Graph-based data analysis for sensor networks
First Claim
1. A computer-implemented method for detecting a change in operation of at least one of a plurality of devices in a network, the method performed by at least one processor, the method comprising:
- receiving, by the at least one processor, data generated by a plurality of devices in the network;
generating, by the at least one processor, based on the data, a graph that includes;
i) nodes, and ii) edges connecting pairs of nodes, wherein;
each of the nodes corresponds to a different value, or a different range of values, of the data;
each of the edges connects a pair of nodes for which corresponding values, or ranges of values, are present in the data during a same time period; and
each of the edges is associated with a counter value that indicates a number of time periods during which the corresponding values, or ranges of values, are present in the data;
identifying, by the at least one processor, based on the generated graph, a typical operating mode of the plurality of devices, the typical operating mode including a set of values corresponding to nodes for which the connecting edges exhibit a highest counter value;
storing, by the at least one processor, the typical operating mode in data storage;
generating, by the at least one processor, an updated version of the graph that is based on updated data generated by the plurality of devices;
identifying, by the at least one processor, a change from the typical operating mode based on a comparison between the updated graph and the previously generated graph;
in response to the identification, generating, by the at least one processor, at least one alert that describes the change from the typical operating mode of the plurality of devices; and
transmitting the generated at least one alert to at least one user or process associated with the network.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are described for graph-based analysis of data generated on sensor networks, such as Internet-of-Things (IoT) networks. Data may be collected from various computing devices, or sensors, on a network. The data is discretized and analyzed to provide a graphical representation of at least a portion of the data. In some instances, the graph may be determined based on various relationships between nodes that correspond to discrete portions of the data, and the relationships between nodes may be time-based correlations between the data of the nodes. The graph accumulates, compresses, and organizes the data to enable efficient data visualization, analysis, alert generation, and/or other activities. A previously generated version of a graph may be compared to a current version to identify a changing situation, such as new usage of the monitored devices, failure or anomalous behavior of the devices, and so forth.
12 Citations
20 Claims
-
1. A computer-implemented method for detecting a change in operation of at least one of a plurality of devices in a network, the method performed by at least one processor, the method comprising:
-
receiving, by the at least one processor, data generated by a plurality of devices in the network; generating, by the at least one processor, based on the data, a graph that includes;
i) nodes, and ii) edges connecting pairs of nodes, wherein;each of the nodes corresponds to a different value, or a different range of values, of the data; each of the edges connects a pair of nodes for which corresponding values, or ranges of values, are present in the data during a same time period; and each of the edges is associated with a counter value that indicates a number of time periods during which the corresponding values, or ranges of values, are present in the data; identifying, by the at least one processor, based on the generated graph, a typical operating mode of the plurality of devices, the typical operating mode including a set of values corresponding to nodes for which the connecting edges exhibit a highest counter value; storing, by the at least one processor, the typical operating mode in data storage; generating, by the at least one processor, an updated version of the graph that is based on updated data generated by the plurality of devices; identifying, by the at least one processor, a change from the typical operating mode based on a comparison between the updated graph and the previously generated graph; in response to the identification, generating, by the at least one processor, at least one alert that describes the change from the typical operating mode of the plurality of devices; and transmitting the generated at least one alert to at least one user or process associated with the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system, comprising:
-
at least one processor; and a memory communicatively coupled to the at least one processor, the memory storing instructions which, when executed by the at least one processor, cause the at least one processor to perform operations for detecting a change in operation of at least one of a plurality of devices in a network, the operations comprising; receiving data generated by a plurality of devices in the network; generating based on the data, a graph that includes;
i) nodes, and ii) edges connecting pairs of nodes, wherein;each of the nodes corresponds to a different value, or a different range of values, of the data; each of the edges connects a pair of nodes for which corresponding values, or ranges of values, are present in the data during a same time period; and each of the edges is associated with a counter value that indicates a number of time periods during which the corresponding values, or ranges of values, are present in the data; identifying, based on the generated graph, a typical operating mode of the plurality of devices, the typical operating mode including a set of values corresponding to nodes for which the connecting edges exhibit a highest counter value; storing the typical operating mode in data storage; generating an updated version of the graph that is based on updated data generated by the plurality of devices; identifying, by the at least one processor, a deviance from the typical operating mode based on a comparison between the updated graph and the previously generated graph; in response to the identification, generating at least one alert that describes the deviance from the typical operating mode of the plurality of devices; and transmitting the generated at least one alert to at least one user or process associated with the network. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. One or more computer-readable media storing instructions which, when executed by at least one processor, cause the at least one processor to perform operations for detecting a change in operation of at least one of a plurality of devices in a network, the operations comprising:
-
receiving data generated by a plurality of devices; generating based on the data, a graph that includes;
i) nodes, and ii) edges connecting pairs of nodes, wherein;each of the nodes corresponds to a different value, or a different range of values, of the data; each of the edges connects a pair of nodes for which corresponding values, or ranges of values, are present in the data during a same time period; and each of the edges is associated with a counter value that indicates a number of time periods during which the corresponding values, or ranges of values, are present in the data; identifying, based on the generated graph, a typical operating mode of the plurality of devices, the typical operating mode including a set of values corresponding to nodes for which the connecting edges exhibit a highest counter value; storing the typical operating mode in data storage; generating an updated version of the graph that is based on updated data generated by the plurality of devices; identifying a deviance from the typical operating mode based on a comparison between the updated graph and the previously generated graph; in response to the identification, generating at least one alert that describes the deviance from the typical operating mode of the plurality of devices; and transmitting the generated at least one alert to at least one user or process associated with the network. - View Dependent Claims (17, 18, 19, 20)
-
Specification