Conference Paper

Composite events for network event correlation

Dept. of Comput. Sci., Texas Univ., Austin, TX
DOI: 10.1109/INM.1999.770687 Conference: Integrated Network Management, 1999. Distributed Management for the Networked Millennium. Proceedings of the Sixth IFIP/IEEE International Symposium on
Source: IEEE Xplore

ABSTRACT With the increasing complexity of enterprise networks and the
Internet, event correlation is playing an increasingly important role in
network as well as integrated system management systems. Even though the
timing of events often reveals important diagnostic information about
event relationships and should therefore be represented in event
correlation rules or models, most extant approaches lack a formal
mechanism to define complex temporal relationships among correlated
events. In this paper, we discuss the formal use of composite events for
event correlation and present a composite event specification approach
that can precisely express complex timing constraints among correlated
event instances, for which efficient compilation and detection
algorithms have been developed in Mok et al., (1997). A Java
implementation of this approach, called Java Event Correlator (JECTOR),
is described, and some preliminary experimental results of using JECTOR
in an experimental network management environment are also discussed in
the paper

Download full-text


Available from: Aloysius Mok, Aug 18, 2014
  • Source
    • "Composite event [1] detection in WSNs is required in many applications such as health care [2], smart building [3] and intelligent transportation system [4]. For instance, in an intelligent transportation system, we may define traffic jam as an event when there are certain number of cars waiting on a road. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Although there are several works on providing event-based services in pervasive environment or WSN, most of them have not considered composite event detection in an energy-efficient fashion. Composite events consist of multiple primitive events with temporal and spatial relations and are much more difficult to manage. Because of the resource constraints in WSN, existing event detection algorithms may not be suitable for WSN when energy efficiency is considered. In this paper, we propose TED (Type-based composite Event Detection), a distributed composite event detection algorithm. The essential idea of TED is type-based event fusion, where some sensor nodes are selected as fusion points. Then lower-level events will be fused on these fusion points for detection of higher-level composite events. Each composite event type is assigned to certain fusion point for detection so that the composite events may be detected in-network instead of at the sink. Event fusion with minimum energy cost is an NP-complete problem. We propose a distributed randomized algorithm to solve the problem. We analyze the energy efficiency of TED to show both its effectiveness and efficiency. By carrying out both simulation and real world experiments on TED, we show that TED can reduce the energy cost by 10-20% in event-based WSN applications compared with naevent detection mechanism where the event relations are not considered.
    Distributed Computing in Sensor Systems, 7th IEEE International Conference and Workshops, DCOSS 2011, Barcelona, Spain, 27-29 June, 2011, Proceedings; 01/2011
  • Source
    • "There has been a tremendous amount of work towards network fault detection, the most relevant of which we mention here. We discussed both commercial [22] [23] and research [5] [17] [21] fault management systems in section I. While most of these focus on data-plane events, recent efforts [20] have tried to incorporate control-plane information into the correlation process. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Fault management in networks is difficult. We argue that a major contributor to the difficulty of debugging network faults is the sheer volume of semantically anemic details exposed by protocols. Unlike past approaches that try to cope with the deluge of information exposed, in this paper we explore how to reduce and structure the management information exposed by data-plane protocols and devices to make them more amenable to fault management. To this effect, we delineate two conditions that the management interface of data-plane protocols should satisfy: it should provide a structured description of protocol reality and it should support what we call a "conservation of bytes" invariant. Based on this, we propose an architecture wherein data- plane protocols expose management information satisfying these conditions. This allows management applications to detect, localize and (possibly) resolve faults in a structured fashion. We discuss the detection of a representative set of real-world faults to illustrate our approach. We implemented these fault management features into three protocols and built a management application that uses the features to debug faults. Apart from serving as a proof of concept, this exercise indicates that our proposal does indeed simplify debugging of a large fraction of network faults.
    INFOCOM 2009, IEEE; 05/2009
  • Source
    • "Correlations are identified as alarms propagate through the model. Rule-based [9] and Code-based [10] systems also show the relations between the events in the system, which specifies correlations according to a rule-set or codebook. Other AI techniques, such as neural networks [11], [12] or decision-trees, have also been applied to the task. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Summary Powerful fault management systems are increasingly required to ensure robustness and qualitative services. Though alarms are usually useful for identifying faults in such systems, huge numbers of alarms generated as a result of some major network event require efficient management methods and algorithms in order to discover the root cause in a timely manner. In this paper, we propose a robust algorithm for recognizing root cause faults in a reasonable time window by dynamically clustering alarms and events. Our algorithm is composed of three stages and uses cellular learning automaton in all stages. Simulations testify to the high efficiency of this algorithm with different parameters.
Show more