| CPC G06F 16/215 (2019.01) [G06F 16/25 (2019.01); G06Q 30/01 (2013.01)] | 20 Claims |
|
1. A method to facilitate anomaly detection, comprising:
receiving a value (n) representing a first quantity corresponding to a maximum quantity of expected anomalies in performance metric data;
generating, based on the value (n) received, a data structure within a database system for performing an optimized Extreme Studentized Deviate (ESD) test configured to store up to only a predetermined amount, that is twice the value of n, of datapoints comprising the n largest values data point values of the performance metric data and the n smallest values data point values of the performance metric data, wherein the data structure is further configured such that decision operations may occur in constant time during iteration through a data set;
receiving the performance metric data at the database system, the performance metric data comprising a plurality of the data point values;
processing the plurality of data point values via the optimized Extreme Studentized Deviate (ESD) test to detect one or more anomalous data point values within the plurality of data point values, including:
storing a first set of values representing n largest values of the plurality of data point values within the data structure;
storing a second set of values representing n smallest values of the plurality of data point values within the data structure;
receiving a first of the plurality of data point values;
determining whether the first data point value is to be included in the first set of values or the second set of values; and
determining that the first data point value is not an anomalous data point value upon a determination that the first data point value is not to be inserted into the first set of values or the second set of values; and
generating an incident alert upon a detection of one or more anomalous data point values within the plurality of data point values.
|