TY - GEN
T1 - Alert Flood Reduction in Large-Scale Control Systems - A Hybrid Pattern Mining-based Approach
AU - Schönböck, Johannes
AU - Schwinger, Wieland
AU - Kapsammer, Elisabeth
AU - Retschitzegger, Werner
AU - Pröll, Birgit
AU - Zaunmair, Herbert
AU - Höbart, Alexander
AU - Graf, David
AU - Lechner, Marianne
N1 - Publisher Copyright:
© 2024 Copyright held by the owner/author(s).
PY - 2025/2/7
Y1 - 2025/2/7
N2 - The immense flood of alerts that is constantly produced in large-scale control systems (LSCS) of critical infrastructures, ranging from energy and ICT to traffic, represents a substantial challenge for efficient and safe operation. Although research for reducing alert floods exists since decades, mining of appropriate alert patterns as the ultimate means to cope with alert quantity is especially challenged since relationships between alerts are commonly unknown, due to heterogeneity, size, and evolutionary nature of LSCS.Thus, this paper contributes an alert-driven pattern mining approach based on a hybrid, multi-objective evolutionary algorithm being unique in two directions. First, pattern quality is optimized by maximizing both, pattern size in terms of how many alerts are covered by a single pattern occurrence and pattern confidence taking into consideration how many alert occurrences are covered by repeated pattern occurrences, thus allowing for a two-dimensional flood reduction. Secondly, pattern coverage is maximized, ensuring that each alert occurrence is pinned down within a pattern and at the same time allowing for various patterns to be identified for a single alert, thus facilitating a multi-faceted flood reduction. Based on real-world log data in the area of road traffic management, the applicability of our approach is demonstrated.
AB - The immense flood of alerts that is constantly produced in large-scale control systems (LSCS) of critical infrastructures, ranging from energy and ICT to traffic, represents a substantial challenge for efficient and safe operation. Although research for reducing alert floods exists since decades, mining of appropriate alert patterns as the ultimate means to cope with alert quantity is especially challenged since relationships between alerts are commonly unknown, due to heterogeneity, size, and evolutionary nature of LSCS.Thus, this paper contributes an alert-driven pattern mining approach based on a hybrid, multi-objective evolutionary algorithm being unique in two directions. First, pattern quality is optimized by maximizing both, pattern size in terms of how many alerts are covered by a single pattern occurrence and pattern confidence taking into consideration how many alert occurrences are covered by repeated pattern occurrences, thus allowing for a two-dimensional flood reduction. Secondly, pattern coverage is maximized, ensuring that each alert occurrence is pinned down within a pattern and at the same time allowing for various patterns to be identified for a single alert, thus facilitating a multi-faceted flood reduction. Based on real-world log data in the area of road traffic management, the applicability of our approach is demonstrated.
KW - Alert Pattern Mining
KW - Large-Scale Control Systems
KW - Multi-Objective Evolutionary Algorithms
KW - Operational Technology Monitoring
UR - http://www.scopus.com/inward/record.url?scp=85219541577&partnerID=8YFLogxK
U2 - 10.1145/3708778.3708796
DO - 10.1145/3708778.3708796
M3 - Conference contribution
AN - SCOPUS:85219541577
T3 - CIIS 2024 - 2024 the 7th International Conference on Computational Intelligence and Intelligent Systems
SP - 125
EP - 132
BT - CIIS 2024 - 2024 the 7th International Conference on Computational Intelligence and Intelligent Systems
PB - Association for Computing Machinery, Inc
T2 - 7th International Conference on Computational Intelligence and Intelligent Systems, CIIS 2024
Y2 - 22 November 2024 through 24 November 2024
ER -