Search

US-20260127461-A1 - SYSTEMS AND METHODS FOR USING MACHINE LEARNING FOR MANAGING APPLICATION INCIDENTS

US20260127461A1US 20260127461 A1US20260127461 A1US 20260127461A1US-20260127461-A1

Abstract

Disclosed herein are systems and methods for using machine learning for managing application incidents. An embodiment takes the form of a method that includes receiving extracted data pertaining to one or more applications. Model-input data is generated from the extracted data. Model-output data is generated at least in part by processing the generated model-input data with one or more machine-learning models trained to make one or more application-incident predictions. Based at least in part on the model-output data, an application-incident-likely determination is made that a likelihood of an occurrence of an application incident exceeds an application-incident-likelihood threshold, where the application incident corresponds to a given application of the one or more applications. Responsive to making the application-incident-likely determination, one or more alerts of the likelihood of the occurrence of the application incident are output.

Inventors

  • Jennifer Ann Stave
  • Jiaju Liu
  • Saara Raja

Assignees

  • WELLS FARGO BANK, N.A.

Dates

Publication Date
20260507
Application Date
20251219

Claims (20)

  1. 1 . A method comprising: aggregating extracted data from a plurality of data stores, wherein the extracted data comprises select data fields from a plurality of applications that have been identified as being useful in predicting application incidents; transforming, via data shaping, the aggregated extracted data into synthetized data; generating model-output data by processing model-input data via one or more machine-learning models, wherein the model-input data comprises input data from at least two of the plurality of applications and wherein the one or more machine-learning models are trained based on the synthetized data; making, based at least in part on the model-output data, an application-incident prediction that identifies a predicted application incident for at least one application of the plurality of applications before the predicted application incident occurs; and responsive to making the application-incident prediction, initiating one or more preventative actions to prevent the predicted application incident from occurring.
  2. 2 . The method of claim 1 , wherein the synthetized data comprises a single data view of the plurality of applications that have been identified as being useful in predicting application incidents.
  3. 3 . The method of claim 1 , wherein the one or more machine-learning models are trained by generating training data comprising a set of incident-prediction model features and a set of incident-prediction-model training data, wherein the set of incident-prediction model features comprise the extracted data for a specific type of the application incident.
  4. 4 . The method of claim 3 , wherein generating the training data comprises identifying collinearity in the set of incident-prediction model features and removing redundant incident-prediction model features from the set of incident-prediction model features based on collinearity.
  5. 5 . The method of claim 3 , wherein at least one of the one or more machine-learning models is trained to only recognize one of the incident-prediction model features of the set of incident-prediction model features.
  6. 6 . The method of claim 1 , further comprising generating the synthetized data from the aggregated extracted data by transforming at least a portion of the aggregated extracted data into being structured according to a set of one or more features, and wherein generating the model-output data by processing the model-input data comprises processing the set of one or more features with the one or more machine-learning models.
  7. 7 . The method of claim 6 , wherein aggregating the extracted data comprises receiving the extracted data as a plurality of datasets respectively extracted from a plurality of different data stores, and wherein transforming the at least a portion of the extracted data into being structured according to the set of one or more features comprises: conducting at least one normalization function with respect to the at least a portion of the extracted data; conducting at least one join operation with respect to the at least a portion of the extracted data; conducting at least one metric calculation with respect to the at least a portion of the extracted data; and conducting at least one data-quality check with respect to the at least a portion of the extracted data, and wherein aggregating the extracted data comprises receiving the extracted data as a plurality of datasets respectively extracted from a plurality of different data stores.
  8. 8 . The method of claim 1 , wherein a first type of the predicted application incident comprises an application-patching-related incident.
  9. 9 . The method of claim 1 , wherein a first type of the application incident comprises an application-access-related incident.
  10. 10 . The method of claim 1 , wherein a first type of the predicted application incident comprises an application-configuration-related incident.
  11. 11 . The method of claim 1 , wherein a first type of the predicted application incident comprises an application-server-relationship-related incident.
  12. 12 . The method of claim 1 , wherein the one or more machine-learning models further comprises: a first machine-learning model that is trained to make application-incident predictions with respect to a first type of the predicted application incident; and a second machine-learning model that is trained to make application-incident predictions with respect to a second type of the predicted application incident different from the first type of the predicted application incident.
  13. 13 . The method of claim 1 , wherein the application-incident prediction comprises a likelihood of an occurrence of the predicted application incident within a predetermined amount of time exceeds an application-incident-likelihood threshold.
  14. 14 . The method of claim 1 wherein: the model-output data indicates a likelihood of an occurrence of the predicted application incident; and making, based at least in part on the model-output data, the application-incident prediction comprises comparing the likelihood of the occurrence of the predicted application incident to an application-incident-likelihood threshold.
  15. 15 . The method of claim 1 , wherein: the model-output data comprises an indication that a likelihood of an occurrence of the predicted application incident exceeds an application-incident-likelihood threshold; and making, based at least in part on the model-output data, the application-incident prediction comprises making an application-incident-likely determination based at least in part on the indication.
  16. 16 . The method of claim 1 , further comprising presenting one or more alerts via one or more user interfaces.
  17. 17 . The method of claim 1 , further comprising: making, based at least in part on the model-output data, a second application-incident prediction that a likelihood of an occurrence of a second application incident exceeds an application-incident-likelihood threshold, the second application incident corresponding to a second application; and responsive to making the second application-incident prediction, outputting one or more alerts of the likelihood of the occurrence of the second application incident.
  18. 18 . A system comprising: at least one processor; and one or more non-transitory computer readable storage media containing instructions executable by the at least one processor for causing the at least one processor to perform operations comprising: aggregating extracted data from a plurality of data stores, wherein the extracted data comprises select data fields from a plurality of applications that have been identified as being useful in predicting application incidents; transforming, via data shaping, the aggregated extracted data into synthetized data; generating model-output data by processing model-input data via one or more machine-learning models, wherein the model-input data comprises input data from at least two of the plurality of applications and wherein the one or more machine-learning models are trained based on the synthetized data; making, based at least in part on the model-output data, an application-incident prediction that identifies a predicted application incident for at least one application of the plurality of applications before the predicted application incident occurs; and responsive to making the application-incident prediction, initiating one or more preventative actions to prevent the predicted application incident from occurring.
  19. 19 . The system of claim 18 wherein the synthetized data comprises a single data view of the plurality of applications that have been identified as being useful in predicting application incidents.
  20. 20 . One or more non-transitory computer readable storage media containing instructions executable by at least one processor for causing the at least one processor to perform operations comprising: aggregating extracted data from a plurality of data stores, wherein the extracted data comprises select data fields from a plurality of applications that have been identified as being useful in predicting application incidents; transforming, via data shaping, the aggregated extracted data into synthetized data; generating model-output data by processing model-input data via one or more machine-learning models, wherein the model-input data comprises input data from at least two of the plurality of applications and wherein the one or more machine-learning models are trained based on the synthetized data; making, based at least in part on the model-output data, an application-incident prediction that identifies a predicted application incident for at least one application of the plurality of applications before the predicted application incident occurs; and responsive to making the application-incident prediction, initiating one or more preventative actions to prevent the predicted application incident from occurring.

Description

CROSS-REFERENCE TO RELATED APPLICATION This application is a continuation of U.S. patent application Ser. No. 18/774,471, filed Jul. 16, 2024, which is a continuation of U.S. patent application Ser. No. 18/154,962, filed Jan. 16, 2023, now issued as U.S. Pat. No. 12,067,502, which is a continuation of U.S. patent application Ser. No. 16/824,175, filed Mar. 19, 2020, now issued as U.S. Pat. No. 11,556,815, each of which are incorporated by reference herein in their entirety. BACKGROUND Billions of people around the world use various different communication and computing devices on a daily basis for many different purposes such as social networking, conducting personal business (e.g., financial transactions), conducting work-related activities, online shopping, browsing the web and/or engaging in other forms of Internet communication for entertainment purposes or to gather the news of the day, and/or the like. Indeed, digital communications and computing have become increasingly ubiquitous presences in modern life, and that trend is only expected to continue. With the increased use and pervasiveness of digital communications and computing comes increased complexity. As an example, a financial-services institution may interact with its customers many billions of times per year in ways such as in person at storefront locations (e.g., banks), online (via, e.g., web portals, mobile applications (“apps”), and/or the like), at automated teller machines (ATMs), on the telephone, and/or the like. There are many organizations, such as large, complex, multinational corporations (including financial-services institutions), that operate and manage large, complex information technology (IT) ecosystems for both internal operations and for customer-facing activities, among other purposes. These ecosystems typically contain many different interoperating systems, servers, applications, interfaces, and the like. It is important to such organizations and their customers that these ecosystems operate reliably and effectively. OVERVIEW In an example scenario, within an IT ecosystem, a financial-services institution operates numerous applications. In at least one embodiment, each such application is a program that executes on hardware to perform one or more specific functions for one or more users and/or one or more other IT assets. Such users could be internal to (e.g., employees of) the financial-services institution, customers of the financial-services institution, and/or the like. One example of an application that the financial-services institution may operate in their respective IT ecosystem is a web-based portal (including, e.g., a web-server application) for customers to use in accessing and managing their financial information, accounts, and the like. Another example of an application that the financial-services institution may operate is a mobile application that customers can download and install on their respective mobile devices in order to conduct many of the same functions that may be available via the aforementioned web-based portal. Another application operated by the financial-services institution could be an operating system for ATMs, as well as numerous other applications that may provide and/or support various features and functions available to customers via ATMs. Yet another application could be a statistical-analysis application such as the statistical analytic software (SAS) developed by SAS Institute of Cary, North Carolina. Other examples include human-resources applications, accounting applications, bill-pay applications, billing applications, loan-servicing applications, call-center applications, and/or the like. Numerous additional example applications could be listed here as well. In the context of such an IT ecosystem of a complex organization, incidents (e.g., problems, errors, faults, malfunctions, and/or the like) sometimes happen in connection with one or more of the multiple applications that operate in the ecosystem. Some example types of application incidents include patching-related incidents (e.g., incidents related to one or more software patches having not been properly deployed, one or more software patches not having been properly constructed, and/or the like), access-related incidents (e.g., problems with one or more user-access configurations), configuration-related incidents, server-relationship-related incidents, and/or the like. Other types of application incidents can occur as well. Moreover, in many IT ecosystems, various different types of data pertaining to various different applications is housed in multiple different data stores (e.g., data silos), some examples of which are described in this disclosure. As a few examples, for a given application, separate data stores may be maintained for types of application data such as cache data, controls data, vulnerability data, and risk data, among numerous other example types of data that could be listed here. This sort of fragmented