Data-agnostic anomaly detection
First Claim
1. A data-anomaly detection system comprising:
- one or more processors;
one or more computer-readable media; and
a routine that executes on the one or more processors to analyze digitally encoded data output from a system monitoring tool and stored in the computer-readable media byidentifying the output data as qualified data or corrupted data;
identifying and sorting the qualified data into categorized data;
calculating normalcy bounds for the categorized data;
discarding the corrupted data from the computer-readable media; and
inputting the categorized data and normalcy bounds to an alerting engine that generates an alert when the categorized data is outside the normalcy bounds.
3 Assignments
0 Petitions
Accused Products
Abstract
This disclosure presents computational systems and methods for detecting anomalies in data output from any type of monitoring tool. The data is aggregated and sent to an alerting system for abnormality detection via comparison with normalcy bounds. The anomaly detection methods are performed by construction of normalcy bounds of the data based on the past behavior of the data output from the monitoring tool. The methods use data quality assurance and data categorization processes that allow choosing a correct procedure for determination of the normalcy bounds. The methods are completely data agnostic, and as a result, can also be used to detect abnormalities in time series data associated with any complex system.
23 Citations
36 Claims
-
1. A data-anomaly detection system comprising:
-
one or more processors; one or more computer-readable media; and a routine that executes on the one or more processors to analyze digitally encoded data output from a system monitoring tool and stored in the computer-readable media by identifying the output data as qualified data or corrupted data; identifying and sorting the qualified data into categorized data; calculating normalcy bounds for the categorized data; discarding the corrupted data from the computer-readable media; and inputting the categorized data and normalcy bounds to an alerting engine that generates an alert when the categorized data is outside the normalcy bounds. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method carried out within a computer system having one or more processors and an electronic memory that analyzes digitally encoded data stored in one or more computer-readable media, the method comprising:
-
identifying data output from a system monitoring tool as qualified data or corrupted data; identifying and sorting the qualified data into categorized data; calculating normalcy bounds for the categorized data; discarding the corrupted data from the computer-readable media; and inputting the categorized data and normalcy bounds to an alerting engine that generates an alert when the categorized data is outside the normalcy bounds. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A non-transitory computer-readable medium encoded with machine-readable instructions that implement a method carried out by one or more processors of a computer system to perform the operations of
identifying data output from a system monitoring tool as qualified data or corrupted data; -
identifying and sorting the qualified data into categorized data; calculating normalcy bounds for the categorized data; discarding the corrupted data from the computer-readable media; and inputting the categorized data and normalcy bounds to an alerting engine that generates an alert when the categorized data is outside the normalcy bounds. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
Specification