Method and apparatus for detection of anomalies in integrated parameter systems
First Claim
Patent Images
1. A system for detecting anomalies in the overall functions and operation of an integrated data network, said integrated data network comprising a plurality of individual components, each of which components produces a regular stream of one or more data points reflecting specific aspects of the function and operation of said component, wherein said streams of data points have varying degrees of interrelationships such that the values of one stream of data points may affect the values of one or more other interrelated data streams, said system for detecting anomalies comprising:
- A processor to perform the steps of;
Constructing a mathematical model to represent the standard operation of said integrated data network over a plurality of standard operating conditions, the construction of said model comprising an analysis of the data streams produced by the components of said integrated data network over a period of time, said analysis further comprising selecting one or more groupings of data streams generated by one or more of said components and quantifying the interdependence of said streams via a multi-dimensional mutual information theory, said analysis being further enhanced by the utilization of locality sensitive hashing to cluster interrelated data streams;
Creating one or more graphical depictions of said integrated data network, each of which graphical depictions representing the standard operation of said integrated data network under a specific set of operating conditions;
Measuring current data being generated by at least one of the components of said integrated data network and mapping said current data onto a distinct graphical depiction of said current data, which distinct graphical depiction is then overlaid onto the graphical depiction of said standard operation of said network under similar operating conditions; and
Detecting anomalies in the operation of said integrated data network by comparing said graphical depictions, said anomalies being those aspects of said current graphical depiction that are not within the operating range of said standard graphical depiction.
2 Assignments
0 Petitions
Accused Products
Abstract
A system, method, and tangible computing apparatus is disclosed for the detection of anomalies in an integrated data network. Said system, method and apparatus comprises the creation and construction of a mathematical model that utilizes multi-dimensional mutual information to detect interactions and interrelationships between pairs of data streams and among pluralities of data streams. Real-time analysis of the operations of an integrated data network is enhanced and expedited via use of locality sensitive hashing that relies on density determinations of clusters of data.
-
Citations
10 Claims
-
1. A system for detecting anomalies in the overall functions and operation of an integrated data network, said integrated data network comprising a plurality of individual components, each of which components produces a regular stream of one or more data points reflecting specific aspects of the function and operation of said component, wherein said streams of data points have varying degrees of interrelationships such that the values of one stream of data points may affect the values of one or more other interrelated data streams, said system for detecting anomalies comprising:
-
A processor to perform the steps of; Constructing a mathematical model to represent the standard operation of said integrated data network over a plurality of standard operating conditions, the construction of said model comprising an analysis of the data streams produced by the components of said integrated data network over a period of time, said analysis further comprising selecting one or more groupings of data streams generated by one or more of said components and quantifying the interdependence of said streams via a multi-dimensional mutual information theory, said analysis being further enhanced by the utilization of locality sensitive hashing to cluster interrelated data streams; Creating one or more graphical depictions of said integrated data network, each of which graphical depictions representing the standard operation of said integrated data network under a specific set of operating conditions; Measuring current data being generated by at least one of the components of said integrated data network and mapping said current data onto a distinct graphical depiction of said current data, which distinct graphical depiction is then overlaid onto the graphical depiction of said standard operation of said network under similar operating conditions; and Detecting anomalies in the operation of said integrated data network by comparing said graphical depictions, said anomalies being those aspects of said current graphical depiction that are not within the operating range of said standard graphical depiction. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A tangible computing apparatus for storing data streams from individual nodes of an integrated data network onto a hardware platform and for analyzing said data streams per a set of instructions that are also stored in said computing system, wherein said instructions, executed by a processor, cause the computing system to construct a mathematical model on said hardware platform that depicts the function and operation of said integrated data network across a plurality of standard operating conditions, wherein the construction of said mathematical model utilizes multi-dimensional mutual information theory to compare two or more individual data streams to determine the level of interrelationship between or among said data streams, said mathematical model accepting only those interrelationships that exceed a specified interrelationship coefficient, said computing system being further configured to monitor said integrated data network after construction of said mathematical model and to compare the ongoing operations of said integrated data network with said standard operating conditions as depicted by said mathematical model, said monitoring being set to alert a user when the current operations deviate from standard operating conditions.
-
8. A method for detecting anomalies in the overall functions and operation of an integrated data network, said integrated data network comprising a plurality of individual components, each of which components produces a regular stream of one or more data points reflecting specific aspects of the function and operation of said component, wherein said streams of data points have varying degrees of interrelationships such that the values of one stream of data points may affect the values of one or more other interrelated data streams, said method for detecting anomalies comprising:
- Constructing a mathematical model to represent the standard operation of said integrated data network over a plurality of standard operating conditions, the construction of said model comprising an analysis of the data streams produced by the components of said integrated data network over a period of time, said analysis further comprising selecting one or more groupings of data streams generated by one or more of said components and quantifying the interdependence of said streams via a multi-dimensional mutual information theory, said analysis being further enhanced by the utilization of locality sensitive hashing to duster interrelated data streams;
Creating one or more graphical depictions of said integrated data network, each of which graphical depictions representing the standard operation of said integrated data network under a specific set of operating conditions;
Measuring current data being generated by at least one of the components of said integrated data network and mapping said current data onto a distinct graphical depiction of said current data, which distinct graphical depiction is then overlaid onto the graphical depiction of said standard operation of said network under similar operating conditions; and
Detecting anomalies in the operation of said integrated data network by comparing said graphical depictions, said anomalies being those aspects of said current graphical depiction that are not within the operating range of said standard graphical depiction. - View Dependent Claims (9, 10)
- Constructing a mathematical model to represent the standard operation of said integrated data network over a plurality of standard operating conditions, the construction of said model comprising an analysis of the data streams produced by the components of said integrated data network over a period of time, said analysis further comprising selecting one or more groupings of data streams generated by one or more of said components and quantifying the interdependence of said streams via a multi-dimensional mutual information theory, said analysis being further enhanced by the utilization of locality sensitive hashing to duster interrelated data streams;
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeSchneider Electric Software, LLC (Schneider Electric SE)
-
Original AssigneeInStep Software, LLC (Schneider Electric SE)
-
InventorsMihnev, Aldimir
-
Primary Examiner(s)PATEL, KAMINI B
-
Application NumberUS14/152,761Publication NumberTime in Patent Office900 DaysField of Search714/37US Class Current1/1CPC Class CodesG06F 11/0709 in a distributed system con...G06F 11/0751 Error or fault detection no...G06F 11/30 MonitoringH04L 41/142 using statistical or mathem...H04L 41/16 using machine learning or a...H04L 43/045 for graphical visualisation...H04L 43/08 Monitoring or testing based...H04L 43/20 the monitoring system or th...
