Search

US-20260126786-A1 - SYSTEM AND METHOD FOR ARTIFICIAL INTELLIGENCE (AI) BASED ANOMALY DETECTION AND DYNAMIC EVENT THROTTLING

US20260126786A1US 20260126786 A1US20260126786 A1US 20260126786A1US-20260126786-A1

Abstract

Various embodiments described herein relate to providing and/or employing a system and a method for tracking incoming events in a facility. In this regard, event data associated with a plurality of events is collected from at least one data source of a plurality of data sources. As a result, duplicate events are identified and filtered out from the plurality of events. Further, a set of anomalous events from the plurality of events is identified after filtering out the duplicate events. In this regard, at least one throttling parameter is adjusted in real-time based on the identification of the set of anomalous events and a current load on the system. Accordingly, processing of critical events from the set of anomalous events is prioritized based on the adjusted at least one throttling parameter.

Inventors

  • Vinothkumar Rajendran
  • Sumathi A
  • Prasanna S
  • Akhila S

Assignees

  • HONEYWELL INTERNATIONAL INC.

Dates

Publication Date
20260507
Application Date
20241105

Claims (20)

  1. 1 . A system, comprising: a processor; and a memory communicatively coupled to the processor, wherein the memory comprises one or more instructions which when executed by the processor, cause the processor to: receive event data associated with a plurality of events from at least one data source of a plurality of data sources; identify duplicate events from the plurality of events within a specific time period from the at least one data source; filter out the duplicate events from the plurality of events based on an analysis of the event data; identify a set of anomalous events from the plurality of events after filtering out the duplicate events; adjust at least one throttling parameter in real-time based on the identification of the set of anomalous events and a current load on the system; and prioritize processing of critical events from the set of anomalous events based on the adjusted at least one throttling parameter.
  2. 2 . The system of claim 1 , wherein the processor is further configured to apply clustering to the duplicate events from the at least one data source during one of point state fluctuations or transient state fluctuations.
  3. 3 . The system of claim 1 , wherein the processor is further configured to identify event flooding when a number of the plurality of events exceeds a threshold value.
  4. 4 . The system of claim 1 , wherein the at least one throttling parameter includes at least one of a throttling threshold, an event processing rate, and a resource allocation limit.
  5. 5 . The system of claim 1 , wherein the adjustment of the at least one throttling parameter comprises one of scale up or scale down an event processing rate of the set of anomalous events.
  6. 6 . The system of claim 1 , wherein the processor is further configured to implement a controlled event rejection process for non-critical events when a number of the set of anomalous events is above a predetermined threshold and the current load on the system is high.
  7. 7 . The system of claim 3 , wherein the processor is further configured to generate an alert notification based on the identification of the event flooding.
  8. 8 . The system of claim 1 , wherein the processor is further configured to generate, on a user interface of at least one display device, a real-time analytics dashboard that displays at least one of key metrics, the current load on the system, an event processing rate, and throttling status of the plurality of events.
  9. 9 . The system of claim 1 , wherein the plurality of events is associated with at least one of unauthorized access, false alarm, environmental interference, network breach, tampering, system failure, and sensor malfunction.
  10. 10 . The system of claim 1 , wherein the set of anomalous events are identified based on one or more anomaly detection algorithms.
  11. 11 . A method, comprising: receiving event data associated with a plurality of events from at least one data source of a plurality of data sources; identifying duplicate events from the plurality of events within a specific time period from the at least one data source; filtering out the duplicate events from the plurality of events based on an analysis of the event data; identifying a set of anomalous events from the plurality of events after filtering out the duplicate events; adjusting at least one throttling parameter in real-time based on the identification of the set of anomalous events and a current load on a system; and prioritizing processing of critical events from the set of anomalous events based on the adjusted at least one throttling parameter.
  12. 12 . The method of claim 11 , further comprising applying clustering to the duplicate events from the at least one data source during one of point state fluctuations or transient state fluctuations.
  13. 13 . The method of claim 11 , further comprising identifying event flooding when a number of the plurality of events exceeds a threshold value.
  14. 14 . The method of claim 11 , wherein the at least one throttling parameter includes at least one of a throttling threshold, an event processing rate, and a resource allocation limit.
  15. 15 . The method of claim 11 , wherein the adjustment of the at least one throttling parameter comprises one of scale up or scale down an event processing rate of the set of anomalous events.
  16. 16 . The method of claim 11 , further comprising implementing a controlled event rejection process for non-critical events when a number of the set of anomalous events is above a predetermined threshold and the current load on the system is high.
  17. 17 . The method of claim 13 , further comprising generating an alert notification based on the identification of the event flooding.
  18. 18 . The method of claim 11 , further comprising generating, on a user interface of at least one display device, a real-time analytics dashboard that displays at least one of key metrics, the current load on the system, an event processing rate, and throttling status of the plurality of events.
  19. 19 . The method of claim 11 , wherein the set of anomalous events are identified based on one or more anomaly detection algorithms.
  20. 20 . A non-transitory computer-readable medium having instructions stored thereon that, when executed by at least one processor of a system, cause the at least one processor to perform operations comprising: receiving event data associated with a plurality of events from at least one data source of a plurality of data sources; identifying duplicate events from the plurality of events within a specific time period from the at least one data source; filtering out the duplicate events from the plurality of events based on an analysis of the event data; identifying a set of anomalous events from the plurality of events after filtering out the duplicate events; adjusting at least one throttling parameter in real-time based on the identification of the set of anomalous events and a current load on the system; and prioritizing processing of critical events from the set of anomalous events based on the adjusted at least one throttling parameter.

Description

TECHNICAL FIELD The present disclosure is related to managing events within a facility. More particularly, the present disclosure relates to managing high volume event streams in a Security Management System (SMS) in the facility. BACKGROUND In the Security Management System (SMS), multiple subsystems often work together to ensure comprehensive security coverage. These subsystems create a robust and responsive electronic security system, addressing a wide range of security needs from physical access control to network protection and incident management. There could be a variety of subsystems in the Security Management System (SMS) that include, but may not be limited to, CCTV surveillance system, Intrusion Detection System, Access Control System, Fire Alarm System, Building Management System, Video Management System, and/or like. The Security Management System (SMS) is a centralized platform that integrates various security subsystems and provides centralized control for unified management. However, due to the presence of multiple subsystems in the Security Management System (SMS), operators often face challenges when dealing with a high volume of events and/or alarms. Each subsystem may generate its own set of alarms, leading to a flood of notifications that may overwhelm operators. Further, constantly receiving numerous alerts may lead to alert fatigue, where operators may become desensitized and may miss critical alarms. Also, identification and prioritization of important alerts from the sheer volume of notifications may be challenging. Therefore, there is a need to monitor incoming event volumes continuously and efficiently. BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate various exemplary embodiments and together with the description, serve to explain the principles of the disclosed embodiments, in which: FIG. 1 is a schematic diagram illustrating a facility management system managing a plurality of facilities in accordance with one or more embodiments of the present disclosure. FIG. 2 is a schematic diagram illustrating an exemplary facility of the plurality of facilities in accordance with one or more embodiments of the present disclosure. FIG. 3 is a schematic diagram illustrating an implementation of a controller of the facility management system that may execute techniques in accordance with one or more embodiments of the present disclosure. FIG. 4 is an exemplary block diagram illustrating an implementation of a dynamic event throttling system within the Security Management System (SMS) in the facility, in accordance with one or more embodiments of the present disclosure. FIG. 5 is a flowchart illustrating a method described in accordance with one or more embodiments of the present disclosure. SUMMARY The details of some embodiments of the subject matter described in this specification are set forth in the accompanying drawings and the description below. Other features, aspects, and advantages of the subject matter will become apparent from the description, the drawings, and the claims. In accordance with an embodiment of the present disclosure, a system for managing events in a facility is described. The system comprises a processor and a memory communicatively coupled to the processor. The memory comprises one or more instructions which when executed by the processor, cause the processor to receive event data associated with a plurality of events from at least one data source of a plurality of data sources, identify duplicate events from the plurality of events within a specific time period from the at least one data source, filter out the duplicate events from the plurality of events based on an analysis of the event data, identify a set of anomalous events from the plurality of events after filtering out the duplicate events, adjust at least one throttling parameter in real-time based on the identification of the set of anomalous events and a current load on the system, and prioritize processing of critical events from the set of anomalous events based on the adjusted at least one throttling parameter. In accordance with an example embodiment, a method for managing events in a facility is described herein. The method comprises receiving event data associated with a plurality of events from at least one data source of a plurality of data sources, identifying duplicate events from the plurality of events within a specific time period from the at least one data source, filtering out the duplicate events from the plurality of events based on an analysis of the event data, identifying a set of anomalous events from the plurality of events after filtering out the duplicate events, adjusting at least one throttling parameter in real-time based on the identification of the set of anomalous events and a current load on a system, and prioritizing processing of critical events from the set of anomalous events