SYSTEM AND METHOD FOR DEFINING NORMAL OPERATING REGIONS AND IDENTIFYING ANOMALOUS BEHAVIOR OF UNITS WITHIN A FLEET, OPERATING IN A COMPLEX, DYNAMIC ENVIRONMENT

US 20080091630A1
Filed: 05/31/2007
Published: 04/17/2008
Est. Priority Date: 05/31/2006
Status: Active Grant

First Claim

Patent Images

1. A method to monitor dynamic units that operate in complex, dynamic environments comprising:

collecting raw data to capture state information of the units;

analyzing the raw data to identify anomalies;

identifying abnormalities and regions of normal operations associated with units; and

detecting/identifying units'"'"' epidemics.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Monitoring dynamic units that operate in complex, dynamic environments, is provided in order to classify and track unit behavior over time. When domain knowledge is available, feature-based models may be used to capture the essential state information of the units. When domain knowledge is not available, raw data is relied upon to perform this task. By analyzing logs of event messages (without having access to their data dictionary), embodiments allow the identification of anomalies (novelties). Specifically, a Normalized Compression Distance (such as one based on Kolmogorov Complexity) may be applied to logs of event messages. By analyzing the similarity and differences of the event message logs, units are identified that did not experience any abnormality (and locate regions of normal operations) and units that departed from such regions. Of particular interest is the detection and identification of units'"'"' epidemics, which is defined as sustained/increasing numbers of anomalies over time.

31 Citations

View as Search Results

22 Claims

1. A method to monitor dynamic units that operate in complex, dynamic environments comprising:
- collecting raw data to capture state information of the units;
  
  analyzing the raw data to identify anomalies;
  
  identifying abnormalities and regions of normal operations associated with units; and
  
  detecting/identifying units'"'"' epidemics.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the raw data comprises event message logs.
  - 3. The method of claim 1, wherein analyzing the raw data to identify anomalies comprises determining a Normalized Compression Distance to determine similarity and differences of the raw data.
  - 4. The method of claim 3, wherein the Normalized Compression Distance is computed using Kolmogorov Complexity.
  - 5. The method of claim 1, wherein an epidemic comprises sustained/increasing numbers of anomalies over time.
  - 6. The method of claim 1, wherein the raw data comprises FADEC messages associated with a fleet of aircraft.
  - 7. The method of claim 1, wherein the units comprise CT scanners.
  - 8. The method of claim 1, further comprising:
    - capturing state information of the units when domain knowledge is available with a feature-based models; and
      
      analyzing the state information to identify anomalies.
  - 9. The method of claim 8, wherein identifying abnormalities and regions of normal operations associated with units comprises combining:
    - featureless similarity based anomaly detection;
      
      feature-based similarity based anomaly detection; and
      
      statistical parametric analysis.

10. A method to monitor dynamic units that operate in complex, dynamic environments comprising:
- capturing state information of the units when domain knowledge is available with a feature-based models; and
  
  performing feature-based similarity based anomaly detection on the state information to identify anomalies;
  
  collecting raw data to capture state information of the units;
  
  performing featureless similarity based anomaly detection on the raw data to identify anomalies;
  
  collecting statistical parametric data associated with the units;
  
  performing statistical parametric based anomaly detection on the statistical parametric data to identify anomalies;
  
  identifying abnormalities and regions of normal operations associated with units comprises combining;
  
  featureless similarity based anomaly detection;
  
  feature-based similarity based anomaly detection; and
  
  statistical parametric analysis; and
  
  detecting/identifying units'"'"' epidemics.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10, wherein the raw data comprises event message logs.
  - 12. The method of claim 10, wherein analyzing the raw data to identify anomalies comprises determining a Normalized Compression Distance to determine similarity and differences of the raw data.
  - 13. The method of claim 12, wherein the Normalized Compression Distance is computed using Kolmogorov Complexity.
  - 14. The method of claim 10, wherein an epidemic comprises sustained/increasing numbers of anomalies over time.
  - 15. The method of claim 10, wherein the raw data comprises FADEC messages associated with a fleet of aircraft.
  - 16. The method of claim 10, wherein the units comprise CT scanners.

17. A method to monitor dynamic units of a fleet that operates in complex, dynamic environments comprising:
- capturing state information of the units when domain knowledge is available with a feature-based models; and
  
  performing feature-based similarity based anomaly detection on the state information to identify anomalies;
  
  collecting event message logs to capture state information of the units;
  
  performing featureless similarity based anomaly detection on the event message logs to identify anomalies;
  
  collecting statistical parametric data associated with the units;
  
  performing statistical parametric based anomaly detection on the statistical parametric data to identify anomalies;
  
  identifying abnormalities and regions of normal operations associated with units comprises combining;
  
  featureless similarity based anomaly detection;
  
  feature-based similarity based anomaly detection; and
  
  statistical parametric analysis; and
  
  detecting/identifying units'"'"' epidemics.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The method of claim 17, wherein analyzing the event message logs to identify anomalies comprises determining a Normalized Compression Distance to determine similarity and differences of the raw data.
  - 19. The method of claim 18, wherein the Normalized Compression Distance is computed using Kolmogorov Complexity.
  - 20. The method of claim 17, wherein an epidemic comprises sustained/increasing numbers of anomalies over time.
  - 21. The method of claim 17, wherein the raw data comprises FADEC messages associated with a fleet of aircraft.
  - 22. The method of claim 17, wherein the units comprise CT scanners.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lockheed Martin Corporation (Martin Marietta Corporation)
Original Assignee
Lockheed Martin Corporation (Martin Marietta Corporation)
Inventors
Bonissone, Piero, Yan, Weizhong, Goebel, Kai, Varma, Anil, Iyer, Naresh

Granted Patent

US 7,937,334 B2
Time in Patent Office

Days
Field of Search
US Class Current

706/45
CPC Class Codes

G05B 23/024   Quantitative history assess...

G06F 18/2433   Single-class perspective, e...

G06N 20/00   Machine learning

SYSTEM AND METHOD FOR DEFINING NORMAL OPERATING REGIONS AND IDENTIFYING ANOMALOUS BEHAVIOR OF UNITS WITHIN A FLEET, OPERATING IN A COMPLEX, DYNAMIC ENVIRONMENT

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR DEFINING NORMAL OPERATING REGIONS AND IDENTIFYING ANOMALOUS BEHAVIOR OF UNITS WITHIN A FLEET, OPERATING IN A COMPLEX, DYNAMIC ENVIRONMENT

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links