×

Systems and methods for robust anomaly detection

  • US 10,635,565 B2
  • Filed: 11/16/2017
  • Issued: 04/28/2020
  • Est. Priority Date: 10/04/2017
  • Status: Active Grant
First Claim
Patent Images

1. A system, comprising:

  • a distributed cache configured to store state information for a plurality of configuration items (CIs);

    a plurality of management, instrumentation, and discovery (MID) servers forming a cluster, each of the plurality of MID servers comprising;

    one or more processors, configured to execute machine-readable instructions;

    a tangible, non-transitory, machine-readable medium, comprising the machine-readable instructions that, when executed by the one or more processors, cause a corresponding MID server to;

    receive, from the distributed cache, a subset of the state information associated with assigned CIs; and

    perform a statistical analysis on the subset of the state information; and

    an anomaly detector, configured to;

    identify statistical outliers of the statistical analysis; and

    identify an anomaly of the statistical outliers by tracking a history of the statistical outliers;

    wherein the anomaly is determined based upon a magnitude of deviation between the subset of the state information and a statistical model;

    a change detector, configured to;

    identify the statistical outliers using a first filter applied to the subset of the state information, the first filter comprising a Kalman filter that produces estimates of unknown variables using Bayesian inference and joint probability distribution estimation over the unknown variables for a timeframe;

    determine when a data transition associated with the statistical outliers indicates noise;

    determine when the data transition associated with the statistical outliers indicates a level change, byupon identifying the statistical outliers, feed data to a second filter that represents data indicative of no statistical outlier occurring;

    upon stabilization of a change in the first filter, use an output of the second filter as a reference to determine is the change is statically significant;

    when the change is statistically significant, classify the data transition associated with the statistical outliers as a level shift, andotherwise, when the change is not statistically significant, classify the data transition associated with the statistical outliers as noise; and

    when the data transition associated with the statistical outliers indicates the level change, present a notification of the level change.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×