Fusing information from tickets and alerts to improve the incident resolution process

dc.contributor.author Salah, Saeed
dc.contributor.author Maciá-Fernández, Gabriel
dc.contributor.author Díaz-Verdejo, Jesús E.
dc.date.accessioned 2019-12-09T09:29:31Z
dc.date.available 2019-12-09T09:29:31Z
dc.date.issued 2018-01-18
dc.description.abstract In the context of network incident monitoring, alerts are useful notifications that provide IT management staff with information about incidents. They are usually triggered in an automatic manner by network equipment and monitoring systems, thus containing only technical information available to the systems that are generating them. On the other hand, ticketing systems play a different role in this context. Tickets represent the business point of view of incidents. They are usually generated by human intervention and contain enriched semantic information about ongoing and past incidents. In this article, our main hypothesis is that incorporating tickets information into the alert correlation process will be beneficial to the incident resolution life-cycle in terms of accuracy, timing, and overall incident’s description. We propose a methodology to validate this hypothesis and suggest a solution to the main challenges that appear. The proposed correlation approach is based on the time alignment of the events (alerts and tickets) that affect common elements in the network. For this we use real alert and ticket datasets obtained from a large telecommunications network. The results have shown that using ticket information enhances the incident resolution process, mainly by reducing and aggregating a higher percentage of alerts compared with standard alert correlation systems that only use alerts as the main source of information. Finally, we also show the applicability and usability of this model by applying it to a case study where we analyze the performance of the management staff. en_US
dc.description.sponsorship This work has been partially supported by Spanish MICINN through project TIN2014-60346-R. en_US
dc.identifier.citation TY - JOUR AU - Salah, Saeed AU - Maciá-Fernández, Gabriel AU - Díaz-Verdejo, Jesús PY - 2018/01/17 SP - T1 - Fusing Information from Tickets and Alerts to Improve the Incident Resolution Process VL - 45 DO - 10.1016/j.inffus.2018.01.011 JO - Information Fusion ER - en_US
dc.identifier.issn 1566-2535
dc.identifier.uri https://dspace.alquds.edu/handle/20.500.12213/4990
dc.language.iso en en_US
dc.publisher Elsevier B.V. en_US
dc.subject Quality of service en_US
dc.subject Data analysis en_US
dc.subject Network management systems en_US
dc.subject Alert correlation en_US
dc.subject Ticket-alert correlation en_US
dc.title Fusing information from tickets and alerts to improve the incident resolution process en_US
dc.type Article en_US
Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
3.02 MB
Adobe Portable Document Format
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
1.71 KB
Item-specific license agreed upon to submission