Message abnormality automatic detection device, method and program

US 8,332,503 B2
Filed: 08/17/2005
Issued: 12/11/2012
Est. Priority Date: 05/11/2005
Status: Active Grant

First Claim

Patent Images

1. A detection device comprising:

learning means for extracting a sequence pattern of at least two consecutive messages from a first group of messages generated by a system, and for counting a number of the sequence pattern of messages in the first group;

memory means for storing the sequence pattern and the number of the sequence pattern of messages in the first group; and

collation means for referencing the sequence pattern and the number of the sequence pattern of the messages in the first group stored in the memory means, for counting a number of the sequence pattern of messages in a second group of messages generated by the system, and for determining abnormality when the number of the sequence pattern of the messages in the second group is not within a range set using the number of the sequence pattern of messages in the first group,the collation means is to determine the abnormality when a proportion of the counted number of the sequence pattern of messages in the second group to the number of the sequence pattern of messages in the first group is equal to or larger than a certain number.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In order to provide a message abnormality automatic detection device, method and program for accurately detecting messages indicating abnormalities requiring response from a large amount of messages, the message abnormality automatic detection device 1 comprises a message collection unit 2 for collecting messages, a learning unit 3 for extracting patterns from the collected messages, a normal pattern memory unit 4 for storing normal patterns, a collation unit 5 for collating the collected messages with normal patterns and detecting message abnormalities, a warning unit 6 for outputting abnormalities to display 9 and the like, and a definition unit 7 for storing the definition data related to normal patterns.

26 Citations

View as Search Results

11 Claims

1. A detection device comprising:
- learning means for extracting a sequence pattern of at least two consecutive messages from a first group of messages generated by a system, and for counting a number of the sequence pattern of messages in the first group;
  
  memory means for storing the sequence pattern and the number of the sequence pattern of messages in the first group; and
  
  collation means for referencing the sequence pattern and the number of the sequence pattern of the messages in the first group stored in the memory means, for counting a number of the sequence pattern of messages in a second group of messages generated by the system, and for determining abnormality when the number of the sequence pattern of the messages in the second group is not within a range set using the number of the sequence pattern of messages in the first group,the collation means is to determine the abnormality when a proportion of the counted number of the sequence pattern of messages in the second group to the number of the sequence pattern of messages in the first group is equal to or larger than a certain number.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The detection device according to claim 1 wherein,a period in which the first group is obtained and a period in which the second group is obtained are included in a same time period and a same day of different weeks.
  - 3. The detection device according to claim 1 wherein,the learning means is to extract a plurality of sequence patterns from the first group,the memory means, for each of the extracted plurality of sequence patterns from the first group, stores the number of the sequence pattern of messages in the first group in the memory means,the learning means, for each of the extracted plurality of sequence patterns from the first group, counts the number of the sequence pattern of messages in the second group, andthe collation means determines the abnormality when a proportion of the number of the sequence pattern of messages in the second group of at least any one of the plurality of sequence patterns to the number of the sequence pattern of messages in the first group is equal to or larger than a certain number.
  - 4. The detection device according to claim 3 wherein,the extracted plurality of sequence patterns include a plurality of sequence patterns, a part of which prefix-matches, and the sequence patterns of a tree-structure is formed by aggregating the matched part, andeach message in the plurality of sequence patterns included in the tree-structure is associated with the number of the sequence pattern of messages in the first group that is using the sequence pattern including messages existing on a way from a root end to the each message of the tree-structure including the each message.
  - 5. The detection device according to claim 4 wherein,from among the number of the sequence pattern of messages in the first group associated with a message positioned on the root end of the tree-structure and stored in the memory means, the number of the sequence pattern of messages in the first group associated with a message indicating a content that is same as a first message obtained after the first group is selected,from among the number of the sequence pattern of messages in the first group stored in the memory means, the number of the sequence pattern of messages in the first group being under the selected number of the sequence pattern of messages in the first group and being positioned in a lower hierarchy in the tree-structure, the number of the sequence pattern of messages in the first group associated with a message indicating a content same as a second message obtained subsequent to the first message is selected and the selection of the previously selected number of the sequence pattern of messages in the first group is released,an abnormality is determined when number of times that a proportion of the number of the sequence pattern of messages in the first group stored in the memory means is selected to the number of the sequence pattern of messages in the first group is equal to or larger than the certain number.

6. A detection device comprising:
- learning means for extracting a sequence pattern of at least two consecutive messages from a first group of messages obtained from a device within a first period of time, and for counting a number of the sequence pattern of messages in the first group;
  
  memory means for storing the sequence pattern and the number of the sequence pattern of messages in the first group; and
  
  collation means for referencing the sequence pattern and the number of the sequence pattern of the messages in the first group stored in the memory means, for counting a number of the sequence pattern of messages in a second group of messages obtained within a second period of time that is after the first period of time, and for determining abnormality when the number of the sequence pattern of the messages in the second group is not within a range set using the number of the sequence pattern of messages in the first group,wherein the collation means is to determine the abnormality when a proportion of the counted number of the sequence pattern of messages in the second group to the number of the sequence pattern of messages in the first group is equal to or smaller than the certain number.
- View Dependent Claims (7)
- - 7. The detection device according to claim 6 wherein,the first period of time and the second period of time are included in a same time period and a same day of different weeks.

8. A detection device comprising:
- learning means for extracting a sequence pattern of at least two consecutive messages from a first group of messages generated by a system, and for counting a number of the sequence pattern of messages in the first group;
  
  memory means for storing the sequence pattern and the number of the sequence pattern of messages in the first group; and
  
  collation means for selecting a sequence pattern of the extracted sequence patterns, which includes a message indicating a content same as a first message obtained after the first group of messages, and for determining abnormality when the selected sequence pattern does not include a message indicating a content same as a second message obtained subsequent to the first message as a message obtained subsequent to the message indicating the content same as the first message;
  
  wherein the selection of the sequence pattern of the selected sequence patterns, which does not include the message indicating the content same as the second message as a message obtained subsequent to the first message, is released, anda sequence pattern of the extracted sequence patterns, which includes a message indicating a content same as the second message as a message obtained first is further selected.
- View Dependent Claims (9)
- - 9. The detection device according to claim 8 wherein,when none of the extracted sequence pattern includes the message indicating the content same as the first message, a notice including the first message is output.

10. A detection method causing a computer to execute:
- extracting a sequence pattern of at least two consecutive messages from a first group of messages generated by a system, and counting a number of the sequence pattern of messages in the first group;
  
  storing the sequence pattern and the number of the sequence pattern of messages in the first group;
  
  referencing the sequence pattern and the number of the sequence pattern of the messages in the first group stored in the memory means, counting a number of the sequence pattern of messages in a second group of messages generated by the system, and determining abnormality when the number of the sequence pattern of the messages in the second group is not within a range set using the number of the sequence pattern of messages in the first group; and
  
  determining the abnormality when a proportion of the counted number of the sequence pattern of messages in the second group to the number of the sequence pattern of messages in the first group is equal to or larger than a certain number.

11. A detection device comprising:
- a memory, anda processor which executes;
  
  extracting a sequence pattern of at least two consecutive messages from a first group of messages generated by a system, and counting a number of the sequence pattern of messages in the first group;
  
  storing the sequence pattern and the number of the sequence pattern of messages in the first group on the memory;
  
  referencing the sequence pattern and the number of the sequence pattern of the messages in the first group stored in the memory, counting a number of the sequence pattern of messages in a second group of messages generated by the system, and determining abnormality when the number of the sequence pattern of the messages in the second group is not within a range set using the number of the sequence pattern of messages in the first group; and
  
  determining the abnormality when a proportion of the counted number of the sequence pattern of messages in the second group to the number of the sequence pattern of messages in the first group is equal to or larger than a certain number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Takagi, Ryuichi
Primary Examiner(s)
LIN, KENNY S

Application Number

US11/205,621
Publication Number

US 20060256714A1
Time in Patent Office

2,673 Days
Field of Search

709223-229, 709/203, 709/204, 709/206, 726 1- 26
US Class Current

709/224
CPC Class Codes

H04J 3/14   Monitoring arrangements for...

H04L 43/00   Arrangements for monitoring...

H04L 69/40   for recovering from a failu...

Message abnormality automatic detection device, method and program

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Message abnormality automatic detection device, method and program

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links