Systems and methods for detecting and remedying software anomalies
First Claim
1. A computing system comprising:
- a network interface;
at least one processor;
a non-transitory computer-readable medium; and
program instructions stored on the non-transitory computer-readable medium that are executable by the at least one processor to cause the computing system to;
obtain a set of observed data vectors indicating operation of a topology of nodes that represents a given software application while the given software application is running on a first computing platform that is not controlled by a provider of the given software application, wherein each observed data vector in the set comprises data values captured for a given set of operating variables at a particular point in time;
apply an anomaly detection model to the obtained set of observed data vectors, wherein the anomaly detection model is;
(i) defined by applying an unsupervised learning technique to a set of training data vectors indicating operation of the topology of nodes that represents the given software application while the given software application is running on a second computing platform that is controlled by the provider of the given software application, and (ii) configured to evaluate whether a deviation between observed and predicted values for each operating variable of the given set of operating variables is indicative of an anomaly;
based on the anomaly detection model, identify an anomaly in at least one operating variable in the given set of operating variables;
evaluate whether any identified anomaly is indicative of a problem related to the given software application and thereby determine that at least one identified anomaly is indicative of a problem related to the given software application; and
based on the determination that the at least one identified anomaly is indicative of a problem related to the given software application, cause a client station to present a notification indicating the at least one identified anomaly.
1 Assignment
0 Petitions
Accused Products
Abstract
A computing platform may obtain observed data vectors related to the operation of a topology of nodes that represents a software application running on an uncontrolled platform, wherein each observed data vector comprises data values captured for a given set of operating variables at a particular point in time. After obtaining the observed data vectors, the computing platform may apply an anomaly detection model to the observed data vectors and then based on the anomaly detection model, may identify an anomaly in at least one operating variable. In turn, the computing platform may determine whether each identified anomaly is indicative of a problem related to the application, and based on a determination that an identified anomaly is indicative of a problem related to the software application, cause a client station to present a notification.
137 Citations
20 Claims
-
1. A computing system comprising:
-
a network interface; at least one processor; a non-transitory computer-readable medium; and program instructions stored on the non-transitory computer-readable medium that are executable by the at least one processor to cause the computing system to; obtain a set of observed data vectors indicating operation of a topology of nodes that represents a given software application while the given software application is running on a first computing platform that is not controlled by a provider of the given software application, wherein each observed data vector in the set comprises data values captured for a given set of operating variables at a particular point in time; apply an anomaly detection model to the obtained set of observed data vectors, wherein the anomaly detection model is;
(i) defined by applying an unsupervised learning technique to a set of training data vectors indicating operation of the topology of nodes that represents the given software application while the given software application is running on a second computing platform that is controlled by the provider of the given software application, and (ii) configured to evaluate whether a deviation between observed and predicted values for each operating variable of the given set of operating variables is indicative of an anomaly;based on the anomaly detection model, identify an anomaly in at least one operating variable in the given set of operating variables; evaluate whether any identified anomaly is indicative of a problem related to the given software application and thereby determine that at least one identified anomaly is indicative of a problem related to the given software application; and based on the determination that the at least one identified anomaly is indicative of a problem related to the given software application, cause a client station to present a notification indicating the at least one identified anomaly. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method executed by a computing system, the method comprising:
-
obtaining a set of observed data vectors indicating operation of a topology of nodes that represents a given software application while the given software application is running on a first computing platform that is not controlled by a provider of the given software application, wherein each observed data vector in the set comprises data values captured for a given set of operating variables at a particular point in time; applying an anomaly detection model to the obtained set of observed data vectors, wherein the anomaly detection model is;
(i) defined by applying an unsupervised learning technique to a set of training data vectors indicating operation of the topology of nodes that represents the given software application while the given software application is running on a second computing platform that is controlled by the provider of the given software application, and (ii) configured to evaluate whether a deviation between observed and predicted values for each operating variable of the given set of operating variables is indicative of an anomaly;based on the anomaly detection model, identifying an anomaly in at least one operating variable in the given set of operating variables; evaluating whether any identified anomaly is indicative of a problem related to the given software application and thereby determining that at least one identified anomaly is indicative of a problem related to the given software application; and based on determining that the at least one identified anomaly is indicative of a problem related to the given software application, causing a client station to present a notification indicating the at least one identified anomaly. - View Dependent Claims (14, 16, 17)
-
-
15. The method of 14, wherein the unsupervised learning technique comprises a principal component analysis (PCA) technique, and wherein using the set of training data vectors to define the anomaly detection model comprises:
-
using the set of training data vectors to define transformed coordinate space comprising a set of principal components; and using the set of training data vectors to define a set of anomaly thresholds that specify whether the deviation between observed and predicted values for each operating variable of the given set of operating variables is indicative of an anomaly.
-
-
18. A non-transitory computer-readable medium having instructions stored thereon that are executable by at least one processor to cause a computing system to:
-
obtain a set of observed data vectors indicating operation of a topology of nodes that represents a given software application while the given software application is running on a first computing platform that is not controlled by a provider of the given software application, wherein each observed data vector in the set comprises data values captured for a given set of operating variables at a particular point in time; apply an anomaly detection model to the obtained set of observed data vectors, wherein the anomaly detection model is;
(i) defined by applying an unsupervised learning technique to a set of training data vectors indicating operation of the topology of nodes that represents the given software application while the given software application is running on a second computing platform that is controlled by the provider of the given software application, and (ii) configured to evaluate whether a deviation between observed and predicted values for each operating variable of the given set of operating variables is indicative of an anomaly;based on the anomaly detection model, identify an anomaly in at least one operating variable in the given set of operating variables; evaluate whether any identified anomaly is indicative of a problem related to the given software application and thereby determine that at least one identified anomaly is indicative of a problem related to the given software application; and based on the determination that the at least one identified anomaly is indicative of a problem related to the given software application, cause a client station to present a notification indicating the at least one identified anomaly. - View Dependent Claims (19, 20)
-
Specification