Alarm Analysis Research Articles

TaintAttack: rapid attack investigation based on information flow tracking

Abstract The perpetual battle between defenses and attacks in computing systems keeps evolving. In response to the growing complexity of attacks, data provenance has emerged as a vital solution for analysing alarms and conducting attack investigation by capturing intricate relationships among system entities. Despite its potential, the challenges of dealing with large-scale provenance graphs and a high volume of alarms persist, leading to inefficiencies in alarm analysis and attack investigation. To tackle these challenges, we present TaintAttack, an innovative approach for attack investigation. When performing provenance graph construction, TaintAttack conducts real-time tagging for system entities. To emphasize the critical threats, TaintAttack quantifies the threat levels of alarms based on event rarity, contextual features, and impact severity. Furthermore, guided by information flow tagging, TaintAttack commences attack investigation from alarms with high threat levels, greatly enhancing the overall efficiency of the investigation process. The evaluation results on 12 multi-stage attacks show that TaintAttack performs better in attack investigation compared to existing studies, reducing the investigation time by 2 orders of magnitude.

Research on intelligent alarm analysis of nuclear power plant secondary loop system based on multi-level flow model

Research on intelligent alarm analysis of nuclear power plant secondary loop system based on multi-level flow model

Research on anomaly detection and correction of power metering data based on machine learning algorithm

Electric energy measurement is the basis of marketization of electric energy. If the power metering device is abnormal, it will directly affect the economic interests of both sides. At present, the electric energy measurement data of power grid enterprises has generally adopted the mode of remote centralized collection. The existing methods of abnormal detection and location of electric energy metering are mainly through the analysis of the abnormal data alarm issued by the electric energy acquisition system and the on-site inspection of the metering device. With the continuous expansion of the scale of electric power data, the existing methods highlight the shortcomings of low accuracy and low efficiency. In order to explore the optimal solution to the above problems, this paper constructs a multi-model fusion anomaly detection method of electric energy measurement data based on machine learning, and gives the anomaly correction scheme of electric energy measurement data. The results show that the fusion model has the best performance in the actual situation, with AUC reaching 0.9653 and TPR exceeding 0.64 under the condition of zero FPT. The comprehensive performance is better than that of other single models.

Analysis of ST segment alarms in children admitted to the paediatric and cardiac intensive care units and cardiac progressive care unit: a single-centre retrospective study.

ST segment monitoring in the adult population allows for the early detection of myocardial ischaemia. In children admitted to the paediatric intensive care unit (PICU), cardiac intensive care unit (CICU), and cardiac progressive care unit (CPCU), it is unclear if continuous ST segment alarm monitoring is necessary in all patients. All patients admitted to the PICU, CICU, and CPCU during the study period were included. Children with any ST segment alarms were compared with those without an alarm during their stay. The electrocardiogram confirmed true ST segment alarms were compared with all other ST segment alarms. Demographic and clinical data were extracted from the medical record. Medical interventions and procedures occurring around ST segment alarms were recorded for multivariable analysis assessing for the association of true ST segment. Logistic regression was used to evaluate the associations with ST segment alarms during hospital stays. ST segment alarms occurred in 36% of hospital stays, and only 3.4% were considered true. True alarms were significantly more common among patients with a cardiac-related diagnosis, located in both cardiac units, and having received an intervention with any vasoactive medication. In the multivariable logistic regression, patients 11 years or older, hypotension, supraventricular tachycardia, and initiation/escalation of any vasoactive were independently associated with a true ST segment alarm. True ST segment alarms were infrequent, occurring in 1.2% of stays during the study period. Alarm monitoring may be beneficial in those with an underlying cardiac diagnosis.

A Methodological Framework for Managing the Alarms in Wind Turbine Control and Data Acquisition Systems for Failure Analysis

Renewable energies have a fundamental role in sustainability, with wind power being one of the most important due to its low production costs. Modern wind turbines are becoming bigger and more complex, and their operation and maintenance must be as optimized as possible. In this context, supervisory control and data acquisition systems provide valuable information, but there is no precise methodology for their analysis. To overcome this need, a generalized methodology is proposed to determine the recognition of critical subsystems through alarm analysis and management. The proposed methodology defines each subsystem in a precise way, shows the indicators for the alarms, and presents a theoretical framework for its application using the quantity and activation times of alarms, along with the real downtime. It also considers the transition of states when the wind turbine is operationally inactive. To highlight the proposal’s novelty, the methodology is exemplified with a case study from the Southern Cone, applying the method through a data management and analysis tool. Four critical subsystems were found, with the alarms of wind vanes, anemometers, and emergency speeds being of relevance. The indicators and the graphical tools recommended helped guide the applied analysis.

Analysis of False Alarms on DVOR Equipment at I Gusti Ngurah Rai International Airport

According to the Government Regulation of the Republic of Indonesia No.71 of 1996 concerning Airports article 9 Paragraph (1) it is explained that flight navigation facilities can include Non Directional Beacons (NDB), Doppler VHF Omni Range (DVOR), Instrument Landing System (ILS), Radio Detection and Ranging (RADAR). Airports must provide navigation facilities, especially the Doppler VHF Omni Range (DVOR), which is a flight aid that has unlimited (continuous) capabilities, and transmits combined radio signals, including Morse code and data that can enable receiver equipment on aircraft to acquire magnetic bearings. from the station to the airplane using the frequency due to the doppler effect, not the actual azimuth direction to the aircraft but information about the Doppler VHF Omni Range (DVOR) ground station point at I Gusti Ngurah Rai Airport. This study used a qualitative descriptive method with physical checking at the Denpasar Branch of Perum LPPNPI, there was an alarm on the Doppler VHF Omni Range (DVOR) equipment caused by a lightning strike which could not be controlled using LMMS due to failure in several modules. So researchers need to replace several modules affected by the Alarm, namely the LCU (Local Control Unit), CSU (Control Sector Unit), and ASU (Air STARTER UNIT) and do the finishing by checking the power and settings on the monitor, resulting in a Doppler VHF Omni Range (DVOR) adjustment. back to normal.

When Large Language Models Meet Optical Networks: Paving the Way for Automation

Since the advent of GPT, large language models (LLMs) have brought about revolutionary advancements in all walks of life. As a superior natural language processing (NLP) technology, LLMs have consistently achieved state-of-the-art performance in numerous areas. However, LLMs are considered to be general-purpose models for NLP tasks, which may encounter challenges when applied to complex tasks in specialized fields such as optical networks. In this study, we propose a framework of LLM-empowered optical networks, facilitating intelligent control of the physical layer and efficient interaction with the application layer through an LLM-driven agent (AI-Agent) deployed in the control layer. The AI-Agent can leverage external tools and extract domain knowledge from a comprehensive resource library specifically established for optical networks. This is achieved through user input and well-crafted prompts, enabling the generation of control instructions and result representations for autonomous operation and maintenance in optical networks. To improve LLM’s capability in professional fields and stimulate its potential on complex tasks, the details of performing prompt engineering, establishing domain knowledge library, and implementing complex tasks are illustrated in this study. Moreover, the proposed framework is verified on two typical tasks: network alarm analysis and network performance optimization. The good response accuracies and semantic similarities of 2400 test situations exhibit the great potential of LLM in optical networks.

Objective Verification of the Weather Prediction Center’s Mesoscale Precipitation Discussions

Abstract The Weather Prediction Center (WPC) issues Mesoscale Precipitation Discussions (MPDs) to highlight regions where heavy rainfall is expected to pose a threat for flash flooding. Issued as short-term guidance, the MPD consists of a graphical depiction of the threat area and a technical discussion of the forecasted meteorological and hydrological conditions conducive to heavy rainfall and the potential for a flash flood event. MPDs can be issued either during or in anticipation of an event and typically are valid for up to 6 h. This study presents an objective verification of WPC’s MPDs issued between 2016 and 2022, complete with a climatology, false alarm analysis, and contingency table-based skill scores (e.g., critical success index and fractional coverage). Regional and seasonal differences become evident when MPDs are assessed based on these groupings. MPDs improved in basic skill scores between 2016 and 2020, with a slight decline in scores for 2021 and 2022. The false alarm ratio of MPDs has decreased between 2016 and 2021. The most dramatic improvement over the period occurs in the MPDs in the winter season (December, January, and February) and along the West Coast (primarily atmospheric river events). The accuracy of MPDs in this group has quadrupled when measured by fractional coverage, and the false alarm rate is approximately one-fifth of the 2016 value. Skill during active monsoon seasons tends to decrease, partially due to the large size of MPDs issued for monsoon-related flash flooding events.

AlarmGPT: an intelligent alarm analyzer for optical networks using a generative pre-trained transformer

The proliferating development of optical networks has broadened the network scope and caused a corresponding rise in equipment deployment. This growth potentially results in a significant number of alarms in the case of equipment malfunctions or broken fiber. Managing these alarms efficiently and accurately has always been a critical concern within the research and industry community. The alarm processing workflow typically includes filtration, analysis, and diagnostic stages. In current optical networks, these procedures are often performed by experienced engineers, utilizing their expert knowledge and extensive experience. This method requires considerable human resources and time, as well as demanding proficiency prerequisites. To address this issue, we propose an intelligent alarm analysis assistant, “AlarmGPT,” for optical networks, utilizing a generative pre-trained transformer (GPT) and LangChain. The proposed AlarmGPT exhibits a high level of semantic comprehension and contextual awareness of alarm data, significantly enhancing the model’s ability of interpreting, classifying, and solving alarm events. Through verification of extensive alarm data collected from real optical transport networks (OTNs), the usability of AlarmGPT has been validated in the tasks of alarm knowledge Q&A, alarm compression, alarm priority analysis, and alarm diagnosis. This method has the potential to significantly reduce the labor and time required for alarm processing, while also lowering the experiential requisites incumbent upon network operators.

A data-driven prioritisation framework to mitigate maintenance impact on passengers during metro line operation

The application of artificial intelligence (AI) techniques may lead to significant improvements in different aspects of rail sector. Considering asset management and maintenance, AI can improve data analysis and asset status forecasting and decision-making processes, fostering predictive and prescriptive maintenance strategies. A prescriptive approach should be able to predict future scenarios as well as to suggest a course of actions. Nevertheless, the decision-making in rail asset management is often based on the classical asset-oriented approach, concentrating on the function of the asset itself as a main key performance indicator (KPI), whereas a user-oriented approach could lead to improved performance in terms of level of service. This paper is aimed at integrating the passengers’ perspective in the decision-making process for asset management to mitigate the impact that service interruptions may have on the final users. A data-driven prioritisation framework is developed to prioritise maintenance interventions taking into account asset status and criticality. In particular, a three-step approach is proposed, which focuses on the analysis of passenger data to evaluate the failure impact on the service, the analysis of alarms and anomalies to evaluate the asset status, and the suggestion of maintenance interventions. The proposed approach is applied to the maintenance of the metro line M5 in the Italian city of Milan. Results show the usefulness of the proposed approach to support infrastructure managers and maintenance operators in making decisions regarding the priority of maintenance activities, reducing the risk of critical failures and service interruptions.

The Quality Status Analysis and Development Proposal of Combustible Gas Alarm

Combustible gas alarm is mainly used to detect the concentration of combustible gas in the environment and issue the corresponding level of alarm which is an effective early warning tool to prevent gas leakage. However, due to the uneven quality of combustible gas alarms sold on the market, there are certain difficulties for the government in market access, testing agencies in quality control, and users in later maintenance. In order to promote the industry of combustible gas alarm to further and improve product quality, this study selected 60 batches of combustible gas alarms from a first-tier city in China and tested them in accordance with the national compulsory standard GB 15322-2019 Combustible Gas Detectors, conducting price and quality analysis of combustible gas alarms from different procurement channels and different product types according to the test results and putting forward solutions and development suggestions for nonconforming projects.

The ATLAS Alarm Helper

The Detector Safety System is the last line of defence to protect the ATLAS detector against abnormal and potentially even unforeseen situations. It is designed to return the detector to a safe state based on predefined actions triggered by alarms which are triggered on their part by specific sets of conditions. Every alarm whether it results in an action taken or not is followed up by the operations team that assesses the criticality, takes countermeasures and identifies the point of failure. From experience abnormal situations can result either from faults or from side effects of planned interventions which were either not properly identified despite the mandatory planning and review or where a mistake during execution occurred. In many cases there are multiple interventions ongoing simultaneously in order to profit from shutdown periods. The rapid analysis of alarms while the incident is ongoing is often complicated due to the complexity of the ATLAS detector and its infrastructure and the large number of responsible groups and experts. A new Alarm Helper tool was designed to assist the operation team, particularly the operator in the control room responsible for infrastructure and safety (SLIMOS – Shift Leader in Matters of Safety), by providing real-time information about ongoing interventions and the possible related causes of failure. The new tool will combine historical events, documentation, and limited knowledge about ongoing interventions. It extends the Expert System which visualizes and simulates infrastructure inter-dependencies and allows to trace faults or alarms to a list of potential points of failure. The new tool also proposes which experts should be contacted in the particular circumstances.

AlarmGPT: an intelligent operation assistant for optical network alarm analysis using ChatGPT

AlarmGPT: an intelligent operation assistant for optical network alarm analysis using ChatGPT

Perceptual identification of high vowels in Taiwan Mandarin

Taiwan Mandarin contrasts high vowels /i/, /y/, and /u/ in the aspects of tongue backness and lip roundedness. Despite that both /y/ and /u/ are associated with the [round] feature, the postural realizations of these two vowels are not always identical, though sometimes only very subtle. The current study investigates whether native speakers can reliably identify the three high vowels from natural speech when no acoustic signal was available. The results show that the highest identification accuracy was found in /i/, followed by /u/ and then /y/. The same order was also reported in the analyses of sensitivity. On the other hand, the two rounded vowels were easily confused, as revealed by the analysis of false alarm. The results also showed that participants may pay attention to different postural cues when distinguishing /u/ and /y/, along with a slight bias towards /y/. While it is rather challenging for native speakers to identify /u/ from /y/, our results did provide a selection of postural exemplars for each vowel, which may be considered as more canonical and subject to further analyses using image processing.

MFM-based alarm root-cause analysis and ranking for nuclear power plants

Alarm flood due to abnormality propagation is the most difficult alarm overloading problem in nuclear power plants (NPPs). Root-cause analysis is suggested to help operators in understand emergency events and plant status. Multilevel Flow Modeling (MFM) has been extensively applied in alarm management by virtue of the capability of explaining causal dependencies among alarms. However, there has never been a technique that can identify the actual root cause for complex alarm situations. This paper presents an automated root-cause analysis system based on MFM. The causal reasoning algorithm is first applied to identify several possible root causes that can lead to massive alarms. A novel root-cause ranking algorithm can subsequently be used to isolate the most likely faults from the other root-cause candidates. The proposed method is validated on a pressurized water reactor (PWR) simulator at HAMMLAB. The results show that the actual root cause is accurately identified for every tested operating scenario. The automation of root-cause identification and ranking affords the opportunity of real-time alarm analysis. It is believed that the study can further improve the situation awareness of operators in the alarm flooding situation.

Alarm reduction and root cause inference based on association mining in communication network

With the growing demand for data computation and communication, the size and complexity of communication networks have grown significantly. However, due to hardware and software problems, in a large-scale communication network (e.g., telecommunication network), the daily alarm events are massive, e.g., millions of alarms occur in a serious failure, which contains crucial information such as the time, content, and device of exceptions. With the expansion of the communication network, the number of components and their interactions become more complex, leading to numerous alarm events and complex alarm propagation. Moreover, these alarm events are redundant and consume much effort to resolve. To reduce alarms and pinpoint root causes from them, we propose a data-driven and unsupervised alarm analysis framework, which can effectively compress massive alarm events and improve the efficiency of root cause localization. In our framework, an offline learning procedure obtains results of association reduction based on a period of historical alarms. Then, an online analysis procedure matches and compresses real-time alarms and generates root cause groups. The evaluation is based on real communication network alarms from telecom operators, and the results show that our method can associate and reduce communication network alarms with an accuracy of more than 91%, reducing more than 62% of redundant alarms. In addition, we validate it on fault data coming from a microservices system, and it achieves an accuracy of 95% in root cause location. Compared with existing methods, the proposed method is more suitable for operation and maintenance analysis in communication networks.

Analysis of false alarm causes in video fire detection systems

Video-based fire detection systems represent an innovative path in fire signalling. Thanks to a suitably designed algorithm, a system of this kind can enable the detection of a flame based on its characteristics such as colour or shape, which were not previously used in classical fire detection systems. Video-based detection systems, due to their early stage of development in the fire protection market, are not yet a certified, fully tested method for early fire detection. This paper focuses on the analysis of possible causes of false alarms occurring in video-based fire detection systems in relation to classical Fire Alarm Systems (FAS). For this purpose, a video-based flame detection algorithm is designed and implemented to further analyse the phenomena occurring in such systems.

Frequent pattern mining-based log file partition for process mining

Process mining is a technique for exploring models based on event sequences, growing in popularity in the process industry. Process mining algorithms assume that the processed log files contain events generated by only one unknown process, which can lead to extremely complex and inaccurate models when this assumption is not met. To address this issue, this article proposes a frequent pattern mining-based method for log file partitioning, allowing for the exploration of parallel processes. The key idea is that frequent pattern mining can identify grouped events and generate sub-logs of overlapping sub-processes. Thanks to the pre-processing of the log files, more compact and interpretable process models can be identified. We developed a set of goal-oriented metrics to evaluate the complexity of process mining problems and the resulting models. The applicability and effectiveness of the method are demonstrated in the analysis of process alarms of an industrial plant. The results confirm that the proposed method enables the discovery of targeted sub-process models by partitioning the log file using frequent pattern mining, and the effectiveness of the method increases with the number of parallel processes stored in the same log file. We recommend applying the method in every case where there is no clear start and end of the logged events so that the log file can describe different processes.

356 Analysis of Lost Dwell Time and Cycler Alarms in Inpatient Automated Peritoneal Dialysis at a Tertiary Care Hospital

356 Analysis of Lost Dwell Time and Cycler Alarms in Inpatient Automated Peritoneal Dialysis at a Tertiary Care Hospital

Testing the validity of the Networked Hazard Analysis and Risk Management System (Net‐HARMS)

AbstractTesting the validity of newly developed methods is a critical component of human factors and ergonomics (HFE) practice. The Networked Hazard Analysis and Risk Management System (Net‐HARMS) is a recently developed systems thinking‐based risk assessment method which supports the identification of task and emergent risks across overall work systems. This article reports on a validity study of the Net‐HARMS method in which outputs were compared to an expert analysis developed by the first two authors of this paper, with review by subject matter experts. The findings show that individual participant performance was poor for both groups yet when both group's analyses were pooled, validity significantly improved. Further, a subject matter expert analysis of the false alarms identified by participants showed that they may in fact represent credible risks. It is concluded that the Net‐HARMS method achieved high levels of validity when participants analyses are pooled. The implications for risk assessment and the validity of HFE methods are discussed.