SNA-BASED ANOMALY DETECTION
First Claim
Patent Images
1. A method comprising:
- receiving a data set of social network interactions and communications data of multiple participants;
configuring metrics and tolerances, wherein the tolerances enable dynamic learning of what is within a range of normal over a period of time;
converting the data set to a graphical representation containing a node for each participant among the multiple participants;
computing social network analysis (SNA) metrics values for each node within the graphical representation;
determining, via use of a plurality of SNA metrics, when the metric value computed for a particular data point within the data set falls outside of a dynamically determined normal range bounded by the tolerances, wherein said determining automatically identifies abnormal events in a provided communication pattern, without requiring an input of a priori models for normal or abnormal behavior, wherein complex aspects of communication patterns identified within the data set are converted into a variety of simple numerical measures and wherein graphical structures are converted into numerical values utilizing SNA metrics; and
tagging the particular data point whose behavior falls outside the dynamically determined normal range as an anomaly.
4 Assignments
0 Petitions
Accused Products
Abstract
A method, system, and computer program product for enabling dynamic detection of anomalies occurring within an input graph representing a social network. More specifically, the invention provides an automated computer simulation technique that implements the combination of Social Network Analysis (SNA) and statistical pattern classification for detecting abnormal social patterns or events through the expanded use of SNA Metrics. The simulation technique further updates the result sets generated, based on observed occurrences, to dynamically determine what constitutes abnormal behavior, within the overall context of observed patterns of behavior.
128 Citations
32 Claims
-
1. A method comprising:
-
receiving a data set of social network interactions and communications data of multiple participants; configuring metrics and tolerances, wherein the tolerances enable dynamic learning of what is within a range of normal over a period of time; converting the data set to a graphical representation containing a node for each participant among the multiple participants; computing social network analysis (SNA) metrics values for each node within the graphical representation; determining, via use of a plurality of SNA metrics, when the metric value computed for a particular data point within the data set falls outside of a dynamically determined normal range bounded by the tolerances, wherein said determining automatically identifies abnormal events in a provided communication pattern, without requiring an input of a priori models for normal or abnormal behavior, wherein complex aspects of communication patterns identified within the data set are converted into a variety of simple numerical measures and wherein graphical structures are converted into numerical values utilizing SNA metrics; and tagging the particular data point whose behavior falls outside the dynamically determined normal range as an anomaly. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer program product comprising:
-
a computer readable medium; and program code on the computer readable medium that when executed by a processor provides the functions of; receiving a data set of social network interactions and communications data of multiple participants; configuring metrics and tolerances, wherein the tolerances enable dynamic learning of what is within a range of normal over a period of time; converting the data set to a graphical representation containing a node for each participant among the multiple participants; computing SNA metrics values for each node within the graphical representation; determining, via use of a plurality of SNA metrics, when the metric value computed for a particular data point within the data set falls outside of a dynamically determined normal range bounded by the tolerances, wherein said determining automatically identifies abnormal events in a provided communication pattern, without requiring an input of a priori models for normal or abnormal behavior, wherein complex aspects of communication patterns identified within the data set are converted into a variety of simple numerical measures and wherein graphical structures are converted into numerical values utilizing SNA metrics; and tagging the particular data point whose behavior falls outside the dynamically determined normal range as an anomaly. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computing device comprising:
-
a processor; a memory coupled to the processor; at least one input/output (I/O) component for receiving social network data and user inputs; and an SNA_AD (social network analysis_anomaly detection) utility comprising program code executing on the processor that performs the functions of; receiving a data set of social network interactions and communications data of multiple participants; configuring metrics and tolerances, wherein the tolerances enable dynamic learning of what is within a range of normal over a period of time; converting the data set to a graphical representation containing a node for each participant among the multiple participants; computing metrics values for each node within the graphical representation; determining, via use of a plurality of SNA metrics, when the metric value computed for a particular data point within the data set falls outside of a dynamically determined normal range bounded by the tolerances, wherein said determining automatically identifies abnormal events in a provided communication pattern, without requiring an input of a priori models for normal or abnormal behavior, wherein complex aspects of communication patterns identified within the data set are converted into a variety of simple numerical measures and wherein graphical structures are converted into numerical values utilizing SNA metrics; and tagging the particular data whose behaviour falls outside the normal range as an anomaly. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32)
-
Specification