System and method for correlating fingerprints for automated intelligence
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-015/16
출원번호
US-0194197
(2008-08-19)
등록번호
US-8631117
(2014-01-14)
발명자
/ 주소
Marvasti, Mazda A.
출원인 / 주소
VMware, Inc.
인용정보
피인용 횟수 :
0인용 특허 :
35
초록▼
A system and method for correlating fingerprints in an Information Technology (IT) infrastructure for automated intelligence, where a fingerprint provides an indication of the activity and operation of the IT infrastructure immediately preceding an event. It is determined whether a correlation exist
A system and method for correlating fingerprints in an Information Technology (IT) infrastructure for automated intelligence, where a fingerprint provides an indication of the activity and operation of the IT infrastructure immediately preceding an event. It is determined whether a correlation exists between multiple fingerprints to determine whether such fingerprints separately indicate the occurrence of the event for the same reason. If a degree of match is found to exist between the rule sets of multiple fingerprints that exceeds a certain threshold, the fingerprints are determined to indicate the occurrence of the event for the same reason and the rule sets for those fingerprints can be merged together with the probabilities that such rules will indicate the occurrence of the event adjusted accordingly. In one or more embodiments, the fingerprint matching correlation procedures are implemented to account for time or phase shifts between the rule sets in two fingerprints.
대표청구항▼
1. A method comprising: capturing a first fingerprint of at least a portion of an information technology (IT) infrastructure associated with a certain event relating to the IT infrastructure;capturing a second fingerprint of at least a portion of the IT infrastructure associated with an event relati
1. A method comprising: capturing a first fingerprint of at least a portion of an information technology (IT) infrastructure associated with a certain event relating to the IT infrastructure;capturing a second fingerprint of at least a portion of the IT infrastructure associated with an event relating to the IT infrastructure; anddetermining whether a correlation exists between the first and second fingerprints such that the first and second fingerprints each provide an indication of at least a portion of the same event relating to the IT infrastructure, wherein each of the first and second fingerprints includes a set of rules for a set of time cuts, respectively, wherein each rule in the set of rules includes a probability that a symptom of the event occurs for a specific time cut, wherein the symptom includes a metric and a reason that the event is generated, wherein determining whether a correlation exists comprises determining the degree of match between rules of the first fingerprint against rules of the second fingerprint across the various time cuts. 2. The method of claim 1, further comprising merging the first and second fingerprints together when it is determined that the first and second fingerprints correlate to each other. 3. The method of claim 1, further comprising: iteratively shifting a phase shift in time cuts between the sets of rules in the first and second fingerprints;determining a degree of match between the rules of the first fingerprint against rules of the second fingerprint across for each iteration of phase shift; anddetermining the phase shift for which a maximum degree of match exists between the sets of rules of the first and second fingerprints and determining a value of the associated maximum degree of match. 4. The method of claim 3, further comprising: determining whether the value for the maximum degree of match exceeds a certain threshold, andmerging the sets of rules for the first and second fingerprints together when the value for the maximum degree of match exceeds the certain threshold. 5. The method of claim 4, further comprising adjusting the probabilities of the merged sets of rules, wherein the rules having a degree of match between the first and second thresholds have their probabilities increased while rules that do not have a degree of match between the first and second thresholds have their probabilities decreased. 6. The method of claim 1, wherein the first and second fingerprints are captured prior to the occurring event. 7. A non-transitory machine-readable medium having program instructions stored thereon executable by a processing unit of a special-purpose network monitoring server for performing the steps of: capturing a first fingerprint of at least a portion of an information technology (IT) infrastructure associated with a certain event relating to the IT infrastructure;capturing a second fingerprint of at least a portion of the IT infrastructure associated with an event relating to the IT infrastructure; anddetermining whether a correlation exists between the first and second fingerprints such that the first and second fingerprints each provide an indication of at least a portion of the same event relating to the IT infrastructure, wherein each of the first and second fingerprints includes a set of rules for a set of time cuts, respectively, wherein each rule in the set of rules includes a probability that a symptom of the event occurs for a specific time cut, wherein the symptom includes a metric and a reason that the event is generated, wherein determining whether a correlation exists comprises determining the degree of match between rules of the first fingerprint against rules of the second fingerprint across the various time cuts. 8. The non-transitory machine-readable medium of claim 7, further comprising program instructions stored thereon for: iteratively shifting a phase shift in time cuts between the sets of rules in the first and second fingerprints;determining a degree of match between the rules of the first fingerprint against rules of the second fingerprint across for each iteration of phase shift; anddetermining the phase shift for which a maximum degree of match exists between the sets of rules of the first and second fingerprints and determining a value of the associated maximum degree of match. 9. The non-transitory machine-readable medium of claim 8, further comprising program instructions stored thereon for: determining whether the value for the maximum degree of match exceeds a certain threshold, andmerging the sets of rules for the first and second fingerprints together when the value for the maximum degree of match exceeds the certain threshold. 10. The non-transitory machine-readable medium of claim 9, further comprising program instructions stored thereon for adjusting the probabilities of the merged sets of rules, wherein the rules having a degree of match between the first and second thresholds have their probabilities increased while rules that do not have a degree of match between the first and second thresholds have their probabilities decreased. 11. A system comprising: a fingerprint capturing module for capturing a first fingerprint of at least a portion of an information technology (IT) infrastructure associated with a certain event relating to the IT infrastructure,the fingerprint capturing module further capturing a second fingerprint of at least a portion of the IT infrastructure associated with an event relating to the IT infrastructure; anda fingerprint correlation module for determining whether a correlation exists between the first and second fingerprints such that the first and second fingerprints each provide an indication of at least a portion of the same event relating to the IT infrastructure, wherein each of the first and second fingerprints includes a set of rules for a set of time cuts, respectively, wherein each rule in the set of rules includes a probability that a symptom of the event occurs for a specific time cut, wherein the symptom includes a metric and a reason that the event is generated, wherein the fingerprint correlation module is further configured to determine the degree of match between rules of the first fingerprint against rules of the second fingerprint across the various time cuts. 12. The system of claim 11, wherein the fingerprint correlation module further: iteratively shifts a phase shift in time cuts between the sets of rules in the first and second fingerprints;determines a degree of match between the rules of the first fingerprint against rules of the second fingerprint across for each iteration of phase shift; anddetermines the phase shift for which a maximum degree of match exists between the sets of rules of the first and second fingerprints and determines a value for the associated maximum degree of match. 13. The system of claim 12, wherein the fingerprint correlation module further: determines whether the value for the maximum degree of match exceeds a certain threshold, andmerges the sets of rules for the first and second fingerprints together when the value for the maximum degree of match exceeds the certain threshold. 14. The system of claim 13, wherein the fingerprint correlation module further adjusts the probabilities of the merged sets of rules, wherein the rules having a degree of match between the first and second thresholds have their probabilities increased while rules that do not have a degree of match between the first and second thresholds have their probabilities decreased.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (35)
Enck, Brent A.; Martin, Andrea; Flood, David S.; Green, John; Knoop, James A., Adaptive performance data measurement and collections.
Yemini Yechiam (Briarcliff Manor NY) Yemini Shaula (Briarcliff Manor NY) Kliger Shmuel (Ossining NY), Apparatus and method for analyzing and correlating events in a system using a causality matrix.
Anuszczyk,Jeffrey John; Barbrow,David Jay; Bhathena,Firdaus; Beaman,Peter Demarest; Kowalczyk,Stanislaw; Wheeler,Blair Francis, Method and apparatus for managing components in an IT system.
David Richard Gibson ; Nicholas Edward Roddy ; Anil Varma, Method and system for analyzing fault and snapshot operational parameter data for diagnostics of machine malfunctions.
Herring,David; Carroll,John; O'Grady,Rehan; Coleman,Neil; Marks,Felix, Method and system for predicting causes of network service outages using time domain correlation.
McCown Patricia M. (Cresskill NJ) Conway Timothy J. (Highland Park NJ) Jessen Karl M. (Bayonne NJ), Methods and apparatus for monitoring system performance.
Bliley, Richard G.; Roddy, Nicholas E., Process and system for analyzing fault log data from a machine so as to identify faults predictive of machine failures.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.