Modeled abductive inference for event management and correlation

This thesis describes a number of novel techniques for performing efficient event correlation in computer networks. We develop a new object-oriented event modeling methodology which is algorithm independent, and generalizes or is superior to the modeling capabilities of competing systems. We prove this assertion through the elegant modeling of a number of real world problems, simulation of the models of competing systems using our methodology, and a case study providing a quantitative analysis of the benefits of our methodology. We provide a probabilistically correct correlation algorithm which also generalizes or improves on the correlation component of competing systems. In addition, our algorithms improve correlation efficiency by pruning redundant information from the event model and preprocessing to further reduce correlation-time processing. These features are unique to our system. We demonstrate performance results which are conservatively measured to be greater than an order of magnitude better than those of competing systems.