Method and apparatus for detection of anomalies in integrated parameter systems

摘要

A system, method, and tangible computing apparatus is disclosed for the detection of anomalies in an integrated data network. Said system, method and apparatus comprises the creation and construction of a mathematical model that utilizes multi-dimensional mutual information to detect interactions and interrelationships between pairs of data streams and among pluralities of data streams. Real-time analysis of the operations of an integrated data network is enhanced and expedited via use of locality sensitive hashing that relies on density determinations of clusters of data.

主权项

1. A system for detecting anomalies in the overall functions and operation of an integrated data network, said integrated data network comprising a plurality of individual components, each of which components produces a regular stream of one or more data points reflecting specific aspects of the function and operation of said component, wherein said streams of data points have varying degrees of interrelationships such that the values of one stream of data points may affect the values of one or more other interrelated data streams, said system for detecting anomalies comprising:
A processor to perform the steps of: Constructing a mathematical model to represent the standard operation of said integrated data network over a plurality of standard operating conditions, the construction of said model comprising an analysis of the data streams produced by the components of said integrated data network over a period of time, said analysis further comprising selecting one or more groupings of data streams generated by one or more of said components and quantifying the interdependence of said streams via a multi-dimensional mutual information theory, said analysis being further enhanced by the utilization of locality sensitive hashing to cluster interrelated data streams; Creating one or more graphical depictions of said integrated data network, each of which graphical depictions representing the standard operation of said integrated data network under a specific set of operating conditions; Measuring current data being generated by at least one of the components of said integrated data network and mapping said current data onto a distinct graphical depiction of said current data, which distinct graphical depiction is then overlaid onto the graphical depiction of said standard operation of said network under similar operating conditions; and Detecting anomalies in the operation of said integrated data network by comparing said graphical depictions, said anomalies being those aspects of said current graphical depiction that are not within the operating range of said standard graphical depiction.