Anomaly detection in chain-of-custody information
First Claim
Patent Images
1. A method comprising:
- receiving, at a processor of an audit system, first vehicle log data related to modification of a first software part at a first vehicle;
receiving, at the processor, first ground log data of a first ground system, the first ground log data indicating first chain-of-custody information regarding the first software part;
analyzing, at the processor, the first vehicle log data and the first ground log data based on baseline data to detect an anomaly, wherein the baseline data includes baseline log data that corresponds to a modification of a second software part without any detected anomalies, wherein the anomaly indicates at least one of a gap between the first chain-of-custody information and second chain-of-custody information received from a second ground system, that the first software part was received out-of-order by the first ground system, or that the first software part was forwarded out-of-order by the first ground system, and wherein said analyzing further comprises;
synchronizing the first vehicle log data and the first ground log data based on a common event that is included within each of the first vehicle log data and the first ground log data, a first timestamp of the first vehicle log data, and a second timestamp of the first ground log data to generate synchronized first vehicle log data and synchronized first ground log data, wherein the first timestamp and the second timestamp are associated with the common event,performing a comparison of the synchronized first vehicle log data and the synchronized first ground log data, andgenerating a first dataset based on the comparison; and
sending, from the processor, a notification in response to detecting the anomaly.
1 Assignment
0 Petitions
Accused Products
Abstract
A method includes receiving first vehicle log data related to modification of a first software part at a first vehicle. The method also includes receiving first ground log data of a first ground system. The first ground log data indicates first chain-of-custody information regarding the first software part. The method further includes analyzing the first vehicle log data and the first ground log data based on baseline data to detect an anomaly. The method also includes sending a notification in response to detecting the anomaly.
-
Citations
19 Claims
-
1. A method comprising:
-
receiving, at a processor of an audit system, first vehicle log data related to modification of a first software part at a first vehicle; receiving, at the processor, first ground log data of a first ground system, the first ground log data indicating first chain-of-custody information regarding the first software part; analyzing, at the processor, the first vehicle log data and the first ground log data based on baseline data to detect an anomaly, wherein the baseline data includes baseline log data that corresponds to a modification of a second software part without any detected anomalies, wherein the anomaly indicates at least one of a gap between the first chain-of-custody information and second chain-of-custody information received from a second ground system, that the first software part was received out-of-order by the first ground system, or that the first software part was forwarded out-of-order by the first ground system, and wherein said analyzing further comprises; synchronizing the first vehicle log data and the first ground log data based on a common event that is included within each of the first vehicle log data and the first ground log data, a first timestamp of the first vehicle log data, and a second timestamp of the first ground log data to generate synchronized first vehicle log data and synchronized first ground log data, wherein the first timestamp and the second timestamp are associated with the common event, performing a comparison of the synchronized first vehicle log data and the synchronized first ground log data, and generating a first dataset based on the comparison; and sending, from the processor, a notification in response to detecting the anomaly. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system comprising:
-
a processor; and a memory storing instructions that, when executed by the processor, cause the processor to perform operations comprising; receiving first vehicle log data related to modification of a first software part at a first vehicle; receiving first ground log data of a first ground system, the first ground log data indicating first chain-of-custody information regarding the first software part; analyzing the first vehicle log data and the first ground log data based on baseline data to detect an anomaly, wherein the baseline data includes baseline log data that corresponds to a modification of a second software part without any detected anomalies, wherein the anomaly indicates at least one of a gap between the first chain-of-custody information and second chain-of-custody information received from a second ground system, that the first software part was received out-of-order by the first ground system, or that the first software part was forwarded out-of-order by the first ground system, and wherein said analyzing further comprises; synchronizing the first vehicle log data and the first ground log data based on a common event that is included within each of the first vehicle log data and the first ground log data, a first timestamp of the first vehicle log data, and a second timestamp of the first ground log data to generate synchronized first vehicle log data and synchronized first ground log data, wherein the first timestamp and the second timestamp are associated with the common event, performing a comparison of the synchronized first vehicle log data and the synchronized first ground log data, and generating a first dataset based on the comparison; and sending a notification in response to detecting the anomaly. - View Dependent Claims (15, 16, 17)
-
-
18. A non-transitory computer-readable storage device storing instructions that, when executed by a processor, cause the processor to perform operations comprising:
-
receiving first vehicle log data related to modification of a first software part at a first vehicle; receiving first ground log data of a first ground system, the first ground log data indicating first chain-of-custody information regarding the first software part; analyzing the first vehicle log data and the first ground log data based on baseline data to detect an anomaly, wherein the baseline data includes baseline log data that corresponds to a modification of a second software part without any detected anomalies, wherein the anomaly indicates at least one of a gap between the first chain-of-custody information and second chain-of-custody information received from a second ground system, that the first software part was received out-of-order by the first ground system, or that the first software part was forwarded out-of-order by the first ground system, and wherein said analyzing further comprises; synchronizing the first vehicle log data and the first ground log data based on a common event that is included within each of the first vehicle log data and the first ground log data, a first timestamp of the first vehicle log data, and a second timestamp of the first ground log data to generate synchronized first vehicle log data and synchronized first ground log data, wherein the first timestamp and the second timestamp are associated with the common event, performing a comparison of the synchronized first vehicle log data and the synchronized first ground log data, and generating a first dataset based on the comparison; and sending a notification in response to detecting the anomaly. - View Dependent Claims (19)
-
Specification