, the above specified times correspond to the above specified scenarios.

The update submodule is configured to update the above-mentioned target association rules according to the above-mentioned multiple third association rules.

In some implementations, the network topology diagram includes a network element topology diagram, the network element topology diagram includes the network element name corresponding to the alarm data, the alarm data of the first association rule includes main alarm data and sub-alarm data, and the second association rule The determining submodule is specifically configured to, for each first association rule among the plurality of first association rules, determine the first association rule as the second association rule if it is determined that the first association rule satisfies a specified condition, Wherein, the specified conditions include: the alarm identifier of the main alarm data of the first association rule is the same as the first alarm identifier of the target association rule; the alarm identifier of the sub-alarm data of the first association rule is the same as the first alarm identifier of the target association rule The two alarm identifiers are the same; the above-mentioned main alarm data corresponds to the network element name in the above-mentioned network topology diagram and the above-mentioned sub-alarm data corresponds to the same network element name in the above-mentioned network topology diagram, and the alarm level of the above-mentioned main alarm data is the same as that of the above-mentioned sub-alarm data The alarm levels are the same.

In some implementations, the above-mentioned alarm data group includes a plurality of main alarm data, the above-mentioned main alarm data includes a plurality of sub-alarm data, and the second association rule determination submodule is also specifically used for the alarm data group corresponding to each of the above-mentioned alarm identifiers , if it is determined according to the above-mentioned network topology diagram that there is no correlation between the above-mentioned main alarm data and the above-mentioned sub-alarm data, then the above-mentioned sub-alarm data is deleted from the above-mentioned alarm data group to obtain a new alarm data group; according to the above-mentioned new alarm The data group and the above-mentioned alarm data group determine the correlation coefficient of the above-mentioned alarm data group.

In some implementations, the second association rule determination submodule is specifically further used to calculate the association coefficient of the above-mentioned alarm data group through the following formula:

;

Among them, R is the correlation coefficient of the above-mentioned alarm data group, n is the number of association relationships between the main alarm of the above-mentioned new alarm data group and other alarm data in the above-mentioned network topology diagram, and m is the main alarm of the above-mentioned alarm data group Corresponding to the number of association relationships between the above network topology diagram and other alarm data, cnt is the number of association relationships between the main alarm data and sub-alarm data, For the alarm data group, /> It is a new alarm data group.

In some implementations, the target association rule update module is further configured to, if it is determined that the number of deleted sub-alarms in the new alarm data set is greater than or equal to the number threshold, then delete the new alarm data set from the alarm data set Deleted in .

In some implementations, the rule mining module 420 is specifically configured to mine the above-mentioned alarm data through preset mining parameters and FP-growth algorithm to obtain a plurality of initial association rules; wherein, the above-mentioned mining parameters include occurrence of alarm data Time period, sliding window duration, sliding step size, minimum support and minimum confidence.

In some implementations, the rule mining module 420 is specifically configured to compress the above-mentioned alarm data to obtain compressed alarm data; to mine the above-mentioned compressed alarm data based on preset mining rules to obtain multiple initial associations rule.

In some implementations, the rule mining module 420 is further configured to filter the specified alarm data in the above-mentioned alarm data to obtain the above-mentioned compressed alarm data, and the above-mentioned specified alarm data includes alarm data that has not been uploaded to the cloud and/or Engineering alert.

In some implementations, the rule mining module 420 is further configured to perform standardization processing on the above-mentioned alarm data to obtain an alarm identifier corresponding to the above-mentioned alarm data, and the above-mentioned alarm identifier includes a plurality of fields, wherein each of the above-mentioned multiple fields The field corresponds to a kind of alarm information in the above-mentioned alarm data, and the above-mentioned alarm information includes alarm level, alarm title, alarm type, alarm explanation, and information of the device where the above-mentioned alarm data occurs; the above-mentioned alarm identifier is determined as the above-mentioned compressed alarm data.

Fig. 7 is a schematic structural diagram of an electronic device according to an exemplary embodiment, where the electronic device may be a computer, a server, or the like. Wherein, the electronic device may be equivalent to the server in the above embodiment, and the electronic device may also be equivalent to the server client in the above embodiment.

Electronic device 800 may include one or more of the following components: processing component 802, memory 804, power supply component 806, multimedia component 808, audio component 810, input/output (I/O) interface 812, sensor component 814, and communication component 816 .

The processing component 802 generally controls the overall operations of the electronic device 800, such as those associated with display, telephone calls, data communications, camera operations, and recording operations. The processing component 802 may include one or more processors 820 to execute instructions to complete all or part of the steps of the above method. Additionally, processing component 802 may include one or more modules that facilitate interaction between processing component 802 and other components. For example, processing component 802 may include a multimedia module to facilitate interaction between multimedia component 808 and processing component 802 .

The memory 804 is configured to store various types of data to support operations at the electronic device 800 . Examples of such data include instructions for any application or method operating on the electronic device 800, contact data, phonebook data, messages, pictures, videos, and the like. The memory 804 can be realized by any type of volatile or non-volatile storage device or their combination, such as Static Random Access Memory (SRAM), Electrically Erasable Programmable Read Only Memory (EEPROM), Erasable Programmable Read Only Memory (EPROM), Programmable Read Only Memory (PROM), Read Only Memory (ROM), Magnetic Memory, Flash Memory, Magnetic Disk or Optical Disk.

The power supply component 806 provides power to various components of the electronic device 800 . Power components 806 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for electronic device 800 .

The multimedia component 808 includes a screen providing an output interface between the above-mentioned electronic device 800 and the user. In some embodiments, the screen may include a liquid crystal display (LCD) and a touch panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The above-mentioned touch sensor may not only sense a boundary of a touch or a sliding action, but also detect a duration and pressure related to the above-mentioned touching or sliding operation. In some embodiments, the multimedia component 808 includes a front camera and/or a rear camera. When the electronic device 800 is in an operation mode, such as a shooting mode or a video mode, the front camera and/or the rear camera can receive external multimedia data. Each front camera and rear camera can be a fixed optical lens system or have focal length and optical zoom capability.

The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a microphone (MIC), which is configured to receive an external audio signal when the electronic device 800 is in an operation mode, such as a call mode, a recording mode and a voice recognition mode. Received audio signals may be further stored in memory 804 or sent via communication component 816 . In some embodiments, the audio component 810 also includes a speaker for outputting audio signals.

The I/O interface 812 provides an interface between the processing component 802 and a peripheral interface module, which may be a keyboard, a click wheel, a button, and the like. These buttons may include, but are not limited to: a home button, volume buttons, start button, and lock button.

Sensor assembly 814 includes one or more sensors for providing status assessments of various aspects of electronic device 800 . For example, the sensor component 814 can detect the open/close state of the electronic device 800, the relative positioning of the components, such as the above-mentioned components are the display and the keypad of the electronic device 800, the sensor component 814 can also detect the electronic device 800 or a component of the electronic device 800 Changes in the position of , presence or absence of user contact with the electronic device 800 , orientation or acceleration/deceleration of the electronic device 800 and temperature changes of the electronic device 800 . Sensor assembly 814 may include a proximity sensor configured to detect the presence of nearby objects in the absence of any physical contact. Sensor assembly 814 may also include an optical sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor component 814 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor or a temperature sensor.

The communication component 816 is configured to facilitate wired or wireless communication between the electronic device 800 and other devices. The electronic device 800 can access a wireless network based on communication standards, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 816 receives broadcast signals or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the aforementioned communication component 816 also includes a near field communication (NFC) module to facilitate short-range communication. For example, the NFC module can be implemented based on Radio Frequency Identification (RFID) technology, Infrared Data Association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology and other technologies.

In an exemplary embodiment, electronic device 800 may be implemented by one or more application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable A programmable gate array (FPGA), controller, microcontroller, microprocessor or other electronic component implementation for performing the method described above.

In an exemplary embodiment, there is also provided a non-transitory computer-readable storage medium including instructions, such as the memory 804 including instructions, which can be executed by the processor 820 of the electronic device 800 to complete the above method. For example, the above-mentioned non-transitory computer-readable storage medium may be ROM, random access memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, and the like.

In an exemplary embodiment, there is also provided a non-transitory computer-readable storage medium, when the instructions in the storage medium are executed by the processor of the terminal device, the terminal device can perform the association of the alarm data of the above-mentioned electronic device Data determination method.

In an exemplary embodiment, a computer program product is also provided, including a computer program. When the computer program is executed by a processor, the method for determining associated data of alarm data in the above embodiments is provided.

Other embodiments of the present application will be readily apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any modification, use or adaptation of the application, these modifications, uses or adaptations follow the general principles of the application and include common knowledge or conventional technical means in the technical field not disclosed in the application . The specification and examples are to be considered exemplary only, with a true scope and spirit of the application indicated by the following claims.

It should be understood that the present application is not limited to the precise constructions which have been described above and shown in the accompanying drawings, and various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims (13)

1. A method for determining associated data of alert data, the method comprising:

acquiring alarm data and a network topology diagram, wherein the network topology diagram comprises an association relation between alarm devices generating the alarm data, and the alarm devices comprise physical devices and virtual devices;

mining the alarm data based on a preset mining rule to obtain a plurality of initial association rules, wherein the initial association rules comprise two alarm data which are associated with each other;

according to the network topological graph, determining an initial association rule with an association relation between alarm devices corresponding to two alarm data in the plurality of initial association rules as a target association rule;

mining a plurality of first association rules from a plurality of alarm data generated by a pre-production system according to the preset mining rules; the pre-production system is used for generating a plurality of alarm data under a specified scene;

determining a second association rule corresponding to the target association rule from the plurality of first association rules;

acquiring a corresponding alarm data set of the second association rule, and grouping the alarm data sets according to alarm identifications corresponding to each alarm data in the alarm data set to obtain alarm data sets corresponding to each alarm identification;

Calculating an association coefficient of the alarm data group aiming at the alarm data group corresponding to each alarm identifier, determining the alarm identifier corresponding to the alarm data group as a target alarm identifier and determining a second association rule corresponding to the target alarm identifier as a third association rule under the condition that the association coefficient is larger than or equal to a coefficient threshold; wherein, the association coefficient characterizes the association degree between the main alarm data and the sub alarm data in the alarm data group;

returning to execute the operation of mining a plurality of first association rules from a plurality of alarm data generated by a pre-production system according to the preset mining rules until the execution times reach the appointed times, so as to obtain a plurality of third association rules, wherein the appointed times correspond to the appointed scene;

updating the target association rule according to the plurality of third association rules;

and determining association data associated with the alarm data to be analyzed according to the target association rule.

2. The method according to claim 1, wherein the initial association rule includes a first alarm identifier of first alarm data and a second alarm identifier of second alarm data, and the determining, according to the network topology, the initial association rule that an association relationship exists between corresponding alarm devices in the plurality of initial association rules as a target association rule includes:

For each initial association rule of the plurality of initial association rules, determining a first alarm device corresponding to the first alarm data according to the first alarm identifier, and determining a second alarm device corresponding to the second alarm data according to the second alarm identifier;

and if the first alarm device and the second alarm device are determined to have the association relation in the network topology image, determining the initial association rule as the target association rule.

3. The method of claim 1, wherein the network topology comprises a network element topology comprising a network element name corresponding to alert data, the alert data of the first association rule comprising main alert data and sub-alert data, the determining a second association rule corresponding to the target association rule from the plurality of first association rules comprising:

for each first association rule of the plurality of first association rules, if the first association rule is determined to meet a specified condition, determining the first association rule as the second association rule, wherein the specified condition comprises:

the alarm identification of the main alarm data of the first association rule is the same as the first alarm identification of the target association rule;

The alarm identification of the sub alarm data of the first association rule is the same as the second alarm identification of the target association rule;

the network element name of the main alarm data corresponding to the network topological graph is the same as the network element name of the sub alarm data corresponding to the network topological graph, and the alarm level of the main alarm data is the same as the alarm level of the sub alarm data.

4. The method of claim 1, wherein the alert data set includes a plurality of primary alert data including a plurality of sub-alert data, wherein the determining the association coefficients of the alert data set for each alert identification corresponding alert data set includes:

aiming at the alarm data group corresponding to each alarm identifier, if no association relation exists between the main alarm data and the sub alarm data according to the network topological graph, deleting the sub alarm data from the alarm data group to obtain a new alarm data group;

and determining the association coefficient of the alarm data group according to the new alarm data group and the alarm data group.

5. The method of claim 4, wherein said determining the correlation coefficient of the alert data set based on the new alert data set and the alert data set comprises:

Calculating the association coefficient of the alarm data group by the following formula:wherein R is the association coefficient of the alarm data group,nthe main alarm of the new alarm data group corresponds to the number of association relations between the main alarm and other alarm data in the network topological graph,mfor the number of association relations between the main alarm of the alarm data set and other alarm data in the network topological graph, cnt is the number of association relations between the main alarm data and the sub alarm data, and +.>For alarm data set->Is a new alarm data set.

6. The method according to claim 4, wherein the method further comprises:

and if the number of the deleted sub alarms in the new alarm data set is greater than or equal to the number threshold, deleting the new alarm data set from the alarm data set.

7. The method according to any one of claims 1 to 6, wherein mining the alert data based on a preset mining rule to obtain a plurality of initial association rules includes:

mining the alarm data through preset mining parameters and an FP-growth algorithm to obtain a plurality of initial association rules; the mining parameters comprise an occurrence time period, a sliding window duration, a sliding step length, a minimum support degree and a minimum confidence degree of the alarm data.

8. The method according to any one of claims 1 to 6, wherein the mining the alarm data based on a preset mining algorithm to obtain a plurality of initial association rules includes:

compressing the alarm data to obtain compressed alarm data;

and mining the compressed alarm data based on a preset mining rule to obtain a plurality of initial association rules.

9. The method of claim 8, wherein compressing the alert data to obtain compressed alert data comprises:

and filtering appointed alarm data in the alarm data to obtain the compressed alarm data, wherein the appointed alarm data comprises alarm data which is not uploaded to a cloud and/or engineering alarms.

10. The method of claim 8, wherein compressing the alert data to obtain compressed alert data comprises:

carrying out standardized processing on the alarm data to obtain an alarm identifier corresponding to the alarm data, wherein the alarm identifier comprises a plurality of fields, each field in the plurality of fields corresponds to one type of alarm information in the alarm data, and the alarm information comprises an alarm level, an alarm title, an alarm type, alarm interpretation and equipment information for generating the alarm data;

And determining the alarm identifier as the compressed alarm data.

11. An associated data determining apparatus of alarm data, comprising:

the information acquisition module is used for acquiring alarm data and a network topological graph, wherein the network topological graph comprises an association relation between alarm devices generating the alarm data, and the alarm devices comprise physical devices and virtual devices;

the rule mining module is used for mining the alarm data based on a preset mining rule to obtain a plurality of initial association rules, wherein the initial association rules comprise two alarm data which are associated with each other;

the target association rule determining module is used for determining an initial association rule with association relation between alarm devices corresponding to two alarm data in the plurality of initial association rules as a target association rule according to the network topological graph;

the association data determining module is used for determining association data associated with alarm data to be analyzed according to the target association rule;

the apparatus further comprises: a target association rule update module, the target association rule update module comprising:

the first association rule determining submodule is used for mining a plurality of first association rules from a plurality of alarm data generated by the pre-production system according to the preset mining rules; the pre-production system is used for generating a plurality of alarm data under a specified scene;

A second association rule determining sub-module configured to determine a second association rule corresponding to the target association rule from the plurality of first association rules;

the alarm data set determining submodule is used for acquiring a corresponding alarm data set of the second association rule, and grouping the alarm data sets according to alarm identifications corresponding to each alarm data in the alarm data sets to obtain alarm data sets corresponding to each alarm identification;

a second association rule determining sub-module, configured to calculate, for each alarm data set corresponding to the alarm identifier, an association coefficient of the alarm data set, determine, when the association coefficient is greater than or equal to a coefficient threshold, an alarm identifier corresponding to the alarm data set as a target alarm identifier, and determine, as a third association rule, a second association rule corresponding to the target alarm identifier; wherein, the association coefficient characterizes the association degree between the main alarm data and the sub alarm data in the alarm data group;

the return execution sub-module is used for returning to execute the operation of mining a plurality of first association rules from a plurality of alarm data generated by the pre-production system according to the preset mining rules until the execution times reach the appointed times, so as to obtain a plurality of third association rules, wherein the appointed times correspond to the appointed scene;

And the updating sub-module is used for updating the target association rule according to the plurality of third association rules.

12. An electronic device, comprising: a processor, and a memory communicatively coupled to the processor;

the memory stores computer-executable instructions;

the processor executes computer-executable instructions stored in the memory to implement the method of any one of claims 1 to 10.

13. A computer readable storage medium having stored therein computer executable instructions which when executed by a processor are adapted to carry out the associated data determination method of alert data according to any one of claims 1 to 10.