发明名称 |
Detecting anomalies in work practice data by combining multiple domains of information |
摘要 |
One embodiment of the present invention provides a system for multi-domain clustering. During operation, the system collects domain data for at least two domains associated with users, wherein a domain is a source of data describing observable activities of a user. Next, the system estimates a probability distribution for a domain associated with the user. The system also estimates a probability distribution for a second domain associated with the user. Then, the system analyzes the domain data with a multi-domain probability model that includes variables for two or more domains to determine a probability distribution of each domain associated with the probability model and to assign users to clusters associated with user roles. |
申请公布号 |
US9264442(B2) |
申请公布日期 |
2016.02.16 |
申请号 |
US201313871985 |
申请日期 |
2013.04.26 |
申请人 |
PALO ALTO RESEARCH CENTER INCORPORATED |
发明人 |
Bart Evgeniy;Liu Juan J.;Eldardiry Hoda M. A.;Price Robert R. |
分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
代理机构 |
Park, Vaughan, Fleming & Dowler LLP |
代理人 |
Yao Shun;Park, Vaughan, Fleming & Dowler LLP |
主权项 |
1. A computer-executable method for multi-domain clustering, comprising:
receiving, by a computing device, from one or more computing devices over a network, domain data for at least two domains associated with users, wherein a domain is a source type describing observable activities of a plurality of users, and wherein a respective user is associated with a respective user role in an organization; determining a hyperparameter value for a respective prior distribution of a probability distributing associated with a domain; estimating a probability distribution for generating a multi-domain probability model; generating a multi-domain probability model that includes variables for two or more domains, based on the hyperparameter value and the estimated probability distribution; analyzing the domain data with the generated multi-domain probability model to assign a first user to a plurality of cluster indices associated with the first user's corresponding user role; and determining that an activity being performed by a second user is anomalous, based on a comparison between one or more of the second user's cluster indices to one or more of the first user's plurality of cluster indices. |
地址 |
Palo Alto CA US |