System and method of anomaly detection

US 8,941,484 B2
Filed: 03/13/2013
Issued: 01/27/2015
Est. Priority Date: 03/13/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

detecting a plurality of events within a security system;

evaluating the events using one of a first expression defined by Σ

_rε

Qconf(f(r)−

mrg(r)), a second expression defined by ∫

_rε

R|f(r)−

mrg(r)|dr and a third expression defined by ∫

_rε

Rconf(f(r)−

mrg(r))dr, where r is a size of a neighborhood around a data point, f(r) is a Local Correlation Integral (LOCI) of r, mrg(r) is a margin of r, R is a predetermined set of intervals of neighborhood sizes, Q is a predetermined discrete set of neighborhood sizes and conf(d) is a non-linear confidence function being 0 for near distance to the data point and quickly approaching 1 for larger distances;

comparing a value of the evaluated expression with a threshold value; and

setting an alarm upon detecting that the value exceeds the threshold value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus wherein the method includes detecting a plurality of events within a security system, evaluating the events using one of a first expression defined by Σ_rεQconf(f(r)−mrg(r)), a second expression defined by ∫_rεR|f(r)−mrg(r)|dr and a third expression defined by ∫_rεRconf(f(r)−mrg(r))dr, where r is a size of a neighborhood around a data point, f(r) is a Local Correlation Integral (LOCI) of r, mrg(r) is a margin of r, R is a predetermined set of intervals of neighborhood sizes, Q is a predetermined discrete set of neighborhood sizes and conf(d) is a non-linear confidence function being 0 for near distance to the data point and quickly approaching 1 for larger distances, comparing a value of the evaluated expression with a threshold value and setting an alarm upon detecting that the value exceeds the threshold value.

Citations

19 Claims

1. A method comprising:
- detecting a plurality of events within a security system;
  
  evaluating the events using one of a first expression defined by Σ
  
  _rε
  
  Qconf(f(r)−
  
  mrg(r)), a second expression defined by ∫
  
  _rε
  
  R|f(r)−
  
  mrg(r)|dr and a third expression defined by ∫
  
  _rε
  
  Rconf(f(r)−
  
  mrg(r))dr, where r is a size of a neighborhood around a data point, f(r) is a Local Correlation Integral (LOCI) of r, mrg(r) is a margin of r, R is a predetermined set of intervals of neighborhood sizes, Q is a predetermined discrete set of neighborhood sizes and conf(d) is a non-linear confidence function being 0 for near distance to the data point and quickly approaching 1 for larger distances;
  
  comparing a value of the evaluated expression with a threshold value; and
  
  setting an alarm upon detecting that the value exceeds the threshold value.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as in claim 1 wherein the detected events further comprise physical entry by a plurality of person through a plurality of portals, each portal having an electric lock that controls physical entry by the plurality of persons into a secured area of the security system.
  - 3. The method as in claim 2 further comprising a time of entry through one of the plurality of portals.
  - 4. The method as in claim 1 further comprising a time of entry of an authorized user into the secured area.
  - 5. The method as in claim 1 wherein the detected events further comprise activation of a plurality of security sensors within a secured area of the security system.
  - 6. The method as in claim 5 wherein the detected events further comprise a time between activation of each of the plurality of sensors of the security system.
  - 7. The method as in claim 5 wherein the detected events further comprise detection of motion within the secured area.

8. An apparatus comprising:
- an event processor that detects a plurality of events within a security system;
  
  an evaluation processor that evaluates the events using one of a first expression defined by Σ
  
  _rε
  
  Qconf(f(r)−
  
  mrg(r)), a second expression defined by ∫
  
  _rε
  
  R|f(r)−
  
  mrg(r)|dr and a third expression defined by ∫
  
  _rε
  
  Rconf(f(r)−
  
  mrg(r))dr, where r is a size of a neighborhood around a data point, f(r) is a Local Correlation Integral (LOCI) of r, mrg(r) is a margin of r, R is a predetermined set of intervals of neighborhood sizes, Q is a predetermined discrete set of neighborhood sizes and conf(d) is a non-linear confidence function being 0 for near distance to the data point and quickly approaching 1 for larger distances;
  
  a comparison processor that compares a value of the evaluated expression with a threshold value; and
  
  an alarm processor that sets an alarm upon detecting that the value exceeds the threshold value.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus as in claim 8 wherein the detected events further comprise physical entry by a plurality of person through a plurality of portals, each portal having an electric lock that controls physical entry by the plurality of persons into a secured area of the security system.
  - 10. The apparatus as in claim 9 wherein the detected events further comprise a time of entry through one of the plurality of portals.
  - 11. The apparatus as in claim 8 further comprising a time of entry of an authorized user into the secured area.
  - 12. The apparatus as in claim 8 wherein the detected events further comprise activation of a plurality of security sensors within a secured area of the security system.
  - 13. The apparatus as in claim 12 wherein the detected events further comprise a time between activation of each of the plurality of sensors of the security system.
  - 14. The apparatus as in claim 12 wherein the detected events further comprise detection of motion within the secured area.

15. An apparatus comprising:
- a security system that protects a secured area having a plurality of zones;
  
  a processor that detects a plurality of events within the security system including at least entry into at some of the plurality of zones;
  
  a processor that evaluates the events using one of a first expression defined by Σ
  
  _rε
  
  Qconf(f(r)−
  
  mrg(r)), a second expression defined b ∫
  
  _rε
  
  R|f(r)−
  
  mrg(r)|dr and a third expression defined by ∫
  
  _rε
  
  Rconf(f(r)−
  
  mrg(r))dr, where r is a size of a neighborhood around a data point, f(r) is a Local Correlation Integral (LOCI) of r, mrg(r) is a margin of r, R is a predetermined set of intervals of neighborhood sizes, Q is a predetermined discrete set of neighborhood sizes and conf(d) is a non-linear confidence function being 0 for near distance to the data point and quickly approaching 1 for larger distances;
  
  a processor that compares a value of the evaluated expression with a threshold value; and
  
  a processor that sets an alarm upon detecting that the value exceeds the threshold value.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The apparatus as in claim 15 wherein the detected events further comprise physical entry by a plurality of person through a plurality of portals, each portal having an electric lock that controls physical entry by the plurality of persons into a secured area of the security system.
  - 17. The apparatus as in claim 16 wherein the detected events further comprise a time of entry through one of the plurality of portals.
  - 18. The apparatus as in claim 15 further comprising a processor that compares values from at least two of the expressions with a respective threshold value and sets an alarm upon detecting that they both exceed the respective threshold.
  - 19. The apparatus as in claim 15 further comprising a processor that compares values from all three of the expressions with a respective threshold value and sets an alarm upon detecting that they all exceed the respective threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
Vacha, Pavel, Guralnik, Valerie, Libal, Vit
Primary Examiner(s)
Wu, Daniel
Assistant Examiner(s)
Terrell, Emily C

Application Number

US13/800,443
Publication Number

US 20140266683A1
Time in Patent Office

685 Days
Field of Search

340/521, 340/528, 340/517
US Class Current

340/521
CPC Class Codes

G08B 25/008   Alarm setting and unsetting...

G08B 29/188   Data fusion; cooperative sy...

G08B 31/00   Predictive alarm systems ch...

System and method of anomaly detection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of anomaly detection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links