Runtime thresholds for behavior detection

US 20060294095A1
Filed: 06/09/2005
Published: 12/28/2006
Est. Priority Date: 06/09/2005
Status: Abandoned Application

First Claim

Patent Images

1. A computer based method for detecting a behavior, the method comprising:

receiving data from at least one source;

determining an application environment corresponding to the data;

retrieving a scenario, wherein the scenario comprises one or more parameterized patterns indicative of one or more behaviors;

retrieving one or more parameter sets applicable to the one or more parameterized patterns, wherein each parameter set comprises one or more parameters;

selecting one of the one or more parameter sets based on the application environment;

forming a dataset, wherein the dataset includes a portion of the received data, one or more events and one or more entities; and

detecting one or more matches between the dataset and the one or more parameterized patterns with the selected parameter set.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer based method and system for detecting behaviors from patterns of data where sets of thresholds and ranges used within detection scenarios can be created and applied while the system is in active operation. Data is received from at least one source, and an application environment is determined. A scenario including one or more parameterized patterns indicative of one or more behaviors is retrieved. One or more sets of parameters applicable to the one or more parameterized patterns are also retrieved. A parameter set is selected based on the application environment, and a dataset including a portion of the received data, one or more events, and one or more entities is formed. Detection processing is then performed by detecting one or more matches between the dataset and the parameterized patterns using the selected parameter set.

Citations

14 Claims

1. A computer based method for detecting a behavior, the method comprising:
- receiving data from at least one source;
  
  determining an application environment corresponding to the data;
  
  retrieving a scenario, wherein the scenario comprises one or more parameterized patterns indicative of one or more behaviors;
  
  retrieving one or more parameter sets applicable to the one or more parameterized patterns, wherein each parameter set comprises one or more parameters;
  
  selecting one of the one or more parameter sets based on the application environment;
  
  forming a dataset, wherein the dataset includes a portion of the received data, one or more events and one or more entities; and
  
  detecting one or more matches between the dataset and the one or more parameterized patterns with the selected parameter set.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein detecting one or more matches comprises:
    - performing sequence matching to identify sequences in the one or more events; and
      
      relating those sequences to the one or more entities in the dataset.
  - 3. The method of claim 1 wherein detecting one or more matches comprises one or more of the following:
    - performing link analysis to establish connections between a plurality of entities and events in the dataset;
      
      performing rule-based analysis to identify one or more entities and one or more events in the dataset based on rules specifying parameters and thresholds; and
      
      performing outlier detection analysis to identify at least one event and at least one entity outside of a defined range.
  - 4. The method of claim 1, further comprising:
    - generating one or more alerts based on the existence of one or more matches.
  - 5. The method of claim 1, further comprising:
    - generating one or more reports based on the existence of one or more matches.

6. A computer readable medium embodying program instructions for detecting a behavior, the computer readable medium comprising instructions for:
- receiving data from at least one source;
  
  determining an application environment corresponding to the data;
  
  retrieving a scenario, wherein the scenario comprises one or more parameterized patterns indicative of one or more behaviors;
  
  retrieving one or more parameter sets applicable to the one or more parameterized patterns, wherein each parameter set comprises one or more parameters;
  
  selecting one of the one or more parameter sets based on the application environment;
  
  forming a dataset, wherein the dataset includes a portion of the received data, one or more events and one or more entities; and
  
  detecting one or more matches between the dataset and the one or more parameterized patterns with the selected parameter set.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer readable medium of claim 6 wherein the detecting one or more matches comprises instructions for one or more of the following:
    - performing sequence matching to identify sequences in the one or more events in the dataset and relating those sequences to the one or more entities in the dataset;
      
      performing link analysis to establish connections between a plurality of entities and events in the dataset;
      
      performing rule-based analysis to identify one or more entities and one or more events in the dataset based on rules specifying parameters and thresholds; and
      
      performing outlier detection analysis to identify at least one event and at least one entity outside of a defined range.
  - 8. The computer readable medium of claim 6, further comprising instructions for:
    - generating one or more alerts based on the existence of one or more matches.
  - 9. The computer readable medium of claim 6, further comprising instructions for:
    - generating one or more reports based on the existence of one or more matches.
  - 10. The computer readable medium of claim 6 wherein the medium comprises one or more of magnetic data storage disks, magnetic tape, alterable electronic read-only memory, non-alterable electronic read-only memory, electronic random-access memory, flash memory, optical storage devices, wired communication links, wired transmission media, wired propagated signal media, wireless communication links, wireless transmission media, and wireless propagated signal media.

11. A system for detecting a behavior, the system comprising:
- a processor having circuitry to execute instructions;
  
  a communications interface, in communication with the processor, for receiving data from at least one source;
  
  a memory, in communication with the processor, for storing instructions for;
  
  determining an application environment corresponding to the data;
  
  retrieving a scenario, wherein the scenario comprises one or more parameterized patterns indicative of one or more behaviors;
  
  retrieving one or more parameter sets applicable to the one or more parameterized patterns, wherein each parameter set comprises one or more parameters;
  
  selecting one of the one or more parameter sets based on the application environment;
  
  forming a dataset, wherein the dataset includes a portion of the received data, one or more events and one or more entities; and
  
  detecting one or more matches between the dataset and the one or more parameterized patterns with the selected parameter set.

12. A method for configuring parameter sets for detection scenarios, the method comprising:
- retrieving a base parameter set comprising one or more parameters for use in a detection scenario and a default value for each parameter;
  
  generating one or more derived parameter sets, wherein each derived parameter set includes at least one parameter from the base parameter set;
  
  setting at least one parameter in each derived parameter set to a value different than the default value for the corresponding parameter in the base parameter set; and
  
  specifying, for each derived parameter set, an application environment to which the derived parameter set applies.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12 wherein at least one parameter applies to a pattern defined in the detection scenario.
  - 14. The method of claim 12 wherein at least one parameter applies to a dataset defined in the detection scenario.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mantas, Inc. (Oracle Corporation)
Original Assignee
Mantas, Inc. (Oracle Corporation)
Inventors
Aggarwal, Vineet K., Berk, Mitchell F., Salmon, Seth P.

Application Number

US11/148,472
Publication Number

US 20060294095A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06Q 10/04   Forecasting or optimisation...

G06Q 30/02   Marketing; Price estimation...

G06Q 40/00   Finance; Insurance; Tax str...

Runtime thresholds for behavior detection

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Runtime thresholds for behavior detection

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links