Abstract: Systems and methods are provided for incident analysis in Cyber-Physical Systems (CPS) using a Temporal Graph-based Incident Analysis System (TGIAS) and/or Transition Based Categorical Anomaly Detection (TCAD). Dynamically gathered multimodal data from a distributed network of sensors across the CPS are preprocessed to identify abnormal sensor readings indicative of potential incidents, and a multi-layered incident timeline graph, representing abnormal sensor readings, relationships to specific CPS components, and temporal sequencing of events is constructed. Severity scores are calculated, and severity rankings are assigned to identified anomalies based on a composite index including impact on CPS operation, comparison with historical incident data, and predictive risk assessments.

Abstract: Systems and methods are provided for incident analysis in Cyber-Physical Systems (CPS) using a Temporal Graph-based Incident Analysis System (TGIAS) and/or Transition Based Categorical Anomaly Detection (TCAD). Dynamically gathered multimodal data from a distributed network of sensors across the CPS are preprocessed to identify abnormal sensor readings indicative of potential incidents, and a multi-layered incident timeline graph, representing abnormal sensor readings, relationships to specific CPS components, and temporal sequencing of events is constructed. Severity scores are calculated, and severity rankings are assigned to identified anomalies based on a composite index including impact on CPS operation, comparison with historical incident data, and predictive risk assessments.

Abstract: Methods and systems for anomaly detection include encoding a time series with a time series encoder and encoding an event sequence with an event sequence encoder. A latent code is generated from outputs of the time series encoder and the event sequence encoder. The time series is reconstructed from the latent code using a time series decoder. The event sequence is reconstructed from the latent code using an event sequence decoder. An anomaly score is determined based on a reconstruction loss of the reconstructed time series and a reconstruction loss of the reconstructed event sequence. An action is performed responsive to the anomaly score.

Abstract: Methods and systems for anomaly detection include encoding a multivariate time series and a multi-type event sequence using respective transformers and an aggregation network to generate a feature vector. Anomaly detection is performed using the feature vector to identify an anomaly within a system. A corrective action is performed responsive to the anomaly to correct or mitigate an effect of the anomaly. The detected anomaly can be used in a healthcare context to support decision making by medical professionals with respect to the treatment of a patient. The encoding may include machine learning models to implement the transformers and the aggregation network using deep learning.

Abstract: Methods and systems for event prediction include encoding a multivariate time series and a multi-type event sequence using respective transformers and an aggregation network to generate a feature vector. Event prediction is performed using the feature vector to identify a next event to occur within a system. A corrective action is performed responsive to the next event to prevent or mitigate an effect of the next event. The predicted next event can be used in a healthcare context to support decision making by medical professionals with respect to the treatment of a patient. The encoding may include machine learning models to implement the transformers and the aggregation network using deep learning.

Abstract: Methods and systems for defect detection include determining a first residual score by comparing a first predicted system state, determined according to previously measured environment data, to an actual system state. A second residual score is determined by comparing a second predicted system state, determined according to previously measured system state data, to the actual system state. A defect score is generated based on a difference between the first residual score and the second residual score. An automatic action is performed responsive to a determination that the defect score indicates a defect in system behavior.

Abstract: Methods and systems for vehicle fault detection include collecting operational data from sensors in a vehicle. The sensors are associated with vehicle sub-systems. The operational data is processed with a neural network to generate a fault score, which represents a similarity to fault state training scenarios, and an anomaly score, which represents a dissimilarity to normal state training scenarios. The fault score is determined to be above a fault score threshold and the anomaly score is determined to be above an anomaly score threshold to detect a fault. A corrective action is performed responsive the fault, based on a sub-system associated with the fault.

Abstract: Methods and systems for anomaly detection include encoding a multivariate time series and a multi-type event sequence using respective transformers and an aggregation network to generate a feature vector. Anomaly detection is performed using the feature vector to identify an anomaly within a system. A corrective action is performed responsive to the anomaly to correct or mitigate an effect of the anomaly. The detected anomaly can be used in a healthcare context to support decision making by medical professionals with respect to the treatment of a patient. The encoding may include machine learning models to implement the transformers and the aggregation network using deep learning.

Abstract: Methods and systems for training a model include distinguishing hidden states of a monitored system based on condition information. An encoder and decoder are generated for each respective hidden state using forward and backward autoencoder losses. A hybrid hidden state is determined for an input sequence based on the hidden states. The input sequence is reconstructed using the encoders and decoders and the hybrid hidden state. Parameters of the encoders and decoders are updated based on a reconstruction loss.

Abstract: A computer-implemented method for simulating vehicle data and improving driving scenario detection is provided.

Abstract: Methods and systems for allocating network resources responsive to network traffic include modeling spatial correlations between fine spatial granularity traffic and coarse spatial granularity traffic for different sites and regions to determine spatial feature vectors for one or more sites in a network. Temporal correlations at a fine spatial granularity are modeled across multiple temporal scales, based on the spatial feature vectors. Temporal correlations at a coarse spatial granularity are modeled across multiple temporal scales, based on the spatial feature vectors. A traffic flow prediction is determined for the one or more sites in the network, based on the temporal correlations at the fine spatial granularity and the temporal correlations at the coarse spatial granularity. Network resources are provisioned at the one or more sites in accordance with the traffic flow prediction.

Abstract: A method for detecting pod and node candidates from cloud computing systems representing potential root causes of failure or fault activities is presented. The method includes collecting, by a monitoring agent, multi-modality data including key performance indicator (KPI) data, metrics data, and log data, employing a feature extractor and representation learner to convert the log data to time series data, applying a metric prioritizer based on extreme value theory to prioritize metrics for root cause analysis and learn an importance of different metrics, ranking root causes of failure or fault activities by using a hierarchical graph neural network, and generating one or more root cause reports outlining the potential root causes of failure or fault activities.

Abstract: A method for employing root cause analysis is presented. The method includes embedding, by an embedding layer, a sequence of events into a low-dimension space, employing a feature extractor and representation learner to convert log data from the sequence of events to time series data, the feature extractor including an auto-encoder model and a language model, and detecting root causes of failure or fault activities from the time series data.

Abstract: A method for detecting an origin of a computer attack given a detection point based on multi-modality data is presented. The method includes monitoring a plurality of hosts in different enterprise system entities to audit log data and metrics data, generating causal dependency graphs to learn statistical causal relationships between the different enterprise system entities based on the log data and the metrics data, detecting a computer attack by pinpointing attack detection points, backtracking from the attack detection points by employing the causal dependency graphs to locate an origin of the computer attack, and analyzing computer attack data resulting from the backtracking to prevent present and future computer attacks.

Abstract: Methods and systems for anomaly detection include training an anomaly detection histogram model using historical categorical value data. Training the anomaly detection histogram model includes generating a histogram template based on historical categorical data, converting the historical categorical data to a histogram using the histogram template, and determining a normal range and anomaly threshold for the categorical data using the histogram.

Abstract: Methods and systems for anomaly correction include detecting an anomaly in a time series of categorical data values generated by a sensor, displaying a visual depiction of an anomalous time series, corresponding to the detected anomaly, on a user interface with a visual depiction of an expected normal behavior to contrast to the anomalous time series, and performing a corrective action responsive to the displayed detected anomaly. Detecting the anomaly includes framing the time series with a sliding window, generating a histogram for the categorical data values using a histogram template, generating an anomaly score for the time series using an anomaly detection histogram model on the generated histogram, and comparing the anomaly score to an anomaly threshold.

Abstract: Methods and systems for anomaly detection include determining whether a system is in a stable state or a dynamic state based on input data from one or more sensors in the system, using reconstruction errors from a respective stable model and dynamic model. It is determined that the input data represents anomalous operation of the system, responsive to a determination that the system is in a stable state, using the reconstruction errors. A corrective operation is performed on the system responsive to a determination that the input data represents anomalous operation of the system.

Abstract: Methods and systems for optimizing performance of a cyber-physical system include training a machine learning model, according to sensor data from the cyber-physical system, to generate one or more parameters for controllable sensors in the cyber-physical system that optimize a performance indicator. New sensor data is collected from the cyber-physical system. One or more parameters for the controllable sensors are generated using the trained machine learning module and the new sensor data. The one or more parameters are applied to the controllable sensors to optimize the performance of the cyber-physical system.

Abstract: Systems and methods for defect detection for vehicle operations, including collecting a multiple modality input data stream from a plurality of different types of vehicle sensors, extracting one or more features from the input data stream using a grid-based feature extractor, and retrieving spatial attributes of objects positioned in any of a plurality of cells of the grid-based feature extractor. One or more anomalies are detected based on residual scores generated by each of cross attention-based anomaly detection and time-series-based anomaly detection. One or more defects are identified based on a generated overall defect score determined by integrating the residual scores for the cross attention-based anomaly detection and the time-series based anomaly detection being above a predetermined defect score threshold. Operation of the vehicle is controlled based on the one or more defects identified.

Abstract: Systems and methods for data fusion and analysis of vehicle sensor data, including receiving a multiple modality input data stream from a plurality of different types of vehicle sensors, determining latent features by extracting modality-specific features from the input data stream, and aligning a distribution of the latent features of different modalities by feature-level data fusion. Classification probabilities can be determined for the latent features using a fused modality scene classifier. A tree-organized neural network can be trained to determine path probabilities and issue driving pattern judgments, with the tree-organized neural network including a soft tree model and a hard decision leaf. One or more driving pattern judgments can be issued based on a probability of possible driving patterns derived from the modality-specific features.