This paper proposed a correlation method based on traffic alert information. Firstly, the method extracted some traffic feature signals made of relatively coarse-grained traffic features, analyzed these signals, and got anomaly-related alert information; then, it correlated the alert information using Apriori algorithm, and got correlation rules related to anomalies and alert information. Analysis of real network data shows that the rules can effectively identify anomalies in backbone network.%提出一种以骨干通信网络流量特征参数告警信息为基础的关联分析方法,首先提取通信网络中多个与异常事件相关的相对粗粒度的流量特征参数,将这些特征参数看做是随时间变化的信号(以下称为流量特征信号),通过流量特征信号分析获得异常事件的多个告警信息;然后采用Apriori算法进行告警信息关联分析,获得告警信息与异常事件的关联规则.实际网络流量数据的分析表明:使用上述规则能有效地发现骨干通信网异常事件.
展开▼
