Fuzzy Event Correlation Algorithm in Wide Telecommunication Networks

AbstractThis paper presents an efficient clustering algorithm for faults identification in largetelecommunication networks. The alarms and faults in telecommunication networks presentsome interesting characteristics like storm and cascade of events. For instance, a single faultmay result in a large number of alarms, and it is often very difficult to isolate the true causeof a fault. Our algorithm is especially designed for the event correlation problem taking intoaccount comprehensive information about the system behaviour. Our technique is tested andcompared with some available clustering algorithms on some samples from both simulatedand real data from Ericsson’s network. 1 Introduction Telecommunication networksaregrowing insizeandcomplexity ataveryrapidrate, andthereforetheir management is becoming more and more complicated. Each network element can produce alarge amount of alarms when a fault occurs. More precisely, when a fault occurs, network devices orcomponents can send messages (alarms) to describe the problem that has been detected. Butthey only have a local view of the fault, and therefore cannot describe the fault, but just itsvisible consequences. Moreover, these alarms are very different due to various types of networkcomponents involved (such as new equipments, software updates, etc.). The telecommunicationnetwork management system is responsible for recording the alarms generated by the network nodesor components and presents them to the operator. However, in large systems, dueto the large volumeand the fragmented nature of the information contained within these alarms, it is not always possibleto locate and solve the faults within a reasonable time. In addition, due to the complex nature ofthese networks, a single fault may produce a cascade of alarms from the affected network elementsand also, a fault can trigger other faults, for instance in the case of overloading. Even thoughfailures in large communication networks are unavoidable, quick detection, identification of causesand resolution can make systems more robust, more reliable, and can ultimately increase the levelof confidence in the services that they provide [1].Alarm correlation is a key issue in a network management system as it is used to determinethe faults’ origin, and to filter out redundant and spurious events. The alarm correlation systemsgenerally combine causal and temporal correlation models with the network topology. The efficiencyandrobustnessofthemodelsusedandthealgorithms developedvaryfromsystemtosystembutnoneof them have yet succeeded to provide a good solution to this problem [2]. In general, data miningtechniques are well adapted for analysing collections of data and extracting hidden information.However, the complex nature of the data generated by a wide telecommunication network and thelack of real information contained in an alarm, make unsuitable most of the existing techniques [3].

[1]  Peter Fröhlich,et al.  Using Neural Networks for Alarm Correlation in Cellular Phone Networks , 1999 .

[2]  Ramesh Viswanathan,et al.  A conceptual framework for network management event correlation and filtering systems , 1999, Integrated Network Management VI. Distributed Management for the Networked Millennium. Proceedings of the Sixth IFIP/IEEE International Symposium on Integrated Network Management. (Cat. No.99EX302).

[3]  Mihai Lazarescu,et al.  Clustering Large Dynamic Datasets Using Exemplar Points , 2005, MLDM.

[4]  Sudipto Guha,et al.  CURE: an efficient clustering algorithm for large databases , 1998, SIGMOD '98.

[5]  Sudipto Guha,et al.  CURE: an efficient clustering algorithm for large databases , 1998, SIGMOD '98.

[6]  Robert D. Gardner,et al.  Alarm Correlation and Network Fault using the KO onen Self-organisin , 1997 .

[7]  Malgorzata Steinder,et al.  Non-deterministic diagnosis of end-to-end service failures in a multi-layer communication system , 2001, Proceedings Tenth International Conference on Computer Communications and Networks (Cat. No.01EX495).

[8]  Kenji Yamanishi,et al.  Dynamic syslog mining for network failure monitoring , 2005, KDD '05.

[9]  Rui Xu,et al.  Survey of clustering algorithms , 2005, IEEE Transactions on Neural Networks.

[10]  Hans-Peter Kriegel,et al.  A Density-Based Algorithm for Discovering Clusters in Large Spatial Databases with Noise , 1996, KDD.

[11]  Klaus Julisch,et al.  Clustering intrusion detection alarms to support root cause analysis , 2003, TSEC.

[12]  An-Chi Liu,et al.  An alarm management framework for automated network fault identification , 2004, Comput. Commun..

[13]  Jiawei Han,et al.  Efficient and Effective Clustering Methods for Spatial Data Mining , 1994, VLDB.

[14]  M. Tahar Kechadi,et al.  Performance Evaluation of Two Data Mining Techniques of Network Alarms Analysis , 2006, DMIN.

[15]  D. Ohsie,et al.  High speed and robust event correlation , 1996, IEEE Commun. Mag..

[16]  Lotfi A. Zadeh,et al.  Fuzzy Logic , 2009, Encyclopedia of Complexity and Systems Science.

[17]  Michela Bertolotto,et al.  Towards a framework for mining and analysing spatio‐temporal datasets , 2007, Int. J. Geogr. Inf. Sci..

[18]  Tian Zhang,et al.  BIRCH: an efficient data clustering method for very large databases , 1996, SIGMOD '96.

[19]  Vladimir Batagelj,et al.  Pajek - Analysis and Visualization of Large Networks , 2001, Graph Drawing Software.

[20]  Jacques-H. Bellec,et al.  Towards a formal model for the network alarm correlation problem , 2006 .

[21]  P. Viswanath,et al.  l-DBSCAN : A Fast Hybrid Density Based Clustering Method , 2006, 18th International Conference on Pattern Recognition (ICPR'06).

[22]  Wei Peng,et al.  An integrated framework on mining logs files for computing system management , 2005, KDD '05.

[23]  D. Malheiros Meira,et al.  Modelling a telecommunication network for fault management applications , 1998, NOMS 98 1998 IEEE Network Operations and Management Symposium.

[24]  Rajeev Gopal,et al.  Layered model for supporting fault isolation and recovery , 2000, NOMS 2000. 2000 IEEE/IFIP Network Operations and Management Symposium 'The Networked Planet: Management Beyond 2000' (Cat. No.00CB37074).

[25]  Michela Bertolotto,et al.  Exploratory spatio-temporal data mining and visualization , 2007, J. Vis. Lang. Comput..

[26]  Guangtian Liu,et al.  Composite events for network event correlation , 1999, Integrated Network Management VI. Distributed Management for the Networked Millennium. Proceedings of the Sixth IFIP/IEEE International Symposium on Integrated Network Management. (Cat. No.99EX302).

[27]  M. Tahar Kechadi,et al.  A New Efficient Clustering Algorithm for Network Alarm Analysis , 2005, IASTED PDCS.