Discovery routing systems and engines
First Claim
1. A security detection system comprising:
- a knowledge database programmed to store a plurality of datasets, each dataset comprising at least one descriptor-value pair having a descriptor and an associated value;
an analytical engine coupled with the knowledge database, and programmed to identify at least one anomaly in a dataset of the plurality of datasets, wherein the at least one anomaly is associated with a condition and characterizes a descriptor-value pair having a value that meets a qualifier associated with the descriptor at or beyond a predetermined threshold value for the descriptor;
a cross-validation engine comprising an association application and a relationship application, coupled with the analytical engine and programmed to designate the at least one anomaly as a significant anomaly by (i) in the association application, cross-referencing the at least one anomaly with one or more other descriptor-value pairs of attributes that are associated with the condition and known to have a value that meets the qualifier, wherein the cross-referencing includes traversing the plurality of datasets to identify at least one of the one or more other descriptor-value pairs of attributes, (ii) identifying further attributes of the at least one anomaly by performing a comparison of at least one attribute with the at least one value of the descriptor-value pair of the at least one anomaly using at least one parameter different from a parameter of the qualifier, and (iii) in the relationship application, including the descriptor-value pair of the at least one anomaly in a significant anomaly dataset if at least one other descriptor-value pair is identified as related to the condition; and
an expert engine comprising an expert memory, coupled with the cross-validation engine and programmed to (i) communicate with a plurality of experts, wherein each expert is associated with an identifier in the expert memory, and (ii) associate the descriptor-value pair in the significant anomaly dataset with an expert based on the identifier.
1 Assignment
0 Petitions
Accused Products
Abstract
The inventive subject matter provides apparatus, systems, and methods that improve on the pace of discovering new practical information based on large amounts of datasets collected. In most cases, anomalies from the datasets are automatically identified, flagged, and validated by a cross-validation engine. Only validated anomalies are then associated with a subject matter expert who is qualified to take action on the anomaly. In other words, the inventive subject matter bridges the gap between the overwhelming amount of scientific data which can now be harvested and the comparatively limited amount analytical resources available to extract practical information from the data. Practical information can be in the form of trends, patterns, maps, hypotheses, or predictions, for example, and such practical information has implications in medicine, in environmental sciences, entertainment, travel, shopping, social interactions, or other areas.
23 Citations
23 Claims
-
1. A security detection system comprising:
-
a knowledge database programmed to store a plurality of datasets, each dataset comprising at least one descriptor-value pair having a descriptor and an associated value; an analytical engine coupled with the knowledge database, and programmed to identify at least one anomaly in a dataset of the plurality of datasets, wherein the at least one anomaly is associated with a condition and characterizes a descriptor-value pair having a value that meets a qualifier associated with the descriptor at or beyond a predetermined threshold value for the descriptor; a cross-validation engine comprising an association application and a relationship application, coupled with the analytical engine and programmed to designate the at least one anomaly as a significant anomaly by (i) in the association application, cross-referencing the at least one anomaly with one or more other descriptor-value pairs of attributes that are associated with the condition and known to have a value that meets the qualifier, wherein the cross-referencing includes traversing the plurality of datasets to identify at least one of the one or more other descriptor-value pairs of attributes, (ii) identifying further attributes of the at least one anomaly by performing a comparison of at least one attribute with the at least one value of the descriptor-value pair of the at least one anomaly using at least one parameter different from a parameter of the qualifier, and (iii) in the relationship application, including the descriptor-value pair of the at least one anomaly in a significant anomaly dataset if at least one other descriptor-value pair is identified as related to the condition; and an expert engine comprising an expert memory, coupled with the cross-validation engine and programmed to (i) communicate with a plurality of experts, wherein each expert is associated with an identifier in the expert memory, and (ii) associate the descriptor-value pair in the significant anomaly dataset with an expert based on the identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer related product comprising a non-transitory computer readable medium storing instructions that cause a processor to execute the steps of:
-
providing access to a knowledge database programmed to store a plurality of datasets, each dataset comprising at least one descriptor-value pair having a descriptor associated with a value; providing a security detection engine that is coupled with the knowledge database; associating, by the security detection engine, a qualifier with at least one descriptor; identifying, by the security detection engine, at least one anomaly in a dataset of the plurality of datasets, wherein the at least one anomaly is associated with a condition and characterizes a descriptor-value pair having a value that deviates from a qualifier associated with the descriptor beyond a predetermined threshold value for the descriptor; designating, by the security detection engine, the at least one anomaly as a significant anomaly by (i) cross-referencing the at least one anomaly with one or more other descriptor-value pairs of attributes that are associated with the condition and known to have a value that deviates from the qualifier, wherein the cross-referencing includes traversing the dataset of the plurality of datasets to identify at least one of the one or more other descriptor-value pairs of attributes, (ii) identifying further attributes of the at least one anomaly by performing a comparison of at least one attribute with the at least one value of the descriptor-value pair of the at least one anomaly using at least one parameter different from a parameter of the qualifier, and (iii) including the descriptor-value pair of the at least one anomaly in the significant anomaly dataset if at least one other descriptor-value pair is identified as related to the condition; communicating, by the security detection engine, with a plurality of experts, wherein each expert is associated with an identifier in an expert memory; and associating, by the security detection engine, the descriptor-value pair in the significant anomaly dataset with an expert based on the identifier. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method of detecting anomalies, the method comprising:
-
providing access to a knowledge database programmed to store a plurality of datasets, each dataset comprising at least one descriptor-value pair having a descriptor associated with a value; providing an anomaly detection engine that is coupled with the knowledge database; associating, by the anomaly detection engine, a qualifier with at least one descriptor; identifying, by the anomaly detection engine, at least one anomaly in a dataset of the plurality of datasets, wherein the at least one anomaly is associated with a condition and characterizes a descriptor-value pair having a value that deviates from a qualifier associated with the descriptor beyond a predetermined threshold value for the descriptor; designating, by the anomaly detection engine, the at least one anomaly as a significant anomaly by (i) cross-referencing the at least one anomaly with one or more other descriptor-value pairs of attributes that are associated with the condition and known to have a value that deviates from the qualifier, wherein the cross-referencing includes traversing the dataset of the plurality of datasets to identify at least one of the one or more other descriptor-value pairs of attributes, (ii) identifying further attributes of the at least one anomaly by performing a comparison of at least one attribute with the at least one value of the descriptor-value pair of the at least one anomaly using at least one parameter different from a parameter of the qualifier, and (iii) including the descriptor-value pair of the at least one anomaly in the significant anomaly dataset if at least one other descriptor-value pair is identified as related to the condition; communicating, by the anomaly detection engine, with a plurality of experts, wherein each expert is associated with an identifier in an expert memory; and associating, by the anomaly detection engine, the descriptor-value pair in the significant anomaly dataset with an expert based on the identifier.
-
Specification