Who is the assignee on this patent?

Danielson Debra J, Greenspan Steven L, Reno James D, and 2 more

What technology area does this patent fall under?

Primary CPC classification H04L63/1425. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Oct 10 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Anomaly detection based on cluster transitions

US9787704B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9787704-B2
Application number	US-201514641279-A
Country	US
Kind code	B2
Filing date	Mar 6, 2015
Priority date	Mar 6, 2015
Publication date	Oct 10, 2017
Grant date	Oct 10, 2017

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Systems and methods may include receiving first data of components, which may represent performance characteristics of the components at a first time. The systems and methods may include performing a first cluster analysis of the first data to identify clusters of the components with similar characteristics. The systems and methods may include receiving second data of the components, which may represent performance characteristics of the components at a second time. The systems and methods may include performing a second cluster analysis of the second data to identify clusters of the components with similar characteristics. The systems and methods may include determining whether a component transitioned from a cluster identified in the first cluster analysis to a different cluster identified in the second cluster analysis. The systems and methods may include determining that an anomaly occurred in response to determining that the component transitioned from the cluster to the different cluster.

First claim

Opening claim text (preview).

What is claimed is: 1. A method comprising: receiving first performance data of a plurality of components in a system, the first performance data representing performance characteristics of the plurality of components in a first time period; performing a first cluster analysis of the first performance data, the first cluster analysis comprising: identifying clusters of the plurality of components with similar performance characteristics in the first time period; receiving second performance data of the plurality of components, the second performance data representing performance characteristics of the plurality of components in a second time period; performing a second cluster analysis of the second performance data, the second cluster analysis comprising: identifying clusters of the plurality of components with similar performance characteristics in the second time period; determining whether a component of the plurality of components transitioned from a first cluster to a second cluster, the first cluster being different from the second cluster, and the determining comprising: determining that the component transitioned from the first cluster to the second cluster if the component was identified as being in the first cluster in the first cluster analysis and was identified as being in the second cluster in the second cluster analysis; and determining that the component did not transition from the first cluster to the second cluster if the component was identified as being in the first cluster in the first cluster analysis and was identified as being in the first cluster in the second cluster analysis; and in response to determining that the component transitioned from the first cluster to the second cluster, determining that an anomalous event has occurred; receiving third performance data of the plurality of components, the third performance data representing performance characteristics of the plurality of components in a third time period; performing a third cluster analysis of the third performance data, the third cluster analysis comprising: identifying clusters of the plurality of components with similar performance characteristics representing in the third time period; determining whether the component transitioned from the second cluster to a third cluster, the third cluster being different from the second cluster, and the determining comprising: determining that the component transitioned from the second cluster to the third cluster if the component was identified as being in the second cluster in the second cluster analysis and was identified as being in the third cluster in the third cluster analysis; and in response to determining that the component transitioned from the second cluster to the third cluster: determining that the component is in a steady state of transition, and determining whether the component is a member of a transition cluster that is in a steady state of transition between the first cluster and the third cluster. 2. The method of claim 1 , wherein performing the first cluster analysis comprises clustering the plurality of components at a first level of granularity, wherein performing the second cluster analysis comprises clustering the plurality of components at a second level of granularity, and wherein the first level of granularity is the same level of granularity as the second level of granularity, such that the first cluster and the second cluster are clusters at the same level of granularity. 3. The method of claim 1 , wherein performing the first cluster analysis comprises: determining that the component has similar performance characteristics to another component of the plurality of components based on the first performance data; and in response to determining that the component has similar performance characteristics to the other component, determining that the component and the other component are members of the first cluster, and wherein performing the second cluster analysis comprises: determining whether the component has similar performance characteristics to the other component based on the second performance data; and in response to determining that the component has similar performance characteristics to the other component, determining that the component and the other component are members of the first cluster; and in response to determining that the component does not have similar performance characteristics to the other component, determining that the component is a member of the second cluster. 4. The method of claim 1 , wherein performing the first cluster analysis comprises clustering the plurality of components at each of a plurality of levels of granularity, wherein performing the second cluster analysis comprises clustering the plurality of components at each of the plurality of levels of granularity, and wherein determining whether the component transitioned from the first cluster to the second cluster comprises determining whether the component transitioned from the first cluster to the second cluster based on clustering the plurality of components at the same level of granularity in both the first cluster analysis and the second cluster analysis. 5. The method of claim 1 , wherein performing the first cluster analysis of the first performance data comprises: identifying a cluster of components of the plurality of components with similar performance characteristics for a first parameter of the first performance data in the first time period, such cluster being a first parameter cluster; and identifying a cluster of components of the plurality of components with similar performance characteristics for a second parameter of the first performance data in the first time period, such cluster being the first cluster, wherein the method further comprises: requesting data for a particular parameter of performance data from the components identified as the first parameter cluster, the particular parameter being the same parameter as the second parameter of the first performance data, wherein receiving the second performance data of the plurality of components comprises: receiving as the second performance data the data for the particular parameter from the components identified as the first parameter cluster, and wherein performing the second cluster analysis of the second performance data comprises: identifying a plurality of clusters of components of the plurality of components with similar performance characteristics for the particular parameter of performance data in the second time period, such plurality of clusters comprising the first cluster and the second cluster. 6. The method of claim 1 , further comprising: accessing additional information, the additional information indicating that transitioning from the first cluster to the second cluster is acceptable behavior for the component of the plurality of components, and in response to accessing the additional information, determining that the anomalous event is an acceptable event. 7. A system comprising: a memory; and a processing system configured to: receive first performance data of a plurality of components in a system, the first performance data performance characteristics of the plurality of components in a first time period; perform a first cluster analysis of the first performance data, the first cluster analysis comprising: identifying clusters of the plurality of components with similar performance characteristics in the first time period; receive second performance data of the plurality of components, the second performance data representing performance characteristics of the plurality of components in a second time period; perform a second cluster analysis of the second perfor

Assignees

Inventors

Classifications

H04L63/1425Primary
Traffic logging, e.g. anomaly detection · CPC title
H04L67/1095
Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes · CPC title

Patent family

Related publications grouped by family.

View patent family 56850088

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9787704B2 cover?: Systems and methods may include receiving first data of components, which may represent performance characteristics of the components at a first time. The systems and methods may include performing a first cluster analysis of the first data to identify clusters of the components with similar characteristics. The systems and methods may include receiving second data of the components, which may …
Who is the assignee on this patent?: Danielson Debra J, Greenspan Steven L, Reno James D, and 2 more
What technology area does this patent fall under?: Primary CPC classification H04L63/1425. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Oct 10 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).