US 11,943,244 B2
Anomaly detection over high-dimensional space
Bradley Evan Harris, Sandy Springs, GA (US); Moazzam Khan, Marietta, GA (US); and James Heinlein, Atlanta, GA (US)
Assigned to International Business Machines Corporation, Armonk, NY (US)
Filed by International Business Machines Corporation, Armonk, NY (US)
Filed on Jun. 22, 2021, as Appl. No. 17/353,856.
Prior Publication US 2022/0407878 A1, Dec. 22, 2022
Int. Cl. H04L 9/40 (2022.01); G06N 5/02 (2023.01); G06N 5/04 (2023.01); G06N 20/00 (2019.01)
CPC H04L 63/1425 (2013.01) [G06N 5/027 (2013.01); G06N 5/04 (2013.01); G06N 20/00 (2019.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method comprising:
creating, by one or more computer processors, a binary cluster of events by bootstrapping a set of ground truths contained with a rule engine applied to a set of high-dimensional datapoints, wherein the binary cluster contains two clusters each containing a plurality of high-dimensional datapoints;
determining, by one or more computer processors, one or more peer groups for a set of unknown high-dimensional datapoints utilizing a trained multiclass classifier, wherein the high-dimensional datapoints are assigned to one or more peer groups by the trained multiclass classifier using an incremental learning algorithm in order to reduce system resources;
creating, by one or more computer processors, an activity distribution for each unknown high-dimensional datapoint associated with a user in the set of unknown high-dimensional datapoints and each peer group;
calculating, by one or more computer processors, a deviation percentage between the activity distribution of the user and each peer group associated with the user; and
responsive to exceeding a deviation threshold, classifying, by one or more computer processors, the user or associated high-dimensional datapoints as risky and performing an action.