×

Statistics-based anomaly detection

  • US 9,628,499 B1
  • Filed: 08/08/2012
  • Issued: 04/18/2017
  • Est. Priority Date: 08/08/2012
  • Status: Active Grant
First Claim
Patent Images

1. A method for identifying an anomaly in a signal, comprising:

  • receiving a discrete signal, having sample values corresponding to amounts of data flow in a network within a time interval;

    generating a sequence of likelihoods corresponding to sample values in the signal and based at least in part on a historical probability distribution of previously received sample values corresponding to amounts of data flow in the network, wherein a likelihood is a probability of occurrence of a corresponding sample value in the signal;

    identifying likelihood change points in the likelihood sequence by;

    selecting a parameter L corresponding to a minimum number of samples in a segment;

    appending L consecutive likelihoods to a buffer;

    computing a sequence of first sum values of the likelihoods in the buffer;

    obtaining a sequence of second sum values;

    determining the presence of a change point in the buffer based at least in part on a comparison between the first and second sum values, wherein a plurality of likelihoods preceding the change point have a first statistic value and a plurality of likelihoods following the change point have a second statistic value different from the first statistic value; and

    identifying a likelihood in the buffer as a change point based at least in part on the comparison;

    segmenting the discrete signal into a plurality of segments at samples corresponding to the identified change points such that a respective one of the samples corresponding to the identified change points is at one of a beginning or an end of each of the plurality of segments;

    identifying a segment as an anomaly based on a comparison between a statistic of the segment and a statistic of the historical probability distribution; and

    reconfiguring, responsive to identifying the segment as the anomaly, a component of the network.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×