CONTINUOUS ANOMALY DETECTION BASED ON BEHAVIOR MODELING AND HETEROGENEOUS INFORMATION ANALYSIS
First Claim
1. A method of continuous anomaly detection based on behavioral modeling and heterogeneous information analysis, the method comprising:
- collecting data;
processing and categorizing a plurality of events from the data;
continuously clustering the plurality of events;
continuously model building for behavior and information analysis;
analyzing behavior and information based on a holistic model;
detecting anomalies in the data;
displaying an animated and interactive visualization of a behavioral model; and
displaying an animated and interactive visualization of the detected anomalies.
4 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure describes a continuous anomaly detection method and system based on multi-dimensional behavior modeling and heterogeneous information analysis. A method includes collecting data, processing and categorizing a plurality of events, continuously clustering the plurality of events, continuously model building for behavior and information analysis, analyzing behavior and information based on a holistic model, detecting anomalies in the data, displaying an animated and interactive visualization of a behavioral model, and displaying an animated and interactive visualization of the detected anomalies.
1289 Citations
63 Claims
-
1. A method of continuous anomaly detection based on behavioral modeling and heterogeneous information analysis, the method comprising:
-
collecting data; processing and categorizing a plurality of events from the data; continuously clustering the plurality of events; continuously model building for behavior and information analysis; analyzing behavior and information based on a holistic model; detecting anomalies in the data; displaying an animated and interactive visualization of a behavioral model; and displaying an animated and interactive visualization of the detected anomalies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 13, 15, 16, 19, 21, 22, 23)
-
-
11. (canceled)
-
14. (canceled)
-
17. (canceled)
-
18. (canceled)
-
20. (canceled)
-
24. (canceled)
-
25. (canceled)
-
26. (canceled)
-
27. (canceled)
-
28. (canceled)
-
29. (canceled)
-
30. (canceled)
-
31. (canceled)
-
32. (canceled)
-
33. (canceled)
-
34. (canceled)
-
35. (canceled)
-
36. (canceled)
-
37. (canceled)
-
38. (canceled)
-
39. (canceled)
-
40. (canceled)
-
41. (canceled)
-
42. (canceled)
-
43. (canceled)
-
44. (canceled)
-
45. A method for detecting textblock patterns, the method comprising:
-
iterating over a universe of items; tokenizing text of each item; forming n-grams from a stream of tokens; sliding a window of size k over successive n-grams; producing a directed weighted graph of transitions between the n-grams co-occurring in the sliding window, such that the graph of transitions is accumulated over all items in the universe of items; calculating a local clusterability of each vertex in the graph of transitions; using the calculated local clusterability of each vertex to determine whether to keep or discard the vertex in question; detecting and labeling connected components amongst the kept vertices; and identifying the connected components with textblock patterns.
-
-
46. (canceled)
-
47. (canceled)
-
48. (canceled)
-
49. A method for finding textblock hits within an item, comprising:
-
tokenizing text of the item to form tokens; forming n-grams from the tokens; running a sliding window of size k over the n-grams; looking up transitions between n-grams co-occurring in the window in the graph of textblock patterns; and examining close runs of transitions to determine if the close runs of transitions constitute textblock hits based on recall and precision calculations.
-
-
50. (canceled)
-
51. (canceled)
-
52. (canceled)
-
53. (canceled)
-
54. (canceled)
-
55. (canceled)
-
56. (canceled)
-
57. (canceled)
-
58. (canceled)
-
59. (canceled)
-
60. (canceled)
-
61. (canceled)
-
62. (canceled)
-
63. (canceled)
Specification