Publication
IBM Systems Journal
Paper

Discovering actionable patterns in event data

View publication

Abstract

Applications such as those for systems management and intrusion detection employ an automated real-.time operation system in which sensor data are collected and processed in real time. Although such a system effectively reduces the need for operation staff, it requires constructing and maintaining correlation rules. Currently, rule construction requires experts to identify problem patterns, a process that is time-consuming and error-prone, in this paper, we propose reducing this burden by mining historical data that are readily available. Specifically, we first present efficient algorithms to mine three types of important patterns from historical event data: event bursts, periodic patterns, and mutually dependent patterns. We then discuss a framework for efficiently mining events that have multiple attributes, Last, we present Event Correlation Constructor-a tool that validates and extends correlation knowledge.

Date

Publication

IBM Systems Journal

Authors

Topics

Share