US 12,013,747 B2
Dynamic window-size selection for anomaly detection
Seema Nagar, Bangalore (IN); Pooja Aggarwal, Bengaluru (IN); Rohan R Arora, Champaign, IL (US); and Amitkumar Manoharrao Paradkar, Mohegan Lake, NY (US)
Assigned to International Business Machines Corporation, Armonk, NY (US)
Filed by INTERNATIONAL BUSINESS MACHINES CORPORATION, Armonk, NY (US)
Filed on Aug. 10, 2022, as Appl. No. 17/884,756.
Prior Publication US 2024/0054041 A1, Feb. 15, 2024
Int. Cl. G06F 11/00 (2006.01); G06F 11/07 (2006.01)
CPC G06F 11/0787 (2013.01) [G06F 11/0721 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer implemented method for system log anomaly detection by:
receiving, by one or more computer processors, multivariate time-series system log data and metric data;
receiving, by the one or more computer processors, a metric data causal graph including causal relationships between system metrics;
determining, by the one or more computer processors, a univariate variation score for the system metrics;
determining, by the one or more computer processors, a causal variation score for the multivariate time series system metric data according to the causal graph;
determining, by the one or more computer processors, an activity score according to the univariate variation score, and causal variation score;
altering, by the one or more computer processors, a review window duration according to the activity score; and
processing, by the one or more computer processors, windows of multivariate time-series system log data and metric data to detect anomalies.