Event anomaly analysis and prediction
First Claim
1. An event anomaly analysis and prediction apparatus comprising:
- a processor; and
a memory storing machine readable instructions that when executed by the processor cause the processor to;
access at least one master directed graph that specifies known events and transitions between the known events;
rank each of the known events, whereinthe ranking of each of the known events is based on a probability of anomalousness assigned to each of the known events, andthe probability of anomalousness assigned to a known event of the known events is determined relative to each of the other known events;
cluster each of the ranked known events into a plurality of anomaly categories;
determine, based on the plurality of anomaly categories, a plurality of rules to analyze new events;
access data that is to be analyzed for an anomaly;
determine, based on an application of the plurality of rules to the data, whether the data includes the anomaly; and
in response to a determination that the data includes the anomaly, control a device associated with the data.
2 Assignments
0 Petitions
Accused Products
Abstract
According to an example, event anomaly analysis and prediction may include accessing a master directed graph that specifies known events and transitions between the known events, and ranking each of the known events. Each of the ranked known events may be clustered into a plurality of anomaly categories. A plurality of rules to analyze new events may be determined based on the plurality of anomaly categories. A determination may be made, based on an application of the plurality of rules to data that is to be analyzed for an anomaly, whether the data includes the anomaly. In response to a determination that the data includes the anomaly, a device associated with the data may be controlled.
60 Citations
20 Claims
-
1. An event anomaly analysis and prediction apparatus comprising:
-
a processor; and a memory storing machine readable instructions that when executed by the processor cause the processor to; access at least one master directed graph that specifies known events and transitions between the known events; rank each of the known events, wherein the ranking of each of the known events is based on a probability of anomalousness assigned to each of the known events, and the probability of anomalousness assigned to a known event of the known events is determined relative to each of the other known events; cluster each of the ranked known events into a plurality of anomaly categories; determine, based on the plurality of anomaly categories, a plurality of rules to analyze new events; access data that is to be analyzed for an anomaly; determine, based on an application of the plurality of rules to the data, whether the data includes the anomaly; and in response to a determination that the data includes the anomaly, control a device associated with the data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for event anomaly analysis and prediction, the method comprising:
-
accessing at least one master directed graph that specifies known events and transitions between the known events; ranking each of the known events, wherein the ranking of each of the known events is based on a probability of anomalousness assigned to each of the known events, and the probability of anomalousness assigned to a known event of the known events is determined relative to each of the other known events; clustering each of the ranked known events into a plurality of anomaly categories; determining, based on the plurality of anomaly categories, a plurality of rules to analyze new events; accessing data that is to be analyzed for anomalies; identifying, based on an application of the plurality of rules to the data, selected ones of the anomalies in the data; determining, for the data, a plurality of objects of different sizes that represent different ones of the selected ones of the anomalies; and generating a display of the plurality of objects. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable medium having stored thereon machine readable instructions for event anomaly analysis and prediction, the machine readable instructions, when executed, cause a processor to:
-
access at least one master directed graph that specifies known events and transitions between the known events; rank each of the known events, wherein the ranking of each of the known events is based on a probability of anomalousness assigned to each of the known events, and the probability of anomalousness assigned to a known event of the known events is determined relative to each of the other known events; cluster each of the ranked known events into a plurality of anomaly categories; determine, based on the plurality of anomaly categories, a plurality of rules to analyze new events; access data that is to be analyzed for an anomaly; determine, based on an application of the plurality of rules to the data, whether the data includes the anomaly by determining, based on the master directed graph, a baseline activity graph, determining, based on the data, a real-time activity graph, and comparing the baseline activity graph to the real-time activity graph to determine whether the data includes the anomaly; and in response to a determination that the data includes the anomaly, control a device associated with the data. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification