Method of identifying a root cause of a network event

US 8,214,480 B2
Filed: 04/15/2008
Issued: 07/03/2012
Est. Priority Date: 04/18/2007
Status: Active Grant

First Claim

Patent Images

1. A method of identifying a root cause of an event in a network of linked entities, the method comprising:

a. defining a plurality of signatures, each signature comprising one or more classes, the classes being categorized by a taxonomy of classes;

b. receiving a first message from the network;

c. assigning one or more of the signatures to the first message;

d. establishing a set of one or more hypotheses, each hypothesis identifying;

i. a respective root cause; and

ii. one of the signatures assigned to the first message;

e. receiving one or more subsequent messages from the network;

f. determining whether each subsequent message matches a signature identified by a hypothesis established in step d; and

g. generating an output based on the determination in step f;

wherein at least one of the signatures comprise one or more association classes categorized by a taxonomy of association classes, each association class defining an association between two entities; and

wherein steps c and f comprise matching an association class of the message with the association class of the signature.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of identifying a root cause of an event in a network of linked entities. The method comprises: defining a plurality of signatures, each signature comprising one or more classes, the classes being categorized by a taxonomy of classes; receiving a first message from the network; assigning one or more of the signatures to the first message; establishing a set of one or more hypotheses, each hypothesis identifying:a respective root cause; and one of the signatures assigned to the first message; receiving one or more subsequent messages from the network; determining whether each subsequent message matches a signature identified by a previously hypothesis; and generating an output based on the determination.

Typically the method involves an element of human interaction. Typically at least one of the signatures includes a class which encloses two or more subclasses categorized by the taxonomy of classes. The ability to define signatures including such higher level entity classes in the taxonomy enables a human user to generate, store and edit generic hypotheses quickly and intuitively, and/or provides an output which can be easily understood by a human user.

18 Citations

16 Claims

1. A method of identifying a root cause of an event in a network of linked entities, the method comprising:
- a. defining a plurality of signatures, each signature comprising one or more classes, the classes being categorized by a taxonomy of classes;
  
  b. receiving a first message from the network;
  
  c. assigning one or more of the signatures to the first message;
  
  d. establishing a set of one or more hypotheses, each hypothesis identifying;
  
  i. a respective root cause; and
  
  ii. one of the signatures assigned to the first message;
  
  e. receiving one or more subsequent messages from the network;
  
  f. determining whether each subsequent message matches a signature identified by a hypothesis established in step d; and
  
  g. generating an output based on the determination in step f;
  
  wherein at least one of the signatures comprise one or more association classes categorized by a taxonomy of association classes, each association class defining an association between two entities; and
  
  wherein steps c and f comprise matching an association class of the message with the association class of the signature.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 wherein at least one of the signatures comprises a plurality of envelope sets each comprising a set of classes;
    - wherein each envelope set is associated with one or more sub-events related to the root cause; and
      
      wherein a signature is assigned to the first message in step c if the first message matches a set of classes in at least one of that signature'"'"'s envelope sets.
  - 3. The method of claim 1 wherein at least one of the signatures comprises a message class categorized by a taxonomy of message classes and defining a message topic;
    - and steps c and f comprise matching a message class of the message with the message class of the signature.
  - 4. The method of claim 1 wherein at least one of the signatures comprise one or more entity classes categorized by a taxonomy of entity classes, each entity class defining an entity type;
    - and steps c and f comprise matching an entity class of the message with the entity class of the signature.
  - 5. The method of claim 1 wherein at least one of the signatures includes a class which encloses two or more subclasses categorized by the taxonomy of classes.
  - 6. The method of claim 1 wherein the signatures are defined by a human in step a.
  - 7. The method of claim 1 further comprising giving the one or more hypotheses scores, and amending the scores when the signatures associated with them match subsequent received messages.
  - 8. The method of claim 7 further comprising promoting a hypothesis to an elected phase when its score reaches a predetermined level, increasing its score when the signature associated with it matches a message, and decreasing the score of any other co-existing hypotheses whose signature also matches the message.
  - 9. The method of claim 1 wherein step f comprises comparing an observation time associated with the subsequent message with an event time associated with the hypothesis established in step d.
  - 10. A network analysis engine comprising physical computing machinery configured to identify a root cause of an event in a network of linked entities by the method of claim 1.
  - 11. A non-transitory tangible computer readable medium having code embedded therein for controlling the operating of a network analysis engine in accordance with the method of claim 1.
  - 12. The method of claim 1 wherein step c comprises looking up the first message in a taxonomy store and assigning a set of classes and subclasses to the first message.

13. A method of identifying a root cause of an event in a network of linked entities, the method comprising:
- a. receiving a first message from the network;
  
  b. establishing a first hypothesis associated with the first message;
  
  c. receiving one or more subsequent messages from the network;
  
  d. for each subsequent message;
  
  i. establishing a new hypothesis, and;
  
  ii. determining whether the subsequent message matches any previously established hypothesis by comparing an observation time associated with the message with an event time associated with the hypothesis;
  
  e. generating an output based on the determination in step d.ii; and
  
  f. defining a plurality of signatures, wherein any subsequent message which does not match one of the signatures does not establish a new hypothesis, and wherein at least one of the signatures comprise one or more association classes categorized by a taxonomy of association classes, each association class defining an association between two entities.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13 further comprising presenting the output to a user.
  - 15. A network analysis engine comprising physical computing machinery configured to identify a root cause of an event in a network of linked entities by the method of claim 13.
  - 16. A non-transitory tangible computer readable medium having coded embedded therein for controlling the operating of a network analysis engine in accordance with the method of claim 13.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
System Technical Co., Ltd.
Original Assignee
Zenulta Limited
Inventors
Pauly, Duncan Gunther
Primary Examiner(s)
Chan, Wing
Assistant Examiner(s)
Baturay, Alicia

Application Number

US12/596,274
Publication Number

US 20100138533A1
Time in Patent Office

1,540 Days
Field of Search

709/223
US Class Current

709/223
CPC Class Codes

H04L 41/0233   Object-oriented techniques,...

H04L 41/0631   using root cause analysis; ...

H04L 41/16   using machine learning or a...

Method of identifying a root cause of a network event

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method of identifying a root cause of a network event

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links