The independent claims of this patent signify a concise description of embodiments. An automatic process for determining and/or predicting the original root-cause(s) of a violation is proposed using two major enhancements on top of the current VC-Static solution. First, an information repository is created by mining various Static checker components' analysis information, and second, an analysis framework is created which systematically prunes the above-mentioned information repository to find the actual root cause(s) of the violation. This Abstract is not intended to limit the scope of the claims.

Architectures and techniques are presented that provide an improved mechanism for a subscriber entity to report to a network provider a network issue that affects the performance of an application that uses a service provided by the network provider. The improved mechanism can enable fine granularity with respect to the network issue by identifying the issue on a per-session basis. In response to feedback data that is reported by the subscriber entity, the network provider can perform self-healing or other upgrade techniques to rapidly remedy the network issue.

A method includes processing a user input for generating a non-deterministic finite automata tree (NFAT) correlation policy. The user input indicates one or more of a static condition or a dynamic condition for inclusion in the NFAT correlation policy. The static condition includes a comparison between a defined entity and a first fixed parameter. The dynamic condition includes a comparison between the defined entity and a variable parameter. An applicable NFAT element is generated that includes at least one of the NFAT correlation policy generated based on a determination that the user input indicates the static condition or a NFAT template generated based on a determination that the user input indicates the dynamic condition. Event data received from a network device is processed to detect a status of a network entity associated with a communication network based on the applicable NFAT element.

A computer implemented method of monitoring and controlling a target system, such as a communication network or an industrial process. The method includes receiving information about anomalies in operation of the target system detected by an automated anomaly detection mechanism; automatically determining certainty characteristics of the detected anomalies; submitting detected anomalies to expert evaluation in priority order determined based on the certainty characteristics; and adjusting the determination of certainty characteristics of the detected anomalies and/or the automated anomaly detection mechanism based on results of the expert evaluation.

Present technology is directed to preferred processing and the verification of diagnostic signatures for a plurality of network defect. The disclosed optimization process is based on expressing each Diagnostic Signature as a minimal sum of product Boolean function of associated network commands, followed by ranking of each command reference in the product terms of the Boolean expression as well as each Boolean product terms of the SOP Boolean expressions, and constructing a decision tree based on the provided rankings to thereby determine a minimum set of commands along with an preferred command dispatch sequence for evaluating a Diagnostic Signature. Further aspects include the translation of both the optimization computation (interpretation of network conditions associated with a network defect) and the computed workflow (dispatch of the command) into a series of declarative rules that can be processed by a machine reasoning engine to thereby automate the optimization process.

The present invention discloses a network burst load evacuation method for edge servers, which takes a time and average penalty function of all tasks performed by the edge system as a minimum optimization goal. This method not only takes into account the fairness of all users in the system, but also ensures that the unloading tasks of all users in the system can be completed in a relatively shortest time, and a new quantitative measure is proposed for improving user QoS response. In the implementation process of the algorithm in the present invention, a particle swarm algorithm is used to solve an optimal target of the system, This algorithm has a fast execution speed and high efficiency, and is especially suitable for a scene of an edge computing network system, so that when a sudden load occurs, an edge computing network system can respond in a very short time and complete the evacuation of the load, which greatly improves the fault tolerance and stability of the edge network environment.

The invention concerns a method and a system for determining root-cause diagnosis of events occurring during the operation of a communication network comprising monitoring time signals representative of the operation of the network to detect the occurrence of an event relative to the network traffic, and for each detected event, during the duration of said event obtaining distributions of data on several dimensions of the network linked to said event, automatically determining an event root-cause diagnosis of the detected event, called single event diagnosis, comprising at least one element of said distributions, an element being a value taken by a network dimension having a contribution in said distributions of data, the single event diagnosis determination using rules of business logic configuration organized hierarchically, which are applied according to said hierarchy to select at least one element of said distributions, the selection of more than one element comprising machine learning clustering.

Disclosed are a log parsing method and device, a server and a storage medium, relating to the field of network operation and maintenance. The method includes: acquiring (101) sample log data; performing (102) clustering processing on the sample log data according to the length of each sample log in the sample log data, and beginning and ending keywords of each sample log in the sample log data, to obtain a plurality of log clusters; determining (103) a quality score of each log cluster of the plurality of log clusters obtained by the clustering processing; and parsing (104) a log according to the plurality of log clusters and quality scores of the plurality of log clusters.

Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which provides a SilverlineRT system that prioritizes and analyzes security alerts and events. The server builds an attack tree based on attack detection rules. The server monitors large-scale distributed systems and receives alerts from various devices. The server determines attacks using the attack tree while excluding false alarms. The server determines impact and risk metrics for attacks in real-time, and calculates an impact score for each attack. The server ranks and prioritizes the attacks based on the impact scores. The server also generates real-time reports. By consider the mission and system specific context in the analysis alert information, the server gives insight into the overall context of problems and potential solutions, improving decision-making. By showing the impacts of alters, the server allows security personnel to prioritize responses and focus on highest value defense activities.

A method for discovering and diagnosing network anomalies. The method includes receiving key performance indicator (KPI) data and alarm data. The method includes extracting features based on samples obtained by discretizing the KPI data and the alarm data. The method includes generating a set of rules based on the features. The method includes identifying a sample as a normal sample or an anomaly sample. In response to identifying the sample as the anomaly sample, the method includes identifying a first rule that corresponds to the sample, wherein the first rule indicates symptoms and root causes of an anomaly included in the sample. The method further includes applying the root causes to derive a root cause explanation of the anomaly and performing a corrective action to resolve the anomaly based on the first rule.