A view of the EM algorithm that justifies incremental, sparse, and other variants
Learning in graphical models
Rule Discovery in Telecommunication AlarmData
Journal of Network and Systems Management
On-line unsupervised outlier detection using finite mixtures with discounting learning algorithms
Proceedings of the sixth ACM SIGKDD international conference on Knowledge discovery and data mining
Discovery of Frequent Episodes in Event Sequences
Data Mining and Knowledge Discovery
ICDE '95 Proceedings of the Eleventh International Conference on Data Engineering
A unifying framework for detecting outliers and change points from non-stationary time series data
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Data-driven validation, completion and construction of event relationship networks
Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining
Automated System Monitoring and Notification With Swatch
LISA '93 Proceedings of the 7th USENIX conference on System administration
Probabilistic fault localization in communication systems using belief networks
IEEE/ACM Transactions on Networking (TON)
High speed and robust event correlation
IEEE Communications Magazine
VLDB '06 Proceedings of the 32nd international conference on Very large data bases
Proceedings of the ACM first Ph.D. workshop in CIKM
Automatic discovery of relationships across multiple network layers
Proceedings of the 2007 SIGCOMM workshop on Internet network management
Towards a formal model for the network alarm correlation problem
SMO'06 Proceedings of the 6th WSEAS International Conference on Simulation, Modelling and Optimization
Troubleshooting chronic conditions in large IP networks
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Network anomaly detection based on Eigen equation compression
Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining
Terminology Extraction from Log Files
DEXA '09 Proceedings of the 20th International Conference on Database and Expert Systems Applications
Detecting large-scale system problems by mining console logs
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Predicting computer system failures using support vector machines
WASL'08 Proceedings of the First USENIX conference on Analysis of system logs
Mining console logs for large-scale system problem detection
SysML'08 Proceedings of the Third conference on Tackling computer systems problems with machine learning techniques
What happened in my network: mining network events from router syslogs
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
G-RCA: a generic root cause analysis platform for service quality management in large IP networks
Proceedings of the 6th International COnference
Bridging the gaps: joining information sources with Splunk
SLAML'10 Proceedings of the 2010 workshop on Managing systems via log analysis and machine learning techniques
Proceedings of the 22nd Conference of the Computer-Human Interaction Special Interest Group of Australia on Computer-Human Interaction
Behavioural Proximity Discovery: an adaptive approach for root cause analysis
International Journal of Business Intelligence and Data Mining
Behavioural proximity approach for alarm correlation in telecommunication networks
MICAI'06 Proceedings of the 5th Mexican international conference on Artificial Intelligence
Detecting changes of clustering structures using normalized maximum likelihood coding
Proceedings of the 18th ACM SIGKDD international conference on Knowledge discovery and data mining
Failure prediction based on log files using Random Indexing and Support Vector Machines
Journal of Systems and Software
G-RCA: a generic root cause analysis platform for service quality management in large IP networks
IEEE/ACM Transactions on Networking (TON)
Juggling the Jigsaw: towards automated problem inference from network trouble tickets
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
A comparison of syslog and IS-IS for network failure analysis
Proceedings of the 2013 conference on Internet measurement conference
| Hi-index | 0.00 |
Syslog monitoring technologies have recently received vast attentions in the areas of network management and network monitoring. They are used to address a wide range of important issues including network failure symptom detection and event correlation discovery. Syslogs are intrinsically dynamic in the sense that they form a time series and that their behavior may change over time. This paper proposes a new methodology of dynamic syslog mining in order to detect failure symptoms with higher confidence and to discover sequential alarm patterns among computer devices. The key ideas of dynamic syslog mining are 1) to represent syslog behavior using a mixture of Hidden Markov Models, 2) to adaptively learn the model using an on-line discounting learning algorithm in combination with dynamic selection of the optimal number of mixture components, and 3) to give anomaly scores using universal test statistics with a dynamically optimized threshold. Using real syslog data we demonstrate the validity of our methodology in the scenarios of failure symptom detection, emerging pattern identification, and correlation discovery.