Event anomaly analysis and prediction

What is claimed is: 1. An event anomaly analysis and prediction apparatus comprising: a processor; and a memory storing machine readable instructions that when executed by the processor cause the processor to: access at least one master directed graph that specifies known events and transitions between the known events; rank each of the known events in an ascending order in accordance with a probability of anomalousness assigned to each of the known events; access data that is to be analyzed for an anomaly; determine, based on an application of the master directed graph and the ranked known events to the data, whether the data includes the anomaly; and in response to a determination that the data includes the anomaly, control a device associated with the data. 2. The event anomaly analysis and prediction apparatus according to claim 1 , wherein the machine readable instructions to rank each of the known events further comprise machine readable instructions to cause the processor to: identify a most anomalous known event as an event with a lowest probability of occurrence associated with the ranking of each of the known events. 3. The event anomaly analysis and prediction apparatus according to claim 1 , further comprising machine readable instructions to cause the processor to: cluster each of the ranked known events into a plurality of anomaly categories that include at least two of a very-high, a high, a medium, a low, and a very-low probability of being an anomaly. 4. The event anomaly analysis and prediction apparatus according to claim 1 , further comprising machine readable instructions to cause the processor to: apply k-means clustering to cluster each of the ranked known events into a plurality of anomaly categories. 5. The event anomaly analysis and prediction apparatus according to claim 1 , wherein the machine readable instructions to determine, based on the application of the master directed graph, whether the data includes the anomaly further comprise machine readable instructions to cause the processor to: determine, based on the master directed graph, a baseline activity graph; determine, based on the data, a real-time activity graph; and compare the baseline activity graph to the real-time activity graph to determine whether the data includes the anomaly. 6. The event anomaly analysis and prediction apparatus according to claim 5 , wherein the machine readable instructions to compare the baseline activity graph to the real-time activity graph to determine whether the data includes the anomaly further comprise machine readable instructions to cause the processor to: determine if the real-time activity graph includes an event that is not present in the baseline activity graph. 7. The event anomaly analysis and prediction apparatus according to claim 5 , wherein the machine readable instructions to compare the baseline activity graph to the real-time activity graph to determine whether the data includes the anomaly further comprise machine readable instructions to cause the processor to: determine if the real-time activity graph includes a transition between events that is not present in the baseline activity graph. 8. The event anomaly analysis and prediction apparatus according to claim 1 , further comprising machine readable instructions to cause the processor to: filter the master directed graph by removing edges for which a number of times an event sequence has transitioned between nodes that are associated with the edges to be removed is less than a specified threshold, wherein a node represents a known event of the master directed graph, and an edge represents a transition between associated known events. 9. A method for event anomaly analysis and prediction implemented by an event anomaly analysis and prediction apparatus including a memory and a processor, the method comprising: accessing at least one master directed graph that specifies known events and transitions between the known events; ranking each of the known events in an ascending order in accordance with a probability of anomalousness assigned to each of the known events; determining, based on the master directed graph and the ranked known events, a plurality of rules to analyze new events; accessing data that is to be analyzed for anomalies; identifying, based on an application of the plurality of rules to the data, selected ones of the anomalies in the data; determining, for the data, a plurality of objects of different sizes that represent different ones of the selected ones of the anomalies; and generating a display of the plurality of objects. 10. The method according to claim 9 , further comprising: controlling, based on the identified selected ones of the anomalies in the data, a device associated with the data. 11. The method according to claim 9 , further comprising: filtering the master directed graph by removing edges for which a number of times an event sequence has transitioned between nodes that are associated with the edges to be removed is less than a specified threshold, wherein a node represents a known event of the master directed graph, and an edge represents a transition between associated known events. 12. The method according to claim 9 , wherein ranking each of the known events further comprises: identifying a most anomalous known event as an event with a lowest probability of occurrence associated with the ranking of each of the known events. 13. The method according to claim 9 , further comprising: clustering, by applying k-means clustering, each of the ranked known events into a plurality of anomaly categories that include at least two of a very-high, a high, a medium, a low, and a very-low probability of being an anomaly. 14. A non-transitory computer readable medium having stored thereon machine readable instructions for event anomaly analysis and prediction, the machine readable instructions, when executed, cause a processor to: access at least one master directed graph that specifies known events and transitions between the known events; rank each of the known events in an ascending order in accordance with a probability of anomalousness assigned to each of the known events; determine, based on the master directed graph and the ranked known events, a plurality of rules to analyze new events; access data that is to be analyzed for an anomaly; determine, based on an application of the plurality of rules to the data, whether the data includes the anomaly; and in response to a determination that the data includes the anomaly, control a device associated with the data. 15. The non-transitory computer readable medium of claim 14 , wherein the machine readable instructions to rank each of the known events, when executed, further cause the processor to: identify a most anomalous known event as an event with a lowest probability of occurrence associated with the ranking of each of the known events. 16. The non-transitory computer readable medium of claim 14 , wherein the machine readable instructions, when executed, further cause the processor to: determine, based on the master directed graph, a baseline activity graph; determine, based on the data, a real-time activity graph; and compare the baseline activity graph to the real-time activity graph to determine whether the data includes the anomaly; and determine if the real-time activity graph includes an event that is not present in the baseline activity graph. 17. The non-transitory computer readable medium of claim 14 , wherein the machine readable instruction