| CPC G06F 9/45558 (2013.01) [G06F 2009/4557 (2013.01); G06F 2009/45595 (2013.01)] | 20 Claims |
|
1. A system, comprising:
a cloud computing environment configured to provide one or more dedicated virtual machines (VMs) for storing and managing anomaly detection and alerting models;
a device configured to control the cloud computing environment to perform instantiation and shutdown of stream-processing VMs based on a number of data streams to be processed, data stream volumes, workload of the stream-processing VMs, or a combination thereof, wherein the stream-processing VMs process assigned data streams by executing instances of the anomaly detection and alerting models, and provide model outputs to the one or more dedicated VMs for maintenance or updating of the anomaly detection and alerting models, and wherein the stream-processing VMs are distinct from the one or more dedicated VMs, thereby providing an anomaly detection and alerting architecture in which stream processing is decoupled from model maintenance and updating; and
wherein a first anomaly detection and alerting model of the anomaly detection and alerting models is configured to generate a first alert based on a first persistence or a first pervasiveness determined from a given data stream at a predefined time unit of measurement, and further comprises a super alerting algorithm configured to generate a second alert based on at least one of a second persistence or a second pervasiveness of the first alert, resulting in a first super alert.
|