Compliance monitoring for anomaly detection

US 6,983,266 B1
Filed: 04/07/2000
Issued: 01/03/2006
Est. Priority Date: 04/07/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method of supporting a compliance agent in compliance monitoring for anomaly detection (CMAD), the method including the steps of:

receiving information relating to a suspected non-compliant event (SNCE) generated by a primary monitoring system;

selecting first heuristic cues corresponding to a set of premises from a knowledge base, said set of premises being grouped together as of possible relevance to the SNCE;

obtaining a response from the agent to each of the first heuristic cues in a Boolean response form;

selecting second heuristic cues from said knowledge base based on said Boolean responses;

obtaining responses from the agent to each of the second heuristic cues in a linguistic variable form;

combining said linguistic variables with respective relevance measures for each of said second heuristic cues to produce respective weighted intermediate propositions, said intermediate propositions providing supporting evidence; and

combining said weighted intermediate propositions to produce final propositions repudiating or confirming the SNCE, which together with said supporting evidence enables the agent to make a decision regarding the SNCE more efficiently.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for supporting a compliance agent in compliance monitoring for anomaly detection (CMAD) involves a primary monitoring system comparing some predetermined conditions of acceptance with the actual data or event. If any variance is detected (an anomaly) by the primary monitoring system, an exception report or alert is produced, identifying the variance. In a simple environment, this identification of the variance fulfils the evidence conditions and determines an instance of non-compliance. However, in a more complex environment, it may only be an indicator of a suspect non-compliant event (SNCE). In the latter case, the compliance agent uses the results of the initial monitoring as well as important information related to the event and requiring judgmental expertise to obtain further evidence of non-compliance. Compliance gents develop propositions or believes, based on their assumption. For each proposition node in the system, the assumption based truth maintenance system maintains a list of minimum sets of assumptions (Boolean cues), which are relevant to the SNCE type. At the macro level, the construct uses the trivalent belief-disbelief-unknown. However, this is refined by applying a measure of importance to individual pieces or empirical evidence.

87 Citations

View as Search Results

18 Claims

1. A method of supporting a compliance agent in compliance monitoring for anomaly detection (CMAD), the method including the steps of:
- receiving information relating to a suspected non-compliant event (SNCE) generated by a primary monitoring system;
  
  selecting first heuristic cues corresponding to a set of premises from a knowledge base, said set of premises being grouped together as of possible relevance to the SNCE;
  
  obtaining a response from the agent to each of the first heuristic cues in a Boolean response form;
  
  selecting second heuristic cues from said knowledge base based on said Boolean responses;
  
  obtaining responses from the agent to each of the second heuristic cues in a linguistic variable form;
  
  combining said linguistic variables with respective relevance measures for each of said second heuristic cues to produce respective weighted intermediate propositions, said intermediate propositions providing supporting evidence; and
  
  combining said weighted intermediate propositions to produce final propositions repudiating or confirming the SNCE, which together with said supporting evidence enables the agent to make a decision regarding the SNCE more efficiently.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A method of supporting a compliance agent in CMAD as defined in claim 1, wherein said responses to each of the second heuristic cues are in the form of fuzzy linguistic variables.
  - 3. A method of supporting a compliance agent in CMAD as defined in claim 2, wherein said linguistic variables reflect the degree of importance of an assumption and range from extremely important to not important.
  - 4. A method of supporting a compliance agent in CMAD as defined in claim 3, wherein said linguistic variables include extremely important, very important, important, slightly important, and not important.
  - 5. A method of supporting a compliance agent in CMAD as defined in claim 1, wherein said knowledge base comprises rules and facts reflecting a level of domain knowledge appropriate to the compliance agent;
    - a premise set, consisting of facts and empirical information reflected by the responses to Boolean cues appropriate to the type of SNCE under consideration;
      
      default assumptions in the form of said relevance measures; and
      
      , the compliance agents own assumptions.
  - 6. A method of supporting a compliance agent in CMAD as defined in claim 5, wherein said relevance measures (RMs) are elicited from a compliance agent as part of the initial knowledge acquisition during construction of the knowledge base, and wherein an RM of 1 indicates maximum relevance and an RM of 0 indicates minimum relevance.
  - 7. A method of supporting a compliance agent in CMAD as defined in claim 5, wherein the method is capable of supporting multiple compliance agents, said multiple agents together forming a team in which the agents are organised sequentially and hierarchically, with each successive agent having greater domain knowledge and experience.
  - 8. A method of supporting a compliance agent in CMAD as defined in claim 7, the method further comprising providing each compliance agent with access to a common central database via a graphic user interface (GUI) for human agents, or an appropriate communication protocol for machine based agents.
  - 9. A method of supporting a compliance agent in CMAD as defined in claim 1, wherein on a heuristic level, which is hierarchically organised, knowledge representation takes the form of frames which contain structural knowledge slots, prototypical knowledge slots and control knowledge slots.
  - 10. A method of supporting a compliance agent in CMAD as defined in claim 9, wherein each slot in the frame has the following form:
    - <
      
      linguistic_—value V_ij, possibility_—value i_ij>and is associated in each slot with an assumption i, wherein if assumption i takes the (linguistic) value V_ijit is compatible with a hypothesis H (an intermediate proposition) with possibility i_ij.
  - 11. A method of supporting a compliance agent in CMAD as defined in claim 8, wherein on a causal level knowledge representation is represented by five types of nodes:
    - (i) Hypothesis nodes, which correspond to the SNCE hypotheses under consideration, and are connected to the frames that represent the same hypotheses at the heuristic level;
      
      (ii) State nodes which correspond to the states of the system process, such as an inference process, that determines the state of the hypothesis being considered;
      
      (iii) Action nodes, which determine the transformation from one state to another, such as the transformation of a linguistic variable to form an atomic corrected evidence value, based on the RMs associated with instantiated frames;
      
      (iv) Initial causes nodes, which represent possible original causes of the instantiation of the diagnostic hypotheses under consideration; and
      
      (v) Findings nodes, which represent the observable conditions or data in the system and reflect the results of the action nodes.
  - 12. A method of supporting a compliance agent in CMAD as defined in claim 11, wherein the causal reasoning is manifest as a form of casual nets formed according to the following steps:
    - when an hypothesis node is instantiated via an initial cause, associated hypotheses are placed on the agenda (representing states) and corresponding frames are activated;
      
      once the initial cause hypotheses is confirmed the states are instantiated which confirms the presence or absence of the states manifestation;
      
      if such a manifestation is found the causal path which has been considered to instantiate the state is confirmed, if not, other paths are considered; and
      
      as a consequence of the frames, which are associated with the hypothesis nodes, the linguistic variables (observed data) are transformed into findings using the action nodes that are on the confirmed causal path.
  - 13. A method of supporting a compliance agent in CMAD as defined in claim 12, wherein the findings are also used as threshold levels, which may be used to confirm or alter the causal path.
  - 14. A method of supporting a compliance agent in CMAD as defined in claim 13, wherein as the knowledge representation is constructed using classes and objects in an hierarchical organisation, the observable conditions as well as the frames at the heuristic level are shared between the heuristic and causal levels.

15. A system for supporting a compliance agent in compliance monitoring for anomaly detection, the system comprising:
- a relational database for receiving and storing information relating to a suspected non-compliant event (SNCE) generated by a primary monitoring system;
  
  a knowledge and search processing system accessible to the compliance agent for receiving and storing information relating to a suspected non-compliant event (SNCE) generated by a primary monitoring system, and for selecting first heuristic cues corresponding to a set of premises from a knowledge base, said set of premises being grouped together as of possible relevance to the SNCE; and
  
  a graphic user interface (GUI) for human agents, or appropriate communication protocol for machine based agents, to enable the agent to respond to each of the first heuristic cues using Boolean responses;
  
  whereinsaid knowledge and search processing system is also adapted to select second heuristic cues from said knowledge base based on said Boolean responses, and said GUI for human agents, or appropriate communication protocol for machine based agents, is adapted to enable the agent to respond to each of the second heuristic cues using linguistic variables, whereinsaid knowledge and search processing system is adapted to combine said fuzzy linguistic variables with respective relevance measures for each of said second heuristic cues to produce respective weighted intermediate propositions, said intermediate propositions providing supporting evidence, and to combine said weighted intermediate propositions to produce final propositions repudiating or confirming the SNCE, which together with said supporting evidence enables the agent to make a decision regarding the SNCE more efficiently.
- View Dependent Claims (16, 17, 18)
- - 16. A system for supporting a compliance agent in CMAD as defined in claim 15, further comprising a central repository in the form of a dynamic reference database to facilitate communication and review of the compliance agents'"'"' decision making process, in a multi-agent CMAD decision support system.
  - 17. A system for supporting a compliance agent in CMAD as defined in claim 16, wherein said communication and review process is for the purpose of assumption based truth maintenance and involves communication of the compliance agent'"'"'s belief structure, supporting both the intermediate and final propositions of a SNCE, from a compliance agent at node N_ito each node N_j&
    - k in a team hierarchy.
  - 18. A system for supporting a compliance agent in CMAD as defined in claim 17, wherein each compliance agent has access to a knowledge and search processing system appropriate to the agent'"'"'s level of expertise in the team hierarchy, each knowledge and search processing system containing the knowledge of the lower level expert systems plus (if required) the knowledge specific to that level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alert-Km Pty Limited
Original Assignee
Alert-Km Pty Limited
Inventors
Goldschmidt, Peter Solly
Primary Examiner(s)
DAVIS, GEORGE B

Application Number

US09/958,513
Time in Patent Office

2,097 Days
Field of Search

706/52, 706/46
US Class Current

706/52
CPC Class Codes

G06N 5/043 Distributed expert systems;...

Compliance monitoring for anomaly detection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

87 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Compliance monitoring for anomaly detection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

87 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links