TY - JOUR AU - Sharadkin, Dmytro PY - 2018/06/30 Y2 - 2024/03/29 TI - Streaming clustering algorithm for monitoring and condition's diagnostics of technical real-time systems JF - Collection "Information Technology and Security" JA - ITS VL - 6 IS - 1 SE - MATHEMATICAL AND COMPUTER MODELING DO - 10.20535/2411-1031.2018.6.1.153143 UR - https://its.iszzi.kpi.ua/article/view/153143 SP - 59-74 AB - <p align="justify">Special features of automatization of the states monitoring and diagnostics processes in technical systems which are executed in real-time mode, in particular modern computer systems and networks, are investigated and described in this paper. It is shown that the existing methods provide a solution for diagnostics and monitoring with significant limitations, which are mainly related to the stationary assumption of the basic characteristics of the objects of monitoring. The specific features of real-time systems require that the classification and clustering algorithms, which form the basis of modern monitoring and diagnostic tools, have to execute in a streaming mode, while simultaneously requirements for minimizing the amount of involved memory. These algorithms should provide practical independence of the execution time from the amount of data. They have to handling with clusters of spherical form in the feature space; to preserve the performance under conditions of dynamically changing of statistical characteristics of the data flow and with an unknown, possibly variable, number of clusters in the sample. Outliers and anomalies in data have to be detected and processed. An algorithm based on the simultaneous use of the mapping of the original data sample into a specially designed finite grid space, using both the fill density characteristics of the object description space and its metric properties for detecting the cluster structure is proposed. The properties of the algorithm and the dependence of its characteristics from the specified parameters are analysed. Some modification of the algorithm allows execute streaming data processing, easily adapt the algorithm without utilization extra memory.  For handling of the clusters' parameters dynamic changes the attenuation function was introduced.  Some variants of its specification were considered, their influence on proposed algorithm's performance was analyzed. The relative simplicity of the algorithm and the semantic transparency of its external parameters make it possible simple configure the algorithm for various areas of its application, including the tasks of IT-security incidents detecting and preventing in computer systems and networks.</p> ER -