Computer system to identify anomalies based on computer-generated results
First Claim
1. An apparatus, comprising:
- processing circuitry; and
memory to store instructions that, when executed by the processing circuitry, cause the processing circuitry to;
obtain scenario rules and data representing actions performed by entities;
apply the scenario rules to a subset of the data to detect scenario violations based on the actions performed by the entities, the subset of the data associated with the entities of a particular entity type;
group scenario violations into scenario clusters, each scenario cluster comprising one or more scenario violations associated with similar behavior performed by the entities indicated by similarity metrics, and each of the scenario clusters is one of a set of scenario clusters;
determine predictive ability values for each of the scenario clusters, the predictive ability values to indicate relative significance between each of the scenario clusters to predict a target behavior;
rank the scenario clusters based on the predictive ability values and remove scenario clusters from the set of scenario clusters having predictive ability values below a predictive threshold;
generate combinations of scenario clusters from the set of scenario clusters, each of the combinations of scenario clusters including two or more scenario clusters;
determine an effectiveness factor for each of the combinations of scenario clusters, each of the effectiveness factors based on a number of entities committing the targeted behavior as a percentage of all the entities that committed at least one scenario violation for a particular combination of scenario clusters of the combinations of scenario clusters;
generate scores for each of the entities of the particular entity type using the combinations of scenario clusters having the effectiveness factor at or above an effectiveness threshold; and
provide results to a system to enable presentation on a display device, the results indicating one or more of the entities that committed the targeted behavior based on the scores for each of the entities.
1 Assignment
0 Petitions
Accused Products
Abstract
One or more embodiments may include techniques to identify anomalies based on computer-generated results. Moreover, embodiments may include applying scenario rules to data to detect scenario violations and grouping the scenario violations into scenario clusters based on similar behavior performed by entities indicated by similarity metrics. embodiments include determining predictive ability values for each of the scenario clusters, ranking the scenario clusters based on the predictive ability values, and removing scenario clusters having predictive ability values below a threshold. In embodiments combinations of scenario clusters may be generated from the set of scenario clusters and the combinations of scenario clusters may be evaluated for effectiveness. Embodiments include generating scores for entities of the combinations of scenario clusters deemed effective, and provide results indicating whether one or more of the entities committed an anomaly based on the scores for each of the entities.
-
Citations
30 Claims
-
1. An apparatus, comprising:
-
processing circuitry; and memory to store instructions that, when executed by the processing circuitry, cause the processing circuitry to; obtain scenario rules and data representing actions performed by entities; apply the scenario rules to a subset of the data to detect scenario violations based on the actions performed by the entities, the subset of the data associated with the entities of a particular entity type; group scenario violations into scenario clusters, each scenario cluster comprising one or more scenario violations associated with similar behavior performed by the entities indicated by similarity metrics, and each of the scenario clusters is one of a set of scenario clusters; determine predictive ability values for each of the scenario clusters, the predictive ability values to indicate relative significance between each of the scenario clusters to predict a target behavior; rank the scenario clusters based on the predictive ability values and remove scenario clusters from the set of scenario clusters having predictive ability values below a predictive threshold; generate combinations of scenario clusters from the set of scenario clusters, each of the combinations of scenario clusters including two or more scenario clusters; determine an effectiveness factor for each of the combinations of scenario clusters, each of the effectiveness factors based on a number of entities committing the targeted behavior as a percentage of all the entities that committed at least one scenario violation for a particular combination of scenario clusters of the combinations of scenario clusters; generate scores for each of the entities of the particular entity type using the combinations of scenario clusters having the effectiveness factor at or above an effectiveness threshold; and provide results to a system to enable presentation on a display device, the results indicating one or more of the entities that committed the targeted behavior based on the scores for each of the entities. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented, comprising:
-
obtaining scenario rules and data representing actions performed by entities; applying the scenario rules to a subset of the data to detect scenario violations based on the actions performed by the entities, the subset of the data associated with the entities of a particular entity type; grouping scenario violations into scenario clusters, each scenario cluster comprising one or more scenario violations associated with similar behavior performed by the entities indicated by similarity metrics, and each of the scenario clusters is one of a set of scenario clusters; determining predictive ability values for each of the scenario clusters, the predictive ability values to indicate relative significance between each of the scenario clusters to predict a target behavior; ranking the scenario clusters based on the predictive ability values and removing scenario clusters from the set of scenario clusters having predictive ability values below a predictive threshold; generating combinations of scenario clusters from the set of scenario clusters, each of the combinations of scenario clusters including two or more scenario clusters; determining an effectiveness factor for each of the combinations of scenario clusters, each of the effectiveness factors based on a number of entities committing the targeted behavior as a percentage of all the entities that committed at least one scenario violation for a particular combination of scenario clusters of the combinations of scenario clusters; generating scores for each of the entities of the particular entity type using the combinations of scenario clusters having the effectiveness factor at or above an effectiveness threshold; and providing results to a system to enable presentation on a display device, the results indicating one or more of the entities that committed the targeted behavior based on the scores for each of the entities. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. At least one non-transitory computer-readable storage medium comprising instructions that when executed cause processing circuitry to:
-
obtain scenario rules and data representing actions performed by entities; apply the scenario rules to a subset of the data to detect scenario violations based on the actions performed by the entities, the subset of the data associated with the entities of a particular entity type; group scenario violations into scenario clusters, each scenario cluster comprising one or more scenario violations associated with similar behavior performed by the entities indicated by similarity metrics, and each of the scenario clusters is one of a set of scenario clusters; determine predictive ability values for each of the scenario clusters, the predictive ability values to indicate relative significance between each of the scenario clusters to predict a target behavior; rank the scenario clusters based on the predictive ability values and removing scenario clusters from the set of scenario clusters having predictive ability values below a predictive threshold; generate combinations of scenario clusters from the set of scenario clusters, each of the combinations of scenario clusters including two or more scenario clusters; determine an effectiveness factor for each of the combinations of scenario clusters, each of the effectiveness factors based on a number of entities committing the targeted behavior as a percentage of all the entities that committed at least one scenario violation for a particular combination of scenario clusters of the combinations of scenario clusters; generate scores for each of the entities of the particular entity type using the combinations of scenario clusters having the effectiveness factor at or above an effectiveness threshold; and provide results to a system to enable presentation on a display device, the results indicating one or more of the entities that committed the targeted behavior based on the scores for each of the entities. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification