Description:FORM 2

THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENT RULES, 2003

COMPLETE SPECIFICATION
(See Section 10 and Rule 13)

Title of invention:
SYSTEM AND METHOD FOR CROSS DOMAIN ALARMS CORRELATION OF WIRED AND WIRELESS TELECOM NETWORK

Applicant
Tata Consultancy Services Limited
A company Incorporated in India under the Companies Act, 1956
Having address:
Nirmal Building, 9th Floor,
Nariman Point, Mumbai 400021,
Maharashtra, India

The following specification particularly describes the invention and the manner in which it is to be performed.

TECHNICAL FIELD
[001] The disclosure herein generally relates to the field of a cross domain correlation of alarms and more particularly, to a method and system for a cross domain correlation of a plurality of alarms of wired and wireless telecom networks.

BACKGROUND
[002] Emerging and advanced network is making alarm management a complex and challenging task which requires domain and analytical skills to relate different alarms together. Correlating different alarms coming from 2G, 3G, 4G and 5G to identify a single root cause is a challenging, complex, and costly assignment. Addressing all alarms without alarm correlation at Network Operation Centers (NOCs) is almost impossible. For example, a Voice over Long Term Evolution (VoLTE) data call to circuit switch call handover and their root cause between Packet Core Network, virtualized IP multimedia subsystem (vIMS) Network and Wireless Network is an alarm. Cross-domain correlation plays a significant role to correlate alarms coming from 2G, 3G, 4G and 5G which makes alarm management process much easier to address all alarms at NOC. Currently available cross-domain correlation techniques are not efficient to cover all possible alarm correlation scenarios from all domains of telecom networks. As the current alarm’s correlation are rule based and require manual intervention for any updates/changes to the existing rules.
[003] Existing correlation mechanism is dependent on network management to get first level of correlation i.e., domain level correlation which will be used as an input to cross domain correlation. Topological relations are not referred by existing correlation system which lowers the correlation coverage or performance i.e., all possible correlation scenarios will not be covered. The correlation mechanism does not cover all levels (Port, Ethernet interface, trunk etc.) of interface of network element which lowers the quality of alarm correlation. Correlation rules are not used to perform the cross-domain alarm which means correlation mechanism is static in nature and not accurate. It is not possible to add correlation rules during run time which makes the correlation scope restricted and limited. Existing correlation mechanisms do not support any automation through latest available techniques such as AI-ML.

SUMMARY
[004] Embodiments of the disclosure present technological improvements as solutions to one or more of the above-mentioned technical problems recognized by the inventors in conventional systems. For example, in one embodiment, a method and system for a cross domain correlation of a plurality of alarms of wired and wireless telecom networks is provided.
[005] In one aspect, a processor-implemented method for a cross domain correlation of a plurality of alarms of wired and wireless telecom networks is provided. The processor-implemented method comprising receiving one or more alarms from a plurality devices of a predefined telecom networks, pre-processing the received one or more alarms to discard each unwarranted alarm to identify one or more active alarms. Further, the identified one or more active alarms are correlated within a domain and a cross-domain of the predefined telecom networks using a predefined set of correlation rules from a predefined library. Each of the one or more correlated alarms are bundled based on a correlation type and a unique correlation identity to form one or more correlated alarm bundles. Furthermore, the method comprising evaluating the one or more correlated alarm bundles along with the predefined set of correlation rules automatically using an artificial intelligence (AI) based self-learning module to identify an incorrect correlation rule and identifying at least one root cause alarm for each of the one or more correlated alarm bundles.
[006] In another aspect, a system for a cross domain correlation of a plurality of alarms of wired and wireless telecom networks is provided. The system includes an input/output interface configured to receive one or more alarms from a plurality devices of a predefined telecom networks, one or more hardware processors and at least one memory storing a plurality of instructions, wherein the one or more hardware processors are configured to execute the plurality of instructions stored in the at least one memory. Further, the system is configured to pre-process the received one or more alarms to discard each unwarranted alarm to identify one or more active alarms, correlate the identified one or more active alarms within a domain and a cross-domain of the predefined telecom networks using a predefined set of correlation rules from a predefined library, and bundle each of the one or more correlated alarms based on a correlation type and a unique correlation identity to form one or more correlated alarm bundles.
[007] Furthermore, the system is configured to evaluate the one or more correlated alarm bundles along with the predefined set of correlation rules automatically using an artificial intelligence (AI) based self-learning module to identify an incorrect correlation rule and identify at least one root cause alarm for each of the one or more correlated alarm bundles.
[008] In yet another aspect, one or more non-transitory machine-readable information storage mediums are provided comprising one or more instructions, which when executed by one or more hardware processors causes a method for a cross domain correlation of a plurality of alarms of wired and wireless telecom networks is provided. The processor-implemented method comprising receiving one or more alarms from a plurality devices of a predefined telecom networks, pre-processing the received one or more alarms to discard each unwarranted alarm to identify one or more active alarms. Further, the identified one or more active alarms are correlated within a domain and a cross-domain of the predefined telecom networks using a predefined set of correlation rules from a predefined library. Each of the one or more correlated alarms are bundled based on a correlation type and a unique correlation identity to form one or more correlated alarm bundles. Furthermore, the method comprising evaluating the one or more correlated alarm bundles along with the predefined set of correlation rules automatically using an artificial intelligence (AI) based self-learning module to identify an incorrect correlation rule and identifying at least one root cause alarm for each of the one or more correlated alarm bundles.
[009] It is to be understood that the foregoing general descriptions and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
BRIEF DESCRIPTION OF THE DRAWINGS
[010] The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate exemplary embodiments and, together with the description, serve to explain the disclosed principles:
[011] FIG. 1 illustrates a block diagram of an exemplary system for a cross domain correlation of a plurality of alarms of wired and wireless telecom networks, in accordance with some embodiments of the present disclosure.
[012] FIG. 2 is a functional block diagram to illustrate the system for the cross domain correlation of the plurality of alarms of wired and wireless telecom networks, in accordance with some embodiments of the present disclosure.
[013] FIG. 3 is a flow chart to illustrate a high level layered architecture of system of FIG. 2, in accordance with some embodiments of the present disclosure.
[014] FIG. 4 is a schematic diagram to illustrate topological relation between a node with interface with another node and its respective interface, in accordance with some embodiments of the present disclosure.
[015] FIG. 5 is a functional block diagram to illustrate a static and a dynamic alarm correlation execution process, in accordance with some embodiments of the present disclosure.
[016] FIG. 6 is a flow chart to illustrate a method for the cross domain correlation of the plurality of alarms of wired and wireless telecom networks, in accordance with some embodiments of the present disclosure.

DETAILED DESCRIPTION OF EMBODIMENTS
[017] Exemplary embodiments are described with reference to the accompanying drawings. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. Wherever convenient, the same reference numbers are used throughout the drawings to refer to the same or like parts. While examples and features of disclosed principles are described herein, modifications, adaptations, and other implementations are possible without departing from the scope of the disclosed embodiments.
[018] The embodiments herein provide a method and system for a cross domain correlation of a plurality of alarms of wired and wireless telecom networks. The alarm correlation is an essential function of network management systems to provide detection, isolation, and correlation of unusual operational behaviour of telecommunication network. It would be appreciated that the cross-domain correlation technique disclosed herein can cover all the possible scenarios of alarm correlation between radio access network (RAN), core and transport domain of the telecom network, which enable to suppress maximum alarms and reduce the dependency between these domain engineers, thereby leading to faster resolutions. Inside the cross-domain correlation, there may be horizontal and vertical correlation between nodes and insides node. This may provide end-to-end view of services degradation. There may be horizontal and vertical correlation between nodes and insides node. Further, AI-ML algorithms based cross-domain correlation technique may highlight root cause alarm and may suppress all child alarms, which may help to handle complex and advanced networks with reduced manpower and less dependency on skills.
[019] Cross-domain correlation technique works across all domains of all telecom wireless technologies (i.e., 2G, 3G, 4G and 5G) and possibly from telecom wired technology. Alarms coming from all domains of above-mentioned technologies are taken as input to perform the cross-domain correlation. All alarms coming from underline network are processed to validate and filter their data, unwanted alarms are filtered out and not taken as an input to cross-domain correlation process. Alarms coming from respective devices of domain(s) are performed to co-relate with each other with help of the correlation rules. These rules are kept in rules library, any new rule can be added on run time to the library and can be immediately executed to perform on newly received alarm. Also, the latest correlation strength and quality is measured, rating is assigned to the correlation service accordingly. In addition to that, self-learning process with help of AI-ML approach makes the correlation process an automated cognitive solution.
[020] Referring now to the drawings, and more particularly to FIG. 1 through FIG. 6, where similar reference characters denote corresponding features consistently throughout the figures, there are shown preferred embodiments and these embodiments are described in the context of the following exemplary system and/or method.
[021] FIG. 1 illustrates a block diagram of an exemplary system (100), in accordance with an example embodiment. Although the present disclosure is explained considering that the system (100) is implemented on a server, it may be understood that the system (100) may comprise one or more computing devices (102), such as a laptop computer, a desktop computer, a notebook, a workstation, a cloud-based computing environment and the like. It will be understood that the system (100) may be accessed through one or more input/output interfaces 104-1, 104-2... 104-N, collectively referred to as I/O interface (104). Examples of the I/O interface (104) may include, but are not limited to, a user interface, a portable computer, a personal digital assistant, a handheld device, a smartphone, a tablet computer, a workstation, and the like. The I/O interface (104) are communicatively coupled to the system (100) through a network (106).
[022] In an embodiment, the network (106) may be a wireless or a wired network, or a combination thereof. In an example, the network (106) can be implemented as a computer network, as one of the different types of networks, such as virtual private network (VPN), intranet, local area network (LAN), wide area network (WAN), the internet, and such. The network (106) may either be a dedicated network or a shared network, which represents an association of the different types of networks that use a variety of protocols, for example, Hypertext Transfer Protocol (HTTP), Transmission Control Protocol/Internet Protocol (TCP/IP), and Wireless Application Protocol (WAP), to communicate with each other. Further, the network (106) may include a variety of network devices, including routers, bridges, servers, computing devices, storage devices. The network devices within the network (106) may interact with the system (100) through communication links.
[023] The system (100) supports various connectivity options such as BLUETOOTH®, USB, ZigBee, and other cellular services. The network environment enables connection of various components of the system (100) using any communication link including Internet, WAN, MAN, and so on. In an exemplary embodiment, the system (100) is implemented to operate as a stand-alone device. In another embodiment, the system (100) may be implemented to work as a loosely coupled device to a smart computing environment. Further, the system (100) comprises at least one memory (110) with a plurality of instructions, one or more databases (112), and one or more hardware processors (108) which are communicatively coupled with the at least one memory (110) to execute a plurality of instructions therein. The components and functionalities of the system (100) are described further in detail.
[024] In one embodiment, the one or more I/O interfaces (104) of the system (100) are configured to receive one or more alarms from a plurality of devices of a predefined telecom networks. The predefined telecom networks include a circuit-switched (CS) network, a packet-switched (PS) network, a 2G-radio access network (RAN-2G), a 3G-radio access network (RAN-3G), a 4G-radio access network (RAN-4G) and a 5G-radio access network (RAN-5G). Further, the received one or more alarms are pre-processed to discard each unwarranted alarm to identify one or more active alarms. Only one or more active alarms are selected as input to the correlation process.
[025] Referring FIG. 2, a functional block diagram (200) to illustrate the system (100) for a cross domain correlation of a plurality of alarms of wired and wireless telecom networks, in accordance with some embodiments of the present disclosure.
[026] It would be appreciated that the one or more alarms received in each time window are correlated based on the predefined set of correlation rules, which comprises of a node level alarm correlation (202), a domain level alarm correlation (204), and a cross-domain alarm correlation (206). Each newly received alarm from a plurality of devices is correlated with existing correlated alarms.
[027] In another embodiment, two types of topology data are used to cover maximum correlated scenarios i.e., an alarm-based topology data and a discovery/inventory based topology data. The topological data is referred to establish a topological relation (208) and level/layer between a node with interfaces with another node and its respective interface. Both physical and logical topology is covered in this topology data. A complete topology is built in a network operations center (NOC) i.e., top-down, and right-left nodes to form a complete network including all resources e.g., 2G, 3G, 4G etc. The one or more received alarms are checked through the topological data to verify whether their nodes are topologically related through a common interface/node or via another logical or physical connected links.
[028] In yet another embodiment, the system (100) performs a topology path analysis to handle problems relating to the failure of a path. Typically, one component of the path (either a piece of equipment or a carrier circuit) fails and all communications over the path are stopped. Once this determination has been made, a topology tree search is used to determine whether the nodes (or sub-paths) identified are responsible for the failure themselves, or whether they are failing because of a problem in components on which they are dependent (e.g., shared resources).
[029] Herein, the topology path locates failures that propagate along horizontal relationships i.e., data flow, while the topology tree search locates failures that propagate along vertical relationships i.e., dependency. Possible fault locations include the node itself, a matching peer device, and somewhere in either direction of data flow.
[030] It is to be noted that the nodes in the telecom domain are very much influenced by environment effect. For example, the transport link bit error rate (BER) and frame error rate (FER) are affected by the wind and environment aspects. The data in machine learning (ML) technique may also take feed from national meteorology prediction model for prospective effect of environment in transport alarm cocreation and prediction. Similarly, the environmental alarms inside the commute, base station shelter effect the performance and availability of nodes. The correlation rule may take into consideration of all such environmental aspect to provide high precision recommendation and prediction.
[031] Further, the system (100) is configured to corelate the identified one or more active alarms within a domain and a cross-domain of the predefined telecom networks using a predefined set of correlation rules (210) from a predefined library. It would be appreciated that the predefined library herein is enriched and auto updated with alarm correlation rules covering a plurality of correlated scenarios. Each of the one or more alarms received in each time window are correlated based on the node level correlation (202), the domain level correlation (204), and the cross-domain level correlation (206).
[032] In yet another embodiment, the system (100) is configured to bundle each of the one or more correlated alarms based on the correlation type and a unique correlation identity to form one or more correlated alarm bundles. The correlation type includes a topology-based correlation and a temporal based correlation.
[033] Referring FIG. 3, a flow chart (300) to illustrate topological relations (208) between the node with interfaces with another node and its respective interface, in accordance with some embodiments of the present disclosure. Wherein the cross-domain correlation technique works across all domains of all telecom wireless technologies and possibly from telecom wired technology. All alarms coming from respective device(s) of domain(s) are captured by an Element Management System (EMS), and a Network Management System (NMS) of the respective network. EMS/NMS systems act as an intermediate layer between network device(s) and a network operations center (NOC) where a correlation system is deployed. The alarm correlation mechanism is performed at NOC level to produce correlated alarms. All types of correlation criteria’s & rules are applied on received alarms to generate the correlated output.
[034] Referring FIG. 4, a schematic diagram (400) to illustrate topological relations (208) between the node with interfaces with another node and its respective interface, in accordance with some embodiments of the present disclosure. Herein, each of the one or more alarms of a node of a sub-site ID or location ID are correlated if each of the one or more alarms of any type with any cause raised on same node on same interface. For example, a physical port down alarm link down received on NEXXX123 on ethernet interface 2/0/5. Alarms of same type with same cause raised on same node on same interface or without interface. For example, a jitter packet loss alarm received on NEYYYY234 on ethernet interface G3/1/7 and correlated alarm jitter packet loss received on NEYYYY234 on ethernet interface G3/0/2.
[035] In another aspect, each of the one or more alarms of a domain of a sub-site ID or location ID are correlated if the same node which is present in both the alarms with difference interfaces name and connected to more than one different nodes irrespective of their interface details. For example, performance alarm received on NEZZZ345 on trunk 20 which is connected to NEQQQ123 on trunk 11 and correlated performance alarm received on NEZZZ345 on trunk 2 which is connected to NESSS543 on trunk 17, NEZZZ345 on trunk 20 and NESSS543 on trunk 17 are topologically connected to each other.
[036] It would be appreciated that alarms of a domain of a sub-site ID or location ID are correlated if the nodes at both ends of an alarm having similar topological relationship to same nodes at both ends of another alarm. For example, a link down alarm is received on NEAAA567 on ethernet interface 1/2/0 which is connected to NEBBB234 on ethernet interface 2/4/1 and correlated alarm LAG bandwidth is lost received on NEAAA567 on trunk 11 which is connected to NEBBB234 via same trunk 11.
[037] In yet another instance, wherein one or more alarms of each domain of a sub-site ID or location ID are correlated if the node device of any uncorrelated/correlated alarms of a domain have directly connected topological relation with node device of any uncorrelated/correlated alarms of a domain have directly connected topological relation with node device of any uncorrelated or correlated alarms of another domain. For example, a physical port down alarm received on NERRR345 (Transport Domain) on port 4, correlated link down alarm received on NEQQQ123 (Core MGW Domain) on port 1 if NEQQQ123 is directly connected to NERRR345 on port 4. The node device connected to other domain NE-device through Microwave/optical fiber/MPLS interface. The cross-domain correlation may replace individual faults of radio and core network.
[038] The alarms of more than one domain of a sub-site ID or location ID are correlated if a NE-device (eNodeB) connected to other domain NE-device (PACO) through Microwave/optical fiber/MPLS interface. The cross-domain correlation can replace individual faults of radio and core network. For Example, correlation between alarms of eNodeB and PACO node for Data network for congestion related fault to Radio or core network
[039] Referring FIG. 5, a functional block diagram (500) to illustrate a static and a dynamic alarm correlation execution process, in accordance with some embodiments of the present disclosure. Herein, the system (100) performs a dynamic continuous process for one or more alarms for sub-site ID’s or location ID’s to get different groups of topologically related alarms of a site/area/zone etc. All these groups contain different correlated alarms as per their correlation types. Newly received alarms is correlated with existing correlated alarms and dynamically added into the existing correlated alarms if correlation found based on the predefined correlation rules. Further, Node correlated alarms can be retrieved based on the node ID. These nodes can be any device/element present in telecom network. Location’s or Site’s correlated alarms can also be retrieved based on location/site ID.
[040] In another embodiment, wherein an alarm directory is referred when NOC system is not able to correlate alarms at node level, domain level, and cross-domain level based on correlation rules. Newly emerged correlation rule is updated in the alarm directory, verified by the NOC system, and then added in rules library on run time post successful verification.
[041] In yet another embodiment, the system (100) is configured to evaluate the one or more correlated alarm bundles along with the predefined set of correlation rules automatically using an artificial intelligence (AI) based self-learning module to identify an incorrect correlation rule. A Knowledge Database (KDB) is maintained and updated with the self-learning module. Complete states, symptoms, and other details of a network issue along with solution is updated into KDB so that whenever any similar issue happens in the network, KDB can suggest the potential resolution/recommendation along with output of correlated alarms.
[042] The KDB may be continuously updated against all the primary issues of the network so that such issues are resolved automatically along with alarm suppression. The KDB may act upon the parent alarm of the correlated alarms i.e., parent alarm of correlated alarms may be an input to find the similar issue in the KDB. As the system (100) may grow along with auto-resolution features, the KDB may be updated automatically by auto resolution process post successful resolution of the problem. This may help to reduce the manual intervention in the self-learning module of the system (100).
[043] Further, the system (100) is configured to identify at least one root cause alarm for each of the one or more correlated alarm bundles. It would be appreciated that each newly received alarm from a plurality devices are correlated with the existing correlated alarms. The newly received alarms are also added into the one or more correlated alarm bundles.
[044] Furthermore, the correlation output is measured to check whether the defined rule(s) drive the correct correlation or not. The correlation output may be verified by an expert and the expert may have an option to re-correlate and uncorrelated any alarm present in any correlated alarm bundle. Rating may be calculated and assigned to correlation service based upon the current correlation quality. Produced correlated alarms bundles may be auto evaluated to verify whether correlation is correct or incorrect. This may help to discard the incorrect rules automatically from rules library which may increase the correlation quality.
[045] If all alarms of a bundle are cleared together, it may be considered as correct correlation. The correlation rule which produces this bundle may be termed as correct rule and may remain in rules library. If all alarms of a bundle are not cleared together, it may be considered as an incorrect correlation and the rule which produces this bundle may be termed as incorrect correlation rule. This rule may be then automatically discarded from rules library permanently.
[046] Referring FIG. 6, to illustrate a processor-implemented method (600) for a cross domain correlation of a plurality of alarms of wired and wireless telecom networks is provided. The one or more alarms received in each time window are correlated based on the predefined set of correlation rules comprises of a node level alarm correlation rules, a domain level alarm correlation rules, and a cross-domain alarm correlation rules.
[047] Initially, at step (602), receiving, via an input/output interface, one or more alarms from a plurality devices of a predefined telecom networks. Herein, the predefined telecom networks include a circuit-switched (CS) network, packet-switched (PS) network, 2G-radio access network (RAN-2G), 3G-radio access network (RAN-3G), 4G-radio access network (RAN-4G) and 5G-radio access network (RAN-5G).
[048] At the next step (604), pre-processing the received one or more alarms to remove each unwarranted alarm to identify one or more active alarms.
[049] At the next step (606), co-relating the identified one or more active alarms within a domain and a cross-domain of the predefined telecom networks using a predefined set of correlation rules from a predefined library. The predefined library is enriched and auto updated with alarm correlation rules covering a plurality of correlated scenarios.
[050] At the next step (608), bundling each of the one or more correlated alarms based on a correlation type and a unique correlation identity to form one or more correlated alarm bundles. The correlation type includes topology-based correlation and temporal based correlation.
[051] At the next step (610), evaluating the one or more correlated alarm bundles along with the predefined set of correlation rules automatically using an artificial intelligence (AI) based self-learning module to identify an incorrect correlation rule.
[052] At the last step (612), identifying at least one root cause alarm for each of the one or more correlated alarm bundles, wherein each newly received alarm is added into the one or more correlated alarm bundles.
[053] The written description describes the subject matter herein to enable any person skilled in the art to make and use the embodiments. The scope of the subject matter embodiments is defined by the claims and may include other modifications that occur to those skilled in the art. Such other modifications are intended to be within the scope of the claims if they have similar elements that do not differ from the literal language of the claims or if they include equivalent elements with insubstantial differences from the literal language of the claims.
[054] The embodiments of present disclosure herein address the problem of correlation rules which are not used to perform the cross-domain alarm which means correlation mechanism is static in nature and not accurate. It’s not possible to add correlation rules during run time which makes the correlation scope restricted and limited. Embodiments herein provide a method and system for a method and system for a cross domain correlation of a plurality of alarms of wired and wireless telecom networks. All alarms coming from underline network are processed to validate and filter their data, unwanted alarms are filtered out and not taken as an input to cross-domain correlation process. Alarms coming from respective devices of domain(s) are performed to co-relate with each other with help of the correlation rules. These rules are kept in rules library, any new rule can be added on run time to the library and can be immediately executed to perform on newly received alarm. Also, the latest correlation strength and quality will be measured, rating will be assigned to the correlation service accordingly.
[055] It is to be understood that the scope of the protection is extended to such a program and in addition to a computer-readable means having a message therein; such computer-readable storage means contain program-code means for implementation of one or more steps of the method, when the program runs on a server or mobile device or any suitable programmable device. The hardware device can be any kind of device which can be programmed including e.g., any kind of computer like a server or a personal computer, or the like, or any combination thereof. The device may also include means which could be e.g., hardware means like e.g., an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA), or a combination of hardware and software means, e.g., an ASIC and an FPGA, or at least one microprocessor and at least one memory with software modules located therein. Thus, the means can include both hardware means, and software means. The method embodiments described herein could be implemented in hardware and software. The device may also include software means. Alternatively, the embodiments may be implemented on different hardware devices, e.g., using a plurality of CPUs.
[056] The embodiments herein can comprise hardware and software elements. The embodiments that are implemented in software include but are not limited to, firmware, resident software, microcode, etc. The functions performed by various modules described herein may be implemented in other modules or combinations of other modules. For the purposes of this description, a computer-usable or computer readable medium can be any apparatus that can comprise, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
[057] The illustrated steps are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological development will change the manner in which particular functions are performed. These examples are presented herein for purposes of illustration, and not limitation. Further, the boundaries of the functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternative boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed. Alternatives (including equivalents, extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope of the disclosed embodiments. Also, the words “comprising,” “having,” “containing,” and “including,” and other similar forms are intended to be equivalent in meaning and be open ended in that an item or items following any one of these words is not meant to be an exhaustive listing of such item or items or meant to be limited to only the listed item or items. It must also be noted that as used herein and in the appended claims, the singular forms “a,” “an,” and “the” include plural references unless the context clearly dictates otherwise.
[058] Furthermore, one or more computer-readable storage media may be utilized in implementing embodiments consistent with the present disclosure. A computer-readable storage medium refers to any type of physical memory on which information or data readable by a processor may be stored. Thus, a computer-readable storage medium may store instructions for execution by one or more processors, including instructions for causing the processor(s) to perform steps or stages consistent with the embodiments described herein. The term “computer-readable medium” should be understood to include tangible items and exclude carrier waves and transient signals, i.e., be non-transitory. Examples include random access memory (RAM), read-only memory (ROM), volatile memory, nonvolatile memory, hard drives, CD ROMs, DVDs, flash drives, disks, and any other known physical storage media.
[059] It is intended that the disclosure and examples be considered as exemplary only, with a true scope of disclosed embodiments being indicated by the following claims.

, Claims:
1. A processor-implemented method (600) comprising steps of:
receiving (602), via an input/output interface, one or more alarms from a plurality devices of a predefined telecom networks;
pre-processing (604), via one or more hardware processors, the received one or more alarms to discard each unwarranted alarm to identify one or more active alarms;
co-relating (606), via the one or more hardware processors, the identified one or more active alarms within a domain and a cross-domain of the predefined telecom networks using a predefined set of correlation rules from a predefined library, wherein the predefined library is enriched and auto-updated with alarm correlation rules covering a plurality of correlated scenarios;
bundling (608), via the one or more hardware processors, each of the one or more correlated alarms based on a correlation type and a unique correlation identity to form one or more correlated alarm bundles, wherein the correlation type includes topology-based correlation and temporal based correlation;
evaluating (610), via the one or more hardware processors, the one or more correlated alarm bundles along with the predefined set of correlation rules using an artificial intelligence (AI) based self-learning module to identify an incorrect correlation rule; and
identifying (612), via the one or more hardware processors, at least one root cause alarm for each of the one or more correlated alarm bundles, wherein each newly received alarm is added into the one or more correlated alarm bundles.
2. The processor-implemented method (600) as claimed in claim 1, wherein the predefined telecom networks include a circuit-switched (CS) network, packet-switched (PS) network, 2G-radio access network (RAN-2G), 3G-radio access network (RAN-3G), 4G-radio access network (RAN-4G) and 5G-radio access network (RAN-5G).
3. The processor-implemented method (600) as claimed in claim 1, wherein each newly received alarm from a plurality devices is correlated with existing correlated alarms.
4. The processor-implemented method (600) as claimed in claim 1, wherein an alarm-based topology data and a discovery based topology data is used for one or more correlated scenarios.
5. The processor-implemented method (600) as claimed in claim 1, wherein the one or more alarms received in each time window are correlated based on the predefined set of correlation rules comprises of a node level alarm correlation rules, a domain level alarm correlation rules, and a cross-domain alarm correlation rules.
6. A system (100) comprising:
an input/output interface (104) to receive one or more alarms from a plurality devices of a predefined telecom networks;
a memory (110) in communication with the one or more hardware processors (108), wherein the one or more hardware processors (108) are configured to execute programmed instructions stored in the memory (110) to;
pre-process the received one or more alarms to discard each unwarranted alarm to identify one or more active alarms;
corelate the identified one or more active alarms within a domain and a cross-domain of the predefined telecom networks using a predefined set of correlation rules from a predefined library, wherein the predefined library is enriched and auto-updated with alarm correlation rules covering a plurality of correlated scenarios;
bundle each of the one or more correlated alarms based on a correlation type and a unique correlation identity to form one or more correlated alarm bundles, wherein the correlation type includes topology-based correlation and temporal based correlation;
evaluate the one or more correlated alarm bundles along with the predefined set of correlation rules using an artificial intelligence (AI) based self-learning module to identify an incorrect correlation rule; and
identify at least one root cause alarm for each of the one or more correlated alarm bundles, wherein each newly received alarm is added into the one or more correlated alarm bundles.
7. The system (100) as claimed in claim 6, wherein the predefined telecom networks include a circuit-switched (CS) network, packet-switched (PS) network, 2G-radio access network (RAN-2G), 3G-radio access network (RAN-3G), 4G-radio access network (RAN-4G) and 5G-radio access network (RAN-5G).
8. The system (100) as claimed in claim 6, wherein each newly received alarm from a plurality devices is correlated with existing correlated alarms.
9. The system (100) as claimed in claim 6, wherein an alarm-based topology data and a discovery based topology data is used for one or more correlated scenarios.
10. The system (100) as claimed in claim 6, wherein the one or more alarms received in each time window are correlated based on the predefined set of correlation rules comprises of a node level alarm correlation rules, a domain level alarm correlation rules, and a cross-domain alarm correlation rules.