System and method of anomaly detection
First Claim
1. A method comprising:
- detecting a plurality of events within a security system;
evaluating the events using one of a first expression defined by Σ
rε
Qconf(f(r)−
mrg(r)), a second expression defined by ∫
rε
R|f(r)−
mrg(r)|dr and a third expression defined by ∫
rε
Rconf(f(r)−
mrg(r))dr, where r is a size of a neighborhood around a data point, f(r) is a Local Correlation Integral (LOCI) of r, mrg(r) is a margin of r, R is a predetermined set of intervals of neighborhood sizes, Q is a predetermined discrete set of neighborhood sizes and conf(d) is a non-linear confidence function being 0 for near distance to the data point and quickly approaching 1 for larger distances;
comparing a value of the evaluated expression with a threshold value; and
setting an alarm upon detecting that the value exceeds the threshold value.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus wherein the method includes detecting a plurality of events within a security system, evaluating the events using one of a first expression defined by ΣrεQconf(f(r)−mrg(r)), a second expression defined by ∫rεR|f(r)−mrg(r)|dr and a third expression defined by ∫rεRconf(f(r)−mrg(r))dr, where r is a size of a neighborhood around a data point, f(r) is a Local Correlation Integral (LOCI) of r, mrg(r) is a margin of r, R is a predetermined set of intervals of neighborhood sizes, Q is a predetermined discrete set of neighborhood sizes and conf(d) is a non-linear confidence function being 0 for near distance to the data point and quickly approaching 1 for larger distances, comparing a value of the evaluated expression with a threshold value and setting an alarm upon detecting that the value exceeds the threshold value.
-
Citations
19 Claims
-
1. A method comprising:
-
detecting a plurality of events within a security system; evaluating the events using one of a first expression defined by Σ
rε
Qconf(f(r)−
mrg(r)), a second expression defined by ∫
rε
R|f(r)−
mrg(r)|dr and a third expression defined by ∫
rε
Rconf(f(r)−
mrg(r))dr, where r is a size of a neighborhood around a data point, f(r) is a Local Correlation Integral (LOCI) of r, mrg(r) is a margin of r, R is a predetermined set of intervals of neighborhood sizes, Q is a predetermined discrete set of neighborhood sizes and conf(d) is a non-linear confidence function being 0 for near distance to the data point and quickly approaching 1 for larger distances;comparing a value of the evaluated expression with a threshold value; and setting an alarm upon detecting that the value exceeds the threshold value. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus comprising:
-
an event processor that detects a plurality of events within a security system; an evaluation processor that evaluates the events using one of a first expression defined by Σ
rε
Qconf(f(r)−
mrg(r)), a second expression defined by ∫
rε
R|f(r)−
mrg(r)|dr and a third expression defined by ∫
rε
Rconf(f(r)−
mrg(r))dr, where r is a size of a neighborhood around a data point, f(r) is a Local Correlation Integral (LOCI) of r, mrg(r) is a margin of r, R is a predetermined set of intervals of neighborhood sizes, Q is a predetermined discrete set of neighborhood sizes and conf(d) is a non-linear confidence function being 0 for near distance to the data point and quickly approaching 1 for larger distances;a comparison processor that compares a value of the evaluated expression with a threshold value; and an alarm processor that sets an alarm upon detecting that the value exceeds the threshold value. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus comprising:
-
a security system that protects a secured area having a plurality of zones; a processor that detects a plurality of events within the security system including at least entry into at some of the plurality of zones; a processor that evaluates the events using one of a first expression defined by Σ
rε
Qconf(f(r)−
mrg(r)), a second expression defined b ∫
rε
R|f(r)−
mrg(r)|dr and a third expression defined by ∫
rε
Rconf(f(r)−
mrg(r))dr, where r is a size of a neighborhood around a data point, f(r) is a Local Correlation Integral (LOCI) of r, mrg(r) is a margin of r, R is a predetermined set of intervals of neighborhood sizes, Q is a predetermined discrete set of neighborhood sizes and conf(d) is a non-linear confidence function being 0 for near distance to the data point and quickly approaching 1 for larger distances;a processor that compares a value of the evaluated expression with a threshold value; and a processor that sets an alarm upon detecting that the value exceeds the threshold value. - View Dependent Claims (16, 17, 18, 19)
-
Specification