Dynamic graph anomaly detection framework and scalable system architecture

Assignee

• EMC IP Holding Company LLC · US

Inventors

• Chunsheng Fang · San Jose, US
• Derek Lin · San Mateo, US
• Teng Wang · San Jose, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/034
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Machine generated event log data which includes events occurring over a window of time is received where each event includes a first node, a second node, and a timestamp. The events are aggregated into a plurality of aggregated graph snapshots. Communities within the plurality of aggregated graph snapshots are identified and community tracking links are determined between communities in the plurality of aggregated graph snapshots. A community that has an anomalous evolution in the plurality of aggregated graph snapshots compared to the evolution of other communities is identified based at least in part on the community tracking links. The communities are displayed where the display includes the community tracking links and identifies the community that has the anomalous evolution.