Alarm Correlation Research and Implementation Based on Similar Data Sources

Similar documents
Design of Humidity Monitoring System Based on Virtual Instrument

Design of the Fiber-optic Fence Warning System with Distributed Video Real-Time Display Function Qiang-yi YI and Zheng-hong YU *

Construction of Wireless Fire Alarm System Based on ZigBee Technology

Performance Neuro-Fuzzy for Power System Fault Location

Research on the Monitor and Control System of Granary Temperature and Humidity Based on ARM

A Design Method Based on Inherent Testability of Remote Control and Monitoring System for Marine Main Engine

Intrusion Detection System: Facts, Challenges and Futures. By Gina Tjhai 13 th March 2007 Network Research Group

Design of Intelligent Humidity Sensing Watering System Based on MCU

SIMULATION ANALYSIS ON THE FRESH AIR HANDLING UNIT WITH LIQUID DESICCANT TOTAL HEAT RECOVERY

INDOOR HUMAN THERMAL COMFORT OPTIMAL CONTROL WITH DESICCANT WHEEL COOLING SYSTEM

Video Smoke Detection using Deep Domain Adaptation Enhanced with Synthetic Smoke Images

Design and Implementation of Sewage Treatment Control System

Procedia - Social and Behavioral Sciences 195 ( 2015 ) World Conference on Technology, Innovation and Entrepreneurship

Dynamic Evacuation Guidance Considering Occupant Distribution

Fuzzy Logic Based Coolant Leak Detection

Analysis of freeze protection methods for recuperators used in energy recovery from exhaust air

Open Access Operation Modes and Energy Analysis of a New Ice-Storage Air- Conditioning System

The Design of MLX90621 Based Intelligent Lighting Control System Hui-jiao Wang*, Meng-meng Liu and Cong-cong Shi

The Mode of Urban Renewal Base on the Smart City Theory under the Background of New Urbanization

ScienceDirect. Development progress of critical equipment in the CSNS cryogenic hydrogen system

Development of Bionic Air Cooler Used in High Temperature Coal Mine

An improved Algorithm of Generating Network Intrusion Detector Li Ma 1, a, Yan Chen 1, b

Applied Data Science: Using Machine Learning for Alarm Verification

A Numerical study of the Fire-extinguishing Performance of Water Mist in an Opening Machinery Space

Using BIM model for Fire Emergency Evacuation Plan

Reducing energy consumption of airconditioning systems in moderate climates by applying indirect evaporative cooling

The design of automatic remote monitoring system for the temperature and humidity based on GPRS Hui ZHANG 1, a, Honghua WANG 2,a

Research on Decision Tree Application in Data of Fire Alarm Receipt and Disposal

4th International Conference on Sensors, Measurement and Intelligent Materials (ICSMIM 2015)

Multi-sensor System For Indoor Environment Monitoring Zheng-yu Wanga, and Xiao-ru Zhangb

Implementation of an Embedded Microcontroller-Based Intrusion Detection System

An Alarm Correlation Algorithm for Network Management Based on Root Cause Analysis

Design of Electronic Control System for Robot Cleaning Machine Based on Profibus-DP. Wei GUAN

Design of Mine Safety Detection Alarm Based on Single-chip Mingtao Ma

Design of Classroom Intelligent Lighting System Based on SCM. Jiale Zheng1, a

Available online at ScienceDirect. Procedia Engineering 121 (2015 )

DEVELOPMENT OF THE TANGO ALARM SYSTEM

Industrial Ray DR/ ICT integration inspection testing system. (2) Software and Testing

2012 International Symposium on Safety Science and Technology Factor analysis of high-rise building fires reasons and fire protection measures

Available online at ScienceDirect. Procedia Engineering 84 (2014 )

COOLING OF DESKTOP COMPUTER USING HEAT PIPES

System Description AutroMaster V Presentation System

MODELLING AND OPTIMIZATION OF DIRECT EXPANSION AIR CONDITIONING SYSTEM FOR COMMERCIAL BUILDING ENERGY SAVING

Design and Research of the Commercial Digital VRV Multi-Connected Units With Sub-Cooled Ice Storage System

The Design of Temperature Control System for Vegetable Greenhouse

Moxa Proactive Monitoring User s Manual

New fire control system design for fire fighting and rescue equipment Jianguo LUO1, a, Zehao BU2, b

PERFORMANCE EVALUATION OF THE MINIATRIZED CATALYTIC COMBUSTION TYPE HYDROGEN SENSOR

Experimental Study on the Effects of Compression Parameters on Molding Quality of Dried Fish Floss

2012 International Symposium on Safety Science and Technology Investigation on compressed air foams fire-extinguishing model for oil pan fire

Improving rail network velocity: A machine learning approach to predictive maintenance

Teaching Landscape Spatial Design with Grading Studies: An Experiment Based on High Fidelity DTM

Proceedings Design, Fabrication and Optimization of a Silicon MEMS Natural Gas Sensor

Batt-Safe Battery String Monitoring System

Best Row Number Ratio Study of Surface Air Coolers for Segmented Handling Air-conditioning System

JOVY SYSTEMS RE User Manual Rev. 1.00

Artificial Intelligence Enables a Network Revolution

Battery control panel BCP-136

Shortcut Model for Predicting Refrigeration Cycle Performance

A study of Transient Performance of A Cascade Heat Pump System

Heat Transfer Enhancement using Herringbone wavy & Smooth Wavy fin Heat Exchanger for Hydraulic Oil Cooling

Supporting Information

The Application of Multi-threaded Socket and Picture Field Technology of DataGridView in the Development of Alarm Receiver Software

International Forum on Energy, Environment Science and Materials (IFEESM 2015)

Simulation of Full-scale Smoke Control in Atrium

Design and Implementation of a Real Time Wireless Monitor System for Urinary Incontinence

GSM BASED GARBAGE AND WASTE COLLECTION BIN OVERFLOW INDICATOR

Study in Step by Step Electric Energy Meter Connection Detection Method

Available online at ScienceDirect. Procedia Engineering 135 (2016 )

FIMD: Fine-grained Device-free Motion Detection

The design of the human body infrared thermometer

Smart Garbage Monitoring System for Waste Management

ZONE MODEL VERIFICATION BY ELECTRIC HEATER

Systematic Review in Software Engineering. Luiz Fernando Ferreira Gomes de Assis Prof. Dr. João Porto de Albuquerque Profa. Dra. Elisa Yumi Nakagawa

Reduction of alerts in automated systems based on a combined analysis of process connectivity and alarm logs

Alarm handling by SMS in ALERT

Patriot Systems Limited

Design of Multi-Sensors Cooperation Control System for Intelligent Building

Experion LX Direct Station Specification

Experimental Study of Initial Process of Frost on Heat Exchanger Surface of Refrigerated Transport Vehicle

Research Article Footstep and Vehicle Detection Using Seismic Sensors in Wireless Sensor Network: Field Tests

Before you install ProSeries Express Edition software for network use

Recording Server PRELOADED

IE Code IE Competency Title Credit OAC Ref.

A design of automatic boiler intelligent alert system based on the wireless AD hoc network

The study of sewage sludge thermo-drying efficiency

The Effect of Quantity of Salt on the Drying Characteristics of Fresh Noodles

Experimental Implementation of Spectrum Sensing Using Cognitive Radio

Healthy Buildings 2017 Europe July 2-5, 2017, Lublin, Poland

Structure Improvement and Flow Field Analysis of Condenser in Freeze drying Equipment

Experimental Investigate on the Performance of High Temperature Heat Pump Using Scroll Compressor

HOW TO REDUCE ENERGY CONSUMPTION OF BUILT-IN REFRIGERATORS?

Experimental Study on Match for Indoor and Outdoor Heat Exchanger of Residential Airconditioner

A Study on Landscape Design Paradigm from the Perspective of Visual Impact and Experience

Experimental Study on Performance of Double pipe Length on Instantaneous Air Source Heat Pump Water Heater. Yin Shaoyou 1, a

for Precision Planter System Based on MSP430-CT171 Lianming Xia, Xiangyou Wang*, Duanyang Geng, Qingfeng Zhang

Basic CFD model of heat pipe

STACK EFFECT IN LIGHT WELL OF HIGH RISE APARTMENT BUILDING

Design of Gear Defect Detection System Based on Machine Vision

inter.noise 2000 The 29th International Congress and Exhibition on Noise Control Engineering August 2000, Nice, FRANCE

Transcription:

4th International Conference on Machinery, Materials and Information Technology Applications (ICMMITA 201) Alarm Correlation Research and Implementation Based on Similar Data Sources Yi Tang1, a and Dahai Jin2, b 1 Institute of Network Technology, Beijing University of Posts and Telecommunications, Beijing, 10087, China 2 Institute of Network Technology, Beijing University of Posts and Telecommunications, Beijing, 10087, China a tangyi_bupt@1.com, bjindh@bupt.edu.cn Keywords: Alarm correlation, software test system, similar data sources. Abstract. In the modern society, static defect detection technology become an effective way to build reliable software. But the phenomena of misinformation and failing to report in the result of static defect detection makes testers needed to confirm the false alarms one by one manually. It is necessary to improve efficiency of alarm confirmation. In this paper, an alarm correlation method for similar data sources is proposed. The method uses data sources of the alarm to generate symbol information the define point information. With the symbolic information, we can generate a feature function which is consist of all alarm variable s DEF point symbols. According to feature function, we can generate an equivalent signature code. Finally, by comparing the similarity of the signatures to determine whether there is an association between the two alarm. Testers only need to pick up one or a few alarms in a class for confirmation after apply this technology which greatly improve the system s efficiency. 1. Introduction Static defect detection technology is a kind of software test technology based on the program fragment analysis. It has become an effective way to build reliable software for its no program execution and effective in small probability defects test. But the phenomena of misinformation and failing to report in the result of static defect detection makes testers needed to confirm the false alarms one by one manually[1]. A lot of artificial confirmation work waste time and energy, reduce the defect efficiency, and even lead to software developers and managements refuse to use static detection tools in the process of software development. To improve efficiency of alarm confirmation, the alarm correlation technology developed[2]. This technology gets together for a class of associated alarms. Testers only need to pick up one or a few alarms in a class for confirmation, which greatly shorten the confirm time. Nowadays, There are two main techniques in alarm correlation field. One is a method based on data mining and machine learning to associate defect automatically[], while the other one is based on abstract interpretation to calculate error state into precise semantics, then resect, disseminate or backtrack with this precise semantics information to associate the defect[4]. The advantage of these methods is that more defect can be grouped together. However, the existing method based on machine learning is difficult to keep balance between association accuracy and correlation efficiency, on the other side, the alarm correlation technology based on symbol execution and constraint solving is limited within the process, and it needs super control flow graph to associate grouping technology which limits the scale of the program and affects the association efficiency. In this paper, an alarm correlation method for similar data sources is proposed. The method uses data sources of the alarm to generate symbol information the value information, and with the structure of the alarm to generate into feature function, then with the feature function to generate a Copyright 2017, the Authors. Published by Atlantis Press. This is an open access article under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/). 1155

signature code. Finally, by comparing the similarity of the signatures to determine whether there is an correlation between the two alarm. The higher the similarity, the higher the association degree. 2. Related Work The root cause of an alarm is its assignment operation of related variables, which is directly associated with the assigned object, the method to assign the object, and the composition way of the assigned data. Here are some basic concepts about assignment and the classification of alarms. A Basic Concepts Two kinds of variables appear in the program: DEF and USE. DEF Point: To Assign the variable (write to variable memory) USE Point: Take the value of the variable (read from the variable memory) DEF point is the data source of a variable, which would affect the current variable values. B. Types of Alarm Correlation Based on Similar Data Sources The origin of alarms are DEF points. Alarm point and DEF points may appear in the same function, and also in different functions. According to the above rules, DEF points could be divided into inside a function (in the same function with alarm point) and across functions(not in the same function with alarm point). Across functions points include function parameters, global variables, return values and side effects. As shown in the figure below: Inside a Function 1 int jhb_npd_2_f(void) 2 { FILE *stream; 4 fpos_t filepos; 5 stream = fopen("myfile.txt", "w+"); //fopen may return null pointer fseek(stream, 0L, SEEK_END); //NULL POINTER DEFECT 7 fgetpos(stream, &filepos); // NULL POINTER DEFECT 8 ftell(stream); // NULL POINTER DEFECT return 0; 10 } In this code snippet, null pointer alarms are reported in, 7, 8 lines. The fopen function may returns null pointer may in line 5. If the pointer is assigned to variable stream, fseek fgetpos ftell functions would throw null pointer exceptions when dereference variable stream. So that the alarm in lines,7,8 are all caused by the fopen function s return pointer may be null. Above all, these alarms have the same data source, so they can get together to one class. Across Functions 1 char * str_to_nstr (str_t * str) 2 { char *nstr = xmalloc (str->len + 1); //xmalloc() may return null pointer 4 int pos = 0; 5 for (; pos < str->len; pos++) { 7 nstr[pos] = str->str[pos]; // NPD 8 } nstr[pos + 1] = 0; 10 return nstr; 11 } 12 str_t * str_make (str_t * str) 1 { 14 if (!str) 15 { 1 str = xmalloc (sizeof *str);//xmalloc()may return null pointer 115

17 18 str->str = xmalloc (str->mem = CHUNK); // NPD } return str; 1 20 } In this code snippet, null pointer alarms are reported in 7,, 17 lines. The variable nstr is defined and receive the return value of xmalloc() in function str_to_nstr(), which is dereference in 7, lines; function parameter str receive the return value of xmalloc() in function str_make(). As the return value of xmalloc() may be null, nstr and str, which is dereference in line7, and 17 may also be null. These alarms could get together for a class because all of them were caused by the null pointer of xmalloc() returns.. Architecture of Our Alarm Correlation System DTS(Defect Testing System) is a static alarm detection tool based on defect mode, which is developed by Beijing University of Posts and Telecommunications in many national 8 projects. At present, it supports three languages of C, C++ and Java. The system is installed on the operating system in the form of client software, and the potential defects in the source code are found by using the static analysis program. All the alarms used in this paper is detected by DTS. In this paper, we proposed a method of alarm corrlation based on symbolic DEF point. The method design is shown in the figure below: Input Position of the Alarm Point Classify the alarm point according its features Build the feature function of the alarm point Generate equivalent defect signature code Associated to defect according to signature code Fig. 1 The System Design Figure A. Input Position of the Alarm Point Input location information of the alarm point, which including file path, abstract syntax tree and control flow graph nodes. B. Classify the alarm point according its features Classify the alarm point according to the following three features: According to the number of variables in alarm point, the alarm point could be divided into single-valued and multiple-valued; According to the define level, the alarm point is divided into single layer and multilayer; According to the number of alarm data sources, the alarm can be divided into single-source and multi-sources. C. Build the feature function of the alarm point Alarm is rooted in the variable s DEF points. Now we symbolic all the DEF points into structure S Structure C Constant V Variable P Position. For Example, In the first code snippet line 5: 1157

Code : stream = fopen("myfile.txt", "w+"); Symbol:[structure:[Function:fopen] constancts:[ "MYFILE.TXT" "w+"] variables:[null] position:[method: jhb_npd_2_f line:5] According to the symbolic information of DEF points and feature of alarm points, we can generate a DEF function which is a consist of all alarm variable s DEF point symbols. For single layer alarm, the DEF function is only one layer; for multilayer alarm, each layer has a DEF function. The DEF point symbol information is got from control flow graph for inside function alarm. While for across functions situation, the information is taken from function abstract messages. D. Generate equivalent defect signature code According to the feature function information, generate equivalent signature code. Every layer has a signature code, which is the binary hash code of the feature function. E. Associated to defect according to signature code As the signature code is equal with feature function, which is the root cause of an alarm, we could compute equivalence partitioning for alarm points. In each partition, only one or few alarm need to be confirmed manually. 4. Implementation In this section, we make some experiments to detect the effect of this design. All the alarms is detected by DTS(Defect Test System). A. Experimental Environment Table 1 Experimental Environment Table Hardware environment Software environment: Processor: Intel(R) Xeon(R) CPU E520 Operating system: Microsoft Windows 7 @2.4GHz. JDK: 1.7.0_02. Memory: 4.00GB. DTS: 8.0 B. Result and analysis The experimental results show in table below, including the files number of the project, the alarms number, the associated alarms number and correlation. Project name Table 2 Alarm Correlation Result File Alarm Associated alarms number number Inside a Across functio functions n 120 285 70 12 Tota l correlatio n sphinxbase-0. 82 28.77% Spell-1.0 40 2 11 27.50% From the above experimental results, it can be seen that the alarm correlation method based on similar data sources can be effective to establish a link between equivalent alarms, for the correction is nearly 0 percent. Clearly, application of this technology would significant shorten the time of confirmation. 5. Conclusion and future work In this paper, the alarm correlation method is based on similarity of symbolic expression and calculation of DEF-USE chain, which have higher demand to the precision of the abstract explanation of. Besides, since it depends on the information generated in alarm detection process instead of special correlation calculation, the correlation effect is not significant compared with some other methods. In the future work, we will try our best to further reduce the energy needed by the human review on 1158

the premise of not reduce correlation reliability. For example, combining with Heckman and William s actionable alert identification techniques(aait)[5], we can just check the dominant "active" defects, namely according to check whether the leading defects is in a state of "activity" or not. In a word, the method that this paper has put forward need much more practice and studying to enrich and perfect, and it will be more practicably. References [1]. Dahai Jin Yunzhan Gong Yawen Wang. Software testing technology. Information and Communication Technologies, 2015(). [2]. Dalin zhang. Research on static defect detection to optimize some key technologies. Beijing University of Posts and Telecomunications 2014(5). [] Kremenek T, Ashcraft K, Yang J, et al. Correlation exploitation in error ranking. ACM SIGSOFT Software Engineering Notes, ACM, 2004, 2(): 8-. [4] Le W, Soffa M L. Path-based fault correlations[c]//proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering. ACM, 2010: 07-1. [5] Heckman S, Williams L. A model building process for identifying actionable static analysis alerts. In: Proceedings of IEEE ICST'0. Denver: IEEE Press, 200. 11-170. 115

2024 © homedocbox.com Privacy Policy | Terms of Service | Feedback