System, apparatus, and method for detecting home anomalies
First Claim
1. An anomaly detection system comprising:
- at least one appliance configured to connect to at least one network; and
circuitry configured toreceive, from the at least one appliance, a status based on at least one of a setting, an operational sate, or sensor values associated with the at least one appliance,monitor the received status of the at least one appliance over one or more periods of time including at least one of a time of day, day of a week, or season to generate historical data for the status of the at least one appliance,determine patterns of use for the at least one appliance by applying learning techniques to the generated historical data of the at least one appliance,determine a normal baseline status based on the patterns of use of the at least one appliance,determine, based on the patterns of use, one or more anomalous events have occurred when an amount of deviation in the status of the at least one appliance from the normal baseline status for the at least one appliance is greater than a predetermined threshold,detect that the one or more anomalous events are cyber-attack events based on changes to network configuration settings of the at least one appliance,classify the one or more anomalous events as at least one of an appliance failure, an attack, and danger to a homeowner based on the status of the at least one appliance and the patterns of use, wherein the circuitry classifies an anomalous event as a danger to homeowner based on an absence of appliance use without a received indication that the homeowner is away from home,update the patterns of use for the at least one appliance based on at least one of the status of the at least one appliance and a response from the at least one external device related to the one or more anomalous events,determine, based on the patterns of use of the at least one appliance, a predetermined sampling rate for receiving the status of the at least one appliance wherein the predetermined sampling rate increases as a probability of use of the at least one appliance increases, andoutput alerts, to at least one external device, based the determining of an occurrence of an anomalous event and based on the classification of the anomalous event.
1 Assignment
0 Petitions
Accused Products
Abstract
An anomaly detection system includes appliances connected to a network and circuitry configured to receive statuses of the appliances. Patterns of use are determined for the appliances including time periods in which the appliances are most likely to be used. The circuitry is also configured to determine that anomalous events have occurred when an amount of deviation from a normal baseline status for the appliances is greater than a predetermined threshold. Cyber-attack events are detected based on changes to network configuration settings of the appliances. Alerts are output to an external device based on the one or more anomalous events and/or cyber-attack events related to the appliances. The patterns of use are updated based on the status of the appliances and a response from the external device related to the anomalous events or cyber-attack events.
134 Citations
19 Claims
-
1. An anomaly detection system comprising:
-
at least one appliance configured to connect to at least one network; and circuitry configured to receive, from the at least one appliance, a status based on at least one of a setting, an operational sate, or sensor values associated with the at least one appliance, monitor the received status of the at least one appliance over one or more periods of time including at least one of a time of day, day of a week, or season to generate historical data for the status of the at least one appliance, determine patterns of use for the at least one appliance by applying learning techniques to the generated historical data of the at least one appliance, determine a normal baseline status based on the patterns of use of the at least one appliance, determine, based on the patterns of use, one or more anomalous events have occurred when an amount of deviation in the status of the at least one appliance from the normal baseline status for the at least one appliance is greater than a predetermined threshold, detect that the one or more anomalous events are cyber-attack events based on changes to network configuration settings of the at least one appliance, classify the one or more anomalous events as at least one of an appliance failure, an attack, and danger to a homeowner based on the status of the at least one appliance and the patterns of use, wherein the circuitry classifies an anomalous event as a danger to homeowner based on an absence of appliance use without a received indication that the homeowner is away from home, update the patterns of use for the at least one appliance based on at least one of the status of the at least one appliance and a response from the at least one external device related to the one or more anomalous events, determine, based on the patterns of use of the at least one appliance, a predetermined sampling rate for receiving the status of the at least one appliance wherein the predetermined sampling rate increases as a probability of use of the at least one appliance increases, and output alerts, to at least one external device, based the determining of an occurrence of an anomalous event and based on the classification of the anomalous event. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. An apparatus for detecting anomalous events, comprising:
circuitry configured to receive, from at least one appliance, a status based on at least one of a setting, an operational sate, or sensor values associated with the at least one appliance, monitor the received status of the at least one appliance over one or more periods of time including at least one of a time of day, day of a week, or season to generate historical data for the status of the at least one appliance, determine patterns of use for the at least one appliance by applying learning techniques to the generated historical data of the at least one appliance, determine a normal baseline status based on the patterns of use of the at least one appliance, determine, based on the patterns of use, one or more anomalous events have occurred when an amount of deviation in the status of the at least one appliance from the normal baseline status for the at least one appliance is greater than a predetermined threshold, detect that the one or more anomalous events are cyber-attack events based on changes to network configuration settings of the at least one appliance, classify the one or more anomalous events as at least one of an appliance failure, an attack, and danger to a homeowner based on the status of the at least one appliance and the patterns of use, wherein the circuitry classifies an anomalous event as a danger to homeowner based on an absence of appliance use without a received indication that the homeowner is away from home, update the patterns of use for the at least one appliance based on at least one of the status of the at least one appliance and a response from the at least one external device related to the one or more anomalous events or the cyber-attack events, determine, based on the patterns of use of the at least one appliance, a predetermined sampling rate for receiving the status of the at least one appliance wherein the predetermined sampling rate increases as a probability of use of the at least one appliance increases, and output alerts, to at least one external device, based the determining of an occurrence of an anomalous event and based on the classification of the anomalous event.
-
19. A method for detecting anomalous events, comprising:
-
receiving, from at least one appliance, a status based on at least one of a setting, an operational sate, or sensor values associated with the at least one appliance; monitoring the received status of the at least one appliance over one or more periods of time including at least one of a time of day, day of a week, or season to generate historical data for the status of the at least one appliance; determining, via processing circuitry, patterns of use for the at least one appliance by applying learning techniques to the generated historical data of the at least one appliance; determining, via the processing circuitry, a normal baseline status based on the patterns of use of the at least one appliance; determining, via the processing circuitry, based on the patterns of use, one or more anomalous events have occurred when an amount of deviation in the status of the at least one appliance from the normal baseline status for the at least one appliance is greater than a predetermined threshold; detecting, via the processing circuitry, that the one or more anomalous events are cyber-attack events based on changes to network configuration settings of the at least one appliance; classifying, via the processing circuitry, the one or more anomalous events as at least one of an appliance failure, an attack, and danger to a homeowner based on the status of the at least one appliance and the patterns of use, wherein the processing circuitry classifies an anomalous event as a danger to homeowner based on an absence of appliance use without a received indication that the homeowner is away from home, updating, via the processing circuitry, the patterns of use for the at least one appliance based on at least one of the status of the at least one appliance and a response from the at least one external device related to the one or more anomalous events or the cyber-attack events; determining, via the processing circuitry, a predetermined sampling rate for receiving the status of the at least one appliance wherein the predetermined sampling rate increases as a probability of use of the at least one appliance increases based on the patterns of use of the at least one appliance; and outputting alerts, to at least one external device, based the determining of an occurrence of an anomalous event and based on the classification of the anomalous event.
-
Specification