Browse Prior Art Database

Anomaly Detection For Software Quality Control Disclosure Number: IPCOM000240272D
Publication Date: 2015-Jan-20
Document File: 2 page(s) / 21K

Publishing Venue

The Prior Art Database


Disclosed is an anomaly detection system for software quality control. The system works by classifying data according to associated features/distribution, performing multiple matched anomaly detection algorithms, assigning different alert levels according to priority, and grouping the results to generate more accurate and robust alerts.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.

Page 01 of 2

Anomaly Detection For Software Quality Control

A certain network behavior, such as entering an incorrect password five times in a row, can be described and captured by a signature. Generally, the event counts according
to each signature should follow a certain distribution/pattern. However, abnormal behaviors such as outliers can happen as the result of legitimate factors, such as customer behavior change and bad coding, and illegitimate factors, such as network attacks and audits. The method disclosed herein provides self-checking for bad coding.

Averages may be used for a pre-defined period, such as a week or a month, wherein if the most recent data deviates from the averages to a certain threshold, an anomaly alarm is triggered. The following simple example illustrates why the results from this method may be quite confusing. For a data array such as: [1,1,1,1,1,1,1000,1,1,1,1,1,1,1,…1], the average for the first week is over 143 and the data following 1000 is 1, which deviates a lot from the average, triggering an alarm. However, in the given context, the "1" following "1000" is not an anomaly.

Disclosed herein is an anomaly detection for software quality control. The disclosed method includes several steps:

1. Data is classified according to associated features/distribution 2. For each category, multiple matched anomaly detection algorithms are performed. For each algorithm, different alert levels are assigned according to the priority.

3. Results are grouped and fused to generate more robust anomaly alerts with high accuracy. Both algorithms and the levels can be modified, added, or deleted interactively by users.

In addition, extra features such as dynamic similarity and blackouts can also be captured.