The present invention relates to domain-specific and cross-domain analysis of information involving multiple domains. More specifically, various embodiments of the present invention relate to using a system and a related method to determine anomalous data from each domain and using fusion rules to improve accuracy and relevance of combined analysis of anomalous data across multiple domains for triggering a critical event notification.
For applications requiring a critical event notification based on data analysis on a single domain (i.e. one particular environment or one knowledge dimension for data monitoring and gathering), anomaly detection systems allow identification of anomalous data which deviate from the norm in a dataset. The conventional anomaly detection systems and methods have been applied to many fields involving information technology. Fraud detection systems in financial and/or insurance business, computer network protection and intrusion detection systems, and health surveillance systems with critical event detection capabilities may utilize the concept of anomaly detection. An anomaly detection system typically requires gathering or sampling of data in a particular domain for a model building process in order to construct a normal data profile which can be used to detect and determine any meaningful deviation from the normal data profile as anomalous data.
Conventional anomaly detection systems tend to generate many false alarm rates because they tend to be overly domain-dependent and/or lack coherent methods to analyze domain-specific anomalous data across multiple domains. For example, anomalous data from a first domain may be triggered as a critical event in a conventional anomaly detection system, even if datasets from a second domain can explain why the anomalous data occurred in the first domain. For example, a conventional anomaly detection system may determine a motorboat with a velocity far greater than the average speed of motorboats in the same region is worthy of a critical event notification and may inform users accordingly. However, this critical event notification may simply be a false alarm in some instances, because the conventional anomaly detection system may fail to take data from other domains (i.e. domains outside of motorboat speed monitoring), such as the current weather conditions and a news event impacting in the same region into account for determining what should be considered an anomalous event worthy of a critical event notification.
Furthermore, the conventional anomaly detection systems tend to manually define what triggers a data set to be anomalous. For example, in the motorboat example above, a conventional anomaly detection system may define a data anomaly trigger at 45 miles per hour, which makes any motorboats traveling above 45 miles per hour to be flagged for a critical event notification. Therefore, the conventional anomaly detection system tends to be inflexible in taking dynamically-changing normal data profile into account for generating a critical event notification. The manually-set trigger for anomalous data makes conventional anomaly detection systems to be prone to false alarms during critical event monitoring.
Therefore, novel systems and methods which utilizes generic learning processes to create and update normal data profiles in each domain and then determine anomalous data per each domain may be advantageous. Furthermore, novel systems and methods which use fusion rules to analyze anomalous data from multiple domains to improve accuracy and relevance of a critical event notification to a user may also be highly advantageous.