Conference Paper

Composite events for network event correlation

Dept. of Comput. Sci., Texas Univ., Austin, TX
DOI: 10.1109/INM.1999.770687 Conference: Integrated Network Management, 1999. Distributed Management for the Networked Millennium. Proceedings of the Sixth IFIP/IEEE International Symposium on
Source: IEEE Xplore

ABSTRACT With the increasing complexity of enterprise networks and the
Internet, event correlation is playing an increasingly important role in
network as well as integrated system management systems. Even though the
timing of events often reveals important diagnostic information about
event relationships and should therefore be represented in event
correlation rules or models, most extant approaches lack a formal
mechanism to define complex temporal relationships among correlated
events. In this paper, we discuss the formal use of composite events for
event correlation and present a composite event specification approach
that can precisely express complex timing constraints among correlated
event instances, for which efficient compilation and detection
algorithms have been developed in Mok et al., (1997). A Java
implementation of this approach, called Java Event Correlator (JECTOR),
is described, and some preliminary experimental results of using JECTOR
in an experimental network management environment are also discussed in
the paper

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Large distributed systems, including real-time embedded systems, are increasingly being built using sophisticated middleware frameworks. Communication in such systems is often realized using in terms of asynchronous events whose propagation is implemented by an underlying publish/subscribe service that hooks components into a generic event communication channel. Event correlation—a mechanism for monitoring and filtering events—has been introduced in some of these systems as an effective technique for reducing network traffic and computation time. Unfortunately, even though event correlation is used heavily in frameworks such as ACE/TAO’s real-time event-channel and in mission critical contexts such as Boeing’s Bold Stroke avionics middleware, the industry standard CORBA Component Model (CCM) does not include a specification of event correlation. While previous proposals for event correlation usually offer sophisticated facilities to detect combinations in the stream of incoming events, they have not been constructed to fit within the CCM type system, and they offer relatively little support for transforming and rearranging filtered events into meaningful output events. In this paper, we present the design rationale, syntax, and semantics for a new and highly flexible model for event correlation that is designed for integration into the CCM type system. Our model has been integrated and tested in the Cadena development and analysis framework, which has been designed to support development of mission-control applications in the Boeing Bold Stroke framework.
    International Journal on Software Tools for Technology Transfer 09/2007; 9(5):417-427.
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: As current backbone network evolution involves replacing today's multiple networks with a single global multiprotocol label switching (MPLS)-enabled backbone over an intelligent optical IP-based core network, alarm correlation becomes critical for fault management system (FMS) to monitor network health, performance, and to quickly identify and resolve operational problems. In this paper, we propose a hybrid technique to efficiently correlate these MPLS alarms to other equipment and service alarms, including event aggregation, rule-based method, and codebook approach. The hybrid technique combines the advantages of small size codebooks and simple expert rules for correlation at each level of the hierarchy. Extensive testing results obtained from real-world network experiments have been reported to demonstrated the effectiveness of the proposed correlation scheme.
    Networks, 2005. Jointly held with the 2005 IEEE 7th Malaysia International Conference on Communication., 2005 13th IEEE International Conference on; 12/2005
  • [Show abstract] [Hide abstract]
    ABSTRACT: Fault localization is a central element in network fault management. This paper takes a weighted bipartite graph as a fault propagation model and presents a heuristic fault localization algorithm based on the idea of incremental coverage, which is resilient to inaccurate fault propagation model and the noisy environment. Furthermore, a sliding window mechanism is proposed to tackle the inaccuracy of this algorithm in the presence of improper time windows. As shown in the simulation study, our scheme achieves higher detection rate and lower false positive rate in the noisy environment as well as in the presence of inaccurate windows, than current fault localization algorithms.
    Sciece China. Information Sciences 55(5). · 0.71 Impact Factor

Full-text (2 Sources)

Available from
Aug 18, 2014