System situation ticket identification using SVMs ensemble

Abstract

System maintenance for large and complex IT infrastructures highly depends on automatic system monitoring, and the performance of system monitoring depends on their configurations specified by system administrators. Misconfigurations and frequent configuration changes are two main causes responsible for false positives (false alarms) that can consume limited maintenance resources and false negatives (missing alerts) that can cause serious system faults. Thus, identifying situation tickets that are created by humans is a critical task to help system administrators correct and improve the configurations of existing monitoring systems to minimize the false negatives.To address this issue, this paper proposes a situation ticket identification approach based on an ensemble of Support Vector Machines (SVMs), named STI-E, to discover situation tickets from the manual tickets that are created by humans. A primary advantage of this solution is that it can label the most representative tickets from the imbalanced manual tickets by administrators with minimal labeling effort using the discovered domain words from historical monitoring tickets. The proposed SVM ensemble classification model is also able to identify situation tickets with a higher accuracy than the classical SVM classification model. To demonstrate the effectiveness of the proposed approach, we empirically validate it on real system monitoring and manual tickets from a large enterprise IT infrastructure.