Method and system for advanced scenario based alert generation and processing

US 20040177053A1
Filed: 03/04/2003
Published: 09/09/2004
Est. Priority Date: 03/04/2003
Status: Active Grant

First Claim

Patent Images

1. A computer based method for generating alerts to a behavior as represented in data, the method comprising the steps of:

receiving, on a periodic basis, data from at least one source;

transforming the data from a first format associated with the at least one source to data in a second format for subsequent analysis;

storing the data in the second format to a dataset;

retrieving an advanced scenario, wherein the advanced scenario defines a behavior of interest;

retrieving a portion of the dataset; and

applying the advanced scenario to the portion of the dataset to perform detection processing wherein the detection processing produces one or more matches wherein the matches are indicative of an instantiation of the advanced scenario in the portion of the dataset.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer based method and system generates alerts based on the detection of an advanced scenario in a data set. The system and method may take data related to events and entities, transform the data, and apply advanced scenarios to the data to produce matches that reflect the occurrence of an advanced scenario and the behavior of interest. The advanced scenarios can be defined to cover specific product lines and services, lines of businesses, and combinations thereof. The advanced scenarios can be defined to be indicative of a behavior class, or a specific behavior which is part of a behavior class. Alerts produced by the system can be grouped, prioritized and routed such that the appropriate users are notified in a timely manner. The system and method can be applied to a variety of industries including financial and health care, and can detect both illicit and licit behaviors of interest.

156 Citations

77 Claims

1. A computer based method for generating alerts to a behavior as represented in data, the method comprising the steps of:
- receiving, on a periodic basis, data from at least one source;
  
  transforming the data from a first format associated with the at least one source to data in a second format for subsequent analysis;
  
  storing the data in the second format to a dataset;
  
  retrieving an advanced scenario, wherein the advanced scenario defines a behavior of interest;
  
  retrieving a portion of the dataset; and
  
  applying the advanced scenario to the portion of the dataset to perform detection processing wherein the detection processing produces one or more matches wherein the matches are indicative of an instantiation of the advanced scenario in the portion of the dataset.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the detection processing utilizes one or more algorithms from the set of link analysis, sequence matching, rule based analysis, outlier detection.
  - 3. The method of claim 1, wherein the detection processing includes use of sequence matching wherein the sequence matching identifies sequences in events and relates those sequences to entities in the portion of the dataset.
  - 4. The method of claim 1, wherein the detection processing includes use of link analysis wherein the link analysis establishes connections between entities and events in the portion of the dataset.
  - 5. The method of claim 1, wherein the detection processing includes use of rule based analysis wherein the rules based analysis identifies events and entities based on rules specifying parameters and thresholds for identification of a set of specified events and entities.
  - 6. The method of claim 1, wherein the detection processing includes the use of outlier detection analysis wherein the outlier detection identifies events and entities outside of a defined statistical range.
  - 7. The method of claim 1, further comprising the step of prioritizing the matches, wherein the prioritizing is based on user defined logic and values and produces a set of prioritized matches
  - 8. The method of claim 1, further comprising the step of grouping the matches to form groups of matches, wherein the groups of matches consist of at least one match, and wherein the grouping is based on focus and user defined logic.
  - 9. The method of claim 8, further comprising the step of prioritizing the groups of matches, wherein the prioritizing is based on user defined logic and values.
  - 10. The method of claim 1, further comprising the step of generating one or more alerts based on the existence of one or more matches.
  - 11. The method of claim 7, further comprising the step of generating one or more alerts based on the existence of one or more prioritized matches.
  - 12. The method of claim 8, further comprising the step of generating one or more alerts based on the existence of one or more groups of matches.
  - 13. The method of claim 9, further comprising the step of generating one or more alerts based on the existence of one or more prioritized groups of matches.
  - 14. The method of claim 10, further comprising the step of routing the alerts to a user defined set of recipients.
  - 15. The method of claim 1, wherein the detection processing includes detection of relationships among events and entities in the portion of the dataset.
  - 16. The method of claim 1, wherein the advanced scenario includes a focus, an event, and an entity.

17. The method of claim 17, wherein the advanced scenario further includes parameterized logic.

18. A computer based method for generating alerts to a behavior as represented in data, the method comprising the steps of:
- receiving, on a periodic basis, data from at least one source;
  
  transforming the data from a first format associated with the at least one source to data in a second format for subsequent analysis;
  
  storing the data in the second format to a dataset;
  
  retrieving a behavior description, wherein the behavior description contains a plurality of conditions related to events and entities, the plurality of conditions related to events and entities being indicative of the specific behavior;
  
  retrieving a portion of the dataset; and
  
  performing detection processing, wherein the detection processing includes detection of relationships among events and entities in the portion of the dataset; and
  
  generating a plurality of alerts, wherein the plurality of alerts is indicative of the specific behavior.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 19. The method of claim 18, further comprising the step of routing the alerts to a user defined set of recipients.
  - 20. The method of claim 18, wherein the behavior description contains conditions related to the relationships among events, among entities, and among events and entities.
  - 21. The method of claim 18, wherein the detection processing utilizes one or more algorithms from the set of link analysis, sequence matching, rule based analysis, outlier detection.
  - 22. The method of claim 18, wherein the detection processing includes use of sequence matching wherein the sequence matching identifies sequences in events and relates those sequences to entities in the portion of the dataset.
  - 23. The method of claim 18, wherein the detection processing includes use of link analysis wherein the link analysis establishes connections between customers in the portion of the dataset.
  - 24. The method of claim 18, wherein the detection processing includes use of rule based analysis wherein the rules based analysis identifies events and entities based on rules specifying parameters and thresholds for identification of a set of specified events and entities.
  - 25. The method of claim 18, wherein the detection processing includes the use of outlier detection analysis wherein the outlier detection identifies events and entities outside of a defined statistical range.
  - 26. The method of claim 18, wherein the plurality of alerts are related to events and entities.
  - 27. The method of claim 18, wherein the plurality of alerts are linked to detail records.
  - 28. The method of claim 18, further comprising the steps of:
    - receiving a filter parameter for filtering the plurality of alerts; and
      
      displaying a filtered subset of the plurality of alerts.
  - 29. The method of claim 28, wherein the filter parameter is selected from the group consisting of organization, owner, scenario class, scenario, prioritization, focus, age, status.

30. A computer based method for generating alerts to a behavior as represented in data, the method comprising the steps of:
- receiving, on a periodic basis, data from at least one source;
  
  transforming the data from a first format associated with the at least one source to data in a second format for subsequent analysis;
  
  storing the data in the second format to a dataset;
  
  receiving an advanced scenario, wherein the advanced scenario contains a plurality of events and entities related to a behavior description and reference to at least one algorithm for identifying the plurality of events and entities;
  
  retrieving a portion of the dataset; and
  
  performing detection processing, wherein the detection processing includes the detection of the plurality of events and entities in the portion of the dataset using the at least one algorithm; and
  
  generating a plurality of alerts, wherein the plurality of alerts is indicative of the specific behavior.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 31. The method of claim 30, further comprising the step of routing the alerts to a user defined set of recipients.
  - 32. The method of claim 30, wherein the at least one algorithm is from the set of link analysis, sequence matching, rule based analysis, outlier detection.
  - 33. The method of claim 30, wherein the at least one algorithm includes link analysis.
  - 34. The method of claim 30, wherein the at least one algorithm includes use of link analysis wherein the link analysis establishes connections between customers in the portion of the dataset.
  - 35. The method of claim 30, wherein the at least one algorithm includes rule based analysis wherein the rules based analysis identifies events and entities based on rules specifying parameters and thresholds for identification of a set of specified events and entities.
  - 36. The method of claim 30, wherein the at least one algorithm includes outlier detection analysis wherein the outlier detection identifies events and entities outside of a defined statistical range.
  - 37. The method of claim 30, wherein the plurality of alerts contain embedded links to detail records.
  - 38. The method of claim 30, further comprising the steps of:
    - receiving a filter parameter for filtering the plurality of alerts; and
      
      displaying a filtered subset of the plurality of alerts.
  - 39. The method of claim 38, wherein the filter parameter is selected from the group consisting of organization, owner, scenario class, scenario, prioritization, focus, age, status.
  - 40. The method of claim 30, wherein the advanced scenario also includes parameterized logic.

41. A computer program embodied on a computer-readable medium for generating alerts to a specific behavior as represented in data, the computer program comprising:
- a code segment for receiving, on a periodic basis, data from at least one source;
  
  a code segment for transforming the data from a first format associated with the at least one source to data in a second format for subsequent analysis;
  
  a code segment for storing the data in the second format to a dataset;
  
  a code segment for retrieving an advanced scenario, wherein the advanced scenario defines a behavior of interest;
  
  a code segment for retrieving a portion of the dataset; and
  
  a code segment for applying the advanced scenario to the portion of the dataset to perform detection processing wherein the detection processing produces one or more matches wherein the matches are indicative of an instantiation of the advanced scenario in the portion of the dataset.
- View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55)
- - 42. The computer program of claim 41, wherein the code segment for applying the advanced scenario to the portion of the dataset to perform detection processing includes one or more algorithms from the set of link analysis, sequence matching, rule based analysis, outlier detection.
  - 43. The computer program of claim 41, wherein the code segment for applying the advanced scenario to the portion of the dataset to perform detection processing includes code for sequence matching wherein the sequence matching identifies sequences in events and relates those sequences to entities in the portion of the dataset.
  - 44. The computer program of claim 41, wherein the code segment for applying the advanced scenario to the portion of the dataset to perform detection processing includes code for link analysis wherein the link analysis establishes connections between entities and events in the portion of the dataset.
  - 45. The computer program of claim 41, wherein the code segment for detection processing includes code for rule based analysis wherein the rules based analysis identifies events and entities based on rules specifying parameters and thresholds for identification of a set of specified events and entities.
  - 46. The computer program of claim 41, wherein the detection processing includes code for outlier detection analysis wherein the outlier detection identifies events and entities outside of a defined statistical range.
  - 47. The computer program of claim 41, further comprising a code segment for prioritizing the matches, wherein the prioritizing is based on user defined logic and values and produces a set of prioritized matches
  - 48. The computer program of claim 41, further comprising a code segment for grouping the matches to form groups of matches, wherein the groups of matches consist of at least one match, and wherein the grouping is based on focus and user defined logic.
  - 49. The computer program of claim 41, further comprising a code segment for prioritizing the groups of matches, wherein the prioritizing is based on user defined logic and values.
  - 50. The computer program of claim 41, further comprising a code segment for generating one or more alerts based on the existence of one or more matches.
  - 51. The computer program of claim 48, further comprising a code segment for generating one or more alerts based on the existence of one or more prioritized matches.
  - 52. The computer program of claim 49, further comprising a code segment for generating one or more alerts based on the existence of one or more groups of matches.
  - 53. The computer program of claim 49, further comprising a code segment for generating one or more alerts based on the existence of one or more prioritized groups of matches.
  - 54. The computer program of claim 50, further comprising a code segment for routing the alerts to a user defined set of recipients.
  - 55. The computer program of claim 41, wherein the code segment for applying the advanced scenario to the portion of the dataset to perform detection processing includes code for the detection of relationships among events and entities in the portion of the dataset.

56. A computer program embodied on a computer-readable medium for generating alerts to a specific behavior as represented in data, the computer program comprising:
- a code segment for receiving, on a periodic basis, data from at least one source;
  
  a code segment for transforming the data from a first format associated with the at least one source to data in a second format for subsequent analysis;
  
  a code segment for storing the data in the second format to a dataset;
  
  a code segment for retrieving a behavior description, wherein the behavior description contains a plurality of conditions related to events and entities, the plurality of conditions related to events and entities being indicative of the specific behavior;
  
  a code segment for retrieving a portion of the dataset; and
  
  a code segment for performing detection processing, wherein the detection processing includes detection of relationships among events and entities in the portion of the dataset; and
  
  a code segment for generating a plurality of alerts, wherein the plurality of alerts is indicative of the specific behavior.
- View Dependent Claims (57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67)
- - 57. The computer program of claim 56, further comprising a code segment for routing the alerts to a user defined set of recipients.
  - 58. The computer program of claim 56, wherein the behavior description contains conditions related to the relationships among events, among entities, and among events and entities.
  - 59. The computer program of claim 56, wherein the code segment for performing detection processing includes one or more algorithms from the set of link analysis, sequence matching, rule based analysis, outlier detection.
  - 60. The computer program of claim 56, wherein the code segment for performing detection processing includes code for sequence matching wherein the sequence matching identifies sequences in events and relates those sequences to entities in the portion of the dataset.
  - 61. The computer program of claim 56, wherein the wherein the code segment for performing detection processing includes code for link analysis wherein the link analysis establishes connections between customers in the portion of the dataset.
  - 62. The computer program of claim 56, wherein the code segment for performing detection processing includes code for rules based analysis wherein the rules based analysis identifies events and entities based on rules specifying parameters and thresholds for identification of a set of specified events and entities.
  - 63. The computer program of claim 56, wherein the code segment for detection processing includes code for outlier detection analysis wherein the outlier detection identifies events and entities outside of a defined statistical range.
  - 64. The computer program of claim 56, wherein the plurality of alerts are related to events and entities.
  - 65. The computer program of claim 56, wherein the plurality of alerts are linked to detail records.
  - 66. The computer program of claim 56, further comprising:
    - a code segment for receiving a filter parameter for filtering the plurality of alerts; and
      
      a code segment for displaying a filtered subset of the plurality of alerts.
  - 67. The computer program of claim 63, wherein the filter parameter is selected from the group consisting of organization, owner, scenario class, scenario, prioritization, focus, age, status.

68. A computer program embodied on a computer-readable medium for generating alerts to a specific behavior as represented in data, the computer program comprising:
- a code segment for receiving, on a periodic basis, data from at least one source;
  
  a code segment for transforming the data from a first format associated with the at least one source to data in a second format for subsequent analysis;
  
  a code segment for storing the data in the second format to a dataset;
  
  a code segment for receiving an advanced scenario, wherein the advanced scenario contains a plurality of events and entities related to a behavior description and reference to at least one algorithm for identifying the plurality of events and entities;
  
  a code segment for retrieving a portion of the dataset; and
  
  a code segment for performing detection processing, wherein the code segment for detection processing includes code for detection of the plurality of events and entities in the portion of the dataset using the at least one algorithm; and
  
  a code segment for generating a plurality of alerts, wherein the plurality of alerts is indicative of the specific behavior.
- View Dependent Claims (69, 70, 71, 72, 73, 74, 75, 76, 77)
- - 69. The computer program of claim 68, further comprising a code segment for routing the alerts to a user defined set of recipients.
  - 70. The computer program of claim 68, wherein the at least one algorithm is from the set of link analysis, sequence matching, rule based analysis, outlier detection.
  - 71. The computer program of claim 68, wherein the at least one algorithm includes link analysis.
  - 72. The computer program of claim 68, wherein the at least one algorithm includes use of link analysis wherein the link analysis establishes connections between customers in the portion of the dataset.
  - 73. The computer program of claim 68, wherein the at least one algorithm includes rule based analysis wherein the rules based analysis identifies events and entities based on rules specifying parameters and thresholds for identification of a set of specified events and entities.
  - 74. The computer program of claim 68, wherein the at least one algorithm includes outlier detection analysis wherein the outlier detection identifies events and entities outside of a defined statistical range.
  - 75. The computer program of claim 68, wherein the plurality of alerts contain embedded links to detail records.
  - 76. The computer program of claim 68, further comprising:
    - a code segment for receiving a filter parameter for filtering the plurality of alerts; and
      
      a code segment for displaying a filtered subset of the plurality of alerts.
  - 77. The computer program of claim 76, wherein the filter parameter is selected from the group consisting of organization, owner, scenario class, scenario, prioritization, focus, age, status.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mantas, Inc. (Oracle Corporation)
Original Assignee
Mantas, Inc. (Oracle Corporation)
Inventors
Donoho, Steven Kirk, Grote, Linda Hagen, Hayden, James Joseph, Dybala, Tomasz Grzegorz, Brooks, William Edgar Jr.

Granted Patent

US 7,693,810 B2
Time in Patent Office

Days
Field of Search
US Class Current

706/47
CPC Class Codes

G06Q 10/04 Forecasting or optimisation...

G06Q 40/00 Finance; Insurance; Tax str...

Method and system for advanced scenario based alert generation and processing

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

156 Citations

77 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for advanced scenario based alert generation and processing

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

156 Citations

77 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links