Processing Patterns for PredictiveBusiness

1,848 views
1,775 views

Published on

Processing Patterns for PredictiveBusiness. TUCON 2006, Tim Bass, CISSP, Principal Global Architect, TIBCO Software Inc.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,848
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Processing Patterns for PredictiveBusiness

    1. 1. Processing Patterns for PredictiveBusiness TM Tim Bass, CISSP Principal Global Architect TIBCO Software Inc.
    2. 2. Our Agenda <ul><li>Introduction </li></ul><ul><li>Event-Decision Architecture </li></ul><ul><ul><li>Traditional vs. State-of-the-Art Processing Architecture </li></ul></ul><ul><ul><li>Capstone Constraints and Requirements </li></ul></ul><ul><ul><li>Inference and Processing Architecture </li></ul></ul><ul><li>Processing Patterns for PredictiveBusiness TM </li></ul><ul><li>Open Discussion </li></ul>
    3. 3. Introduction <ul><li>Event-Decision Processing is Computationally Intensive </li></ul><ul><li>CEP requires a Number of Technologies: </li></ul><ul><ul><li>Distributed Computing, Publish/Subscribe and SOA </li></ul></ul><ul><ul><li>Hierarchical, Cooperative Inference Processing </li></ul></ul><ul><ul><li>High Speed, Real Time Processing with State Management </li></ul></ul><ul><ul><li>Event-Decision Architecture for Complex Situations and Events </li></ul></ul><ul><li>There is no single “CEP Solution” or “CEP Product” </li></ul><ul><li>PredictiveBusiness™ is a Reality Today </li></ul>
    4. 4. A Vocabulary of Confusion Resource Management Data Fusion Sensor Fusion Information Fusion Tracking Data Mining Correlation Planning Complex Event Processing Processing Management Sensor Management Control Estimation Event Stream Processing Adapted from: Steinberg, A., & Bowman, C., CRC Press, 2001 (Work in Progress)
    5. 5. US Legislation - Monitoring Requirements The Predictive Enterprise
    6. 6. PredictiveBusiness TM Source: Ranadiv é , V., The Power to Predict , 2006.
    7. 7. Example PredictiveBusiness TM Scenarios <ul><li>Enterprise </li></ul><ul><ul><li>Fraud and Intrusion Detection </li></ul></ul><ul><ul><li>Network and Security Monitoring, Diagnosis and Management </li></ul></ul><ul><ul><li>Exception Management and Outage Prediction </li></ul></ul><ul><ul><li>Process Monitoring and Scheduling </li></ul></ul><ul><li>Finance </li></ul><ul><ul><li>Program (Opportunistic) Trading and Execution </li></ul></ul><ul><ul><li>Risk Management </li></ul></ul><ul><ul><li>Pricing and Consumer Relationship Management </li></ul></ul><ul><li>Sensor Networks </li></ul><ul><ul><li>Reliability of Complex, Distributed Systems </li></ul></ul><ul><ul><li>RFID Applications </li></ul></ul><ul><ul><li>Manufacturing Floor – “Sense and Respond” </li></ul></ul><ul><ul><li>Power Grid Monitoring, Critical Infrastructure Protection & Military </li></ul></ul>
    8. 8. PredictiveBusiness TM & Complex Event Processing (CEP) <ul><li>More CEP Scenarios: </li></ul><ul><li>Stock Trading </li></ul><ul><ul><li>Automatic identification of buy/sell opportunities. </li></ul></ul><ul><li>Compliance Checks </li></ul><ul><ul><li>Sarbanes-Oxley detection. </li></ul></ul><ul><li>Fraud Detection </li></ul><ul><ul><li>Odd credit card purchases performed within a period. </li></ul></ul><ul><li>CRM </li></ul><ul><ul><li>Alert if three orders from the same platinum customer were rejected. </li></ul></ul><ul><li>Insurance Underwriting </li></ul><ul><ul><li>Identification of risk. </li></ul></ul>&quot; Events in several forms, from simple events to complex events, will become very widely used in business applications during 2004 through 2008 &quot; --- Gartner July 2003 Graphic Sources: TIBCO Software Inc & IBM CEP Situation Manager Event Streams Historical Data Real-time Detection and Prediction
    9. 9. Our Agenda <ul><li>Introduction </li></ul><ul><li>Event-Decision Architecture </li></ul><ul><ul><li>Traditional vs. State-of-the-Art Processing Architecture </li></ul></ul><ul><ul><li>Capstone Constraints and Requirements </li></ul></ul><ul><ul><li>Inference and Processing Architecture </li></ul></ul><ul><li>Processing Patterns for PredictiveBusiness TM </li></ul><ul><li>Open Discussion </li></ul>
    10. 10. A Traditional Event-Driven Architecture HTTP request / response Structured messages Screen Audit events Message Audit events Screen/ message Audit events Fraud Detection Rules Queue Client/Server Channel Queue EMS Channel Queue Fraud Detection Rules Screen Based Channel Fraud Event? Sensor Preprocessing Service API Queue HTTP Channel Queue API Channel … 1234Joe01021970….. Fraud Event? Fraud Event? Fraud Event? Fraud Event? Structured messages Queue Unix/VT Channel Fraud Event? Fraud Detection Rules Fraud Detection Rules Fraud Detection Rules Fraud Detection Rules Fraud Detection Rules Network TAP
    11. 11. Emerging Event-Decision Architecture Customer Profiles Purpose-Built Analytics Distributed Multisensor Infrastructure Internet/Extranet Sensors Human Sensors Edge/POC Sensors Operations Center Other References Complex Event Processors Sensors are Everywhere!
    12. 12. Capstone Constraints & Requirements <ul><li>Constraints: </li></ul><ul><ul><li>Distributed, heterogeneous Internet and Intranet environments </li></ul></ul><ul><ul><li>Purpose built systems and analytics, compartmentalization and specialization </li></ul></ul><ul><ul><li>Data-at-rest (databases and warehouses) and data-in-motion (real time, event driven) </li></ul></ul><ul><li>Infrastructure Requirements: </li></ul><ul><ul><li>Service-oriented architecture with Real-time event-decision processing </li></ul></ul><ul><ul><li>Event-driven, zero-latency, distributed message-oriented middleware </li></ul></ul><ul><ul><li>Support for both standards-based interfaces and purpose-built (proprietary) interfaces </li></ul></ul><ul><ul><li>Specialization, data warehousing, data mining, analytics </li></ul></ul><ul><ul><li>Human interaction with computers and networks </li></ul></ul><ul><li>Processing Requirements </li></ul><ul><ul><li>Layered knowledge / inference and analytics processing </li></ul></ul><ul><ul><li>Complex event processing, state and temporal management, state estimation </li></ul></ul><ul><ul><li>Progressive hierarchical inference – data, event, complex event, situation, impact, prediction </li></ul></ul><ul><ul><li>Adaptive control and resource management </li></ul></ul><ul><ul><li>Enterprise processing model (architecture) </li></ul></ul>22
    13. 13. Event-Inference Hierarchy 22 Impact Assessment Situational Assessment Relationship of Events Identify Events Location, Times and Rates of Events of Interest Existence of Possible Event of Interest Data/Event Cloud Analysis of Situation & Plans Contextual and Causal Analysis Causal Analysis, Bayesian Belief Networks, NNs, Correlation, State Estimation, Classification Use of Distributed Sensors for Estimations Raw Sensor Data (Passive and Active) Adapted from: Waltz, E. & Llinas, J., Multisensor Data Fusion, 1990 HIGH LOW MED
    14. 14. Event-Decision High Level Architecture 22 EVENT CLOUD (DISTRIBUTED DATA SET) KS KS KS KS KS KS KS KS KS KS KS KS KS KS Adapted from: Engelmore, R. S., Morgan, A.J., & and Nii, H. P., Blackboard Systems, 1988 & Luckham, D., The Power of Events, 2002
    15. 15. <ul><li>Sensors </li></ul><ul><ul><li>Systems that provide data and events to the inference models and humans </li></ul></ul><ul><li>Actuators </li></ul><ul><ul><li>Systems that take action based on inference models and human interactions </li></ul></ul><ul><li>Knowledge Processors </li></ul><ul><ul><li>Systems that take in data and events, process the data and events, and output refined, correlated, or inferred data or events </li></ul></ul>HLA - Knowledge Sources KS KS KS
    16. 16. Event-Decision Architecture 24 Adapted from JDL: Steinberg, A., & Bowman, C., Handbook of Multisensor Data Fusion, CRC Press, 2001 EVENT PRE-PROCESSING EVENT SOURCES EXTERNAL . . . LEVEL ONE EVENT REFINEMENT USER INTERFACE COMPLEX EVENT PROCESSING (CEP) DB MANAGEMENT Historical Data Profiles & Patterns DISTRIBUTED LOCAL EVENT SERVICES . . EVENT PROFILES . . DATA BASES . . OTHER DATA LEVEL TWO SITUATION REFINEMENT LEVEL THREE IMPACT ASSESSMENT LEVEL FOUR PROCESS REFINEMENT
    17. 17. Event-Decision Structured Processing <ul><li>Multi-level inference in a distributed event-decision architectures </li></ul><ul><ul><li>Level 5 – User Interface </li></ul></ul><ul><ul><ul><li>Human visualization, interaction and situation management </li></ul></ul></ul><ul><ul><li>Level 4 – Process Refinement </li></ul></ul><ul><ul><ul><li>Decide on control feedback, for example resource allocation, sensor and state management, parametric and algorithm adjustment </li></ul></ul></ul><ul><ul><li>Level 3 – Impact Assessment </li></ul></ul><ul><ul><ul><li>Impact threat assessment, i.e. assess intent on the basis of situation development, recognition and prediction </li></ul></ul></ul><ul><ul><li>Level 2 – Situation Refinement </li></ul></ul><ul><ul><ul><li>Identify situations based on sets of complex events, state estimation, etc. </li></ul></ul></ul><ul><ul><li>Level 1 – Event Refinement </li></ul></ul><ul><ul><ul><li>Identify events & make initial decisions based on association and correlation </li></ul></ul></ul><ul><ul><li>Level 0 – Event Preprocessing </li></ul></ul><ul><ul><ul><li>Cleansing of event-stream to produce semantically understandable data </li></ul></ul></ul>Level of Inference Low Med High
    18. 18. CEP Level 0 – Event Preprocessing Prepare Sensor Information for Event Processing. <ul><li>Cleanse/Refine/Normalize Data for Upstream Processing </li></ul><ul><li>Calibrate Raw Event Cloud: </li></ul><ul><ul><li>Web Server Farm Event Stream Example - </li></ul></ul><ul><ul><ul><li>Group HTTP REQUESTS and RESPONSES </li></ul></ul></ul><ul><ul><ul><li>Reduce and Extract Required Data from Transaction </li></ul></ul></ul><ul><ul><ul><li>Format into Event for Upstream Processing </li></ul></ul></ul><ul><ul><li>Intelligent Agent Fraud Detection Event Steam Example - </li></ul></ul><ul><ul><ul><li>Receive Event Stream from Purpose-Built FD Application </li></ul></ul></ul><ul><ul><ul><li>Reduce and Extract Required Event from Event Stream </li></ul></ul></ul><ul><ul><ul><li>Format for Upstream Processing </li></ul></ul></ul><ul><li>Reduces System Load by Preprocessing Events </li></ul><ul><li>Enables Upstream to Concentrate on Most Relevant Events </li></ul><ul><li>Focuses on Objects/Events </li></ul>
    19. 19. CEP Level 1 – Event Refinement Which Events in the Event Stream Are “Interesting”? <ul><li>Event Refinement Example (Association & Classification): </li></ul><ul><ul><li>Hypothesis Generation (HG) </li></ul></ul><ul><ul><ul><li>Processing incoming events, data and reports </li></ul></ul></ul><ul><ul><ul><li>Hypothesis: This Group of Events May Represent Fraud </li></ul></ul></ul><ul><ul><ul><li>Output: Fraud Detection Scorecard or Matrix </li></ul></ul></ul><ul><ul><li>Hypothesis Evaluation (HE) </li></ul></ul><ul><ul><ul><li>Evaluates Scorecard/Matrix for likelihood comparison </li></ul></ul></ul><ul><ul><ul><li>Rank Evaluation: These Events have a Higher Likelihood of Fraud </li></ul></ul></ul><ul><ul><ul><li>Output: Fills Scorecard/Matrix with relative likelihood estimation </li></ul></ul></ul><ul><ul><li>Hypothesis Selection (HS) </li></ul></ul><ul><ul><ul><li>Evaluates Scorecard/Matrix for best fit into “badges of fraud” </li></ul></ul></ul><ul><ul><ul><li>Evaluation: Provide an Estimate (Name) of the Fraudulent Activity </li></ul></ul></ul><ul><ul><ul><li>Output: Assignment of fraudulent activity estimate to event </li></ul></ul></ul>
    20. 20. CEP Level 2 – Situation Refinement What is the Context of the Identified Events? <ul><li>“ Complex Events” == “Situations” </li></ul><ul><li>Focuses on Relationships and States Among Events </li></ul><ul><li>Situation Refinement </li></ul><ul><ul><li>Event-Event Relationship Networks </li></ul></ul><ul><ul><li>Temporal and State Relationships </li></ul></ul><ul><ul><li>Geographic or Topological Proximity </li></ul></ul><ul><ul><li>Environmental Context </li></ul></ul><ul><ul><ul><li>Example: Brand currently used by phishing site in Internet increasing probability of fraud and identity theft </li></ul></ul></ul><ul><li>Event / Activity Correlation – Relational Networks </li></ul><ul><li>Pattern, Profile and Signature Recognition Processing </li></ul>
    21. 21. CEP Level 3 – Impact Assessment What is the impact on my business or organization ? <ul><li>Predict Intention of Subject or Observed Object (Fraudster example) </li></ul><ul><ul><li>Make changes to account identity information? </li></ul></ul><ul><ul><li>Transfer funds out of account? </li></ul></ul><ul><ul><li>Test for access and return at later time? </li></ul></ul><ul><li>Estimate Capabilities of Actors in Situational Context </li></ul><ul><ul><li>Organized Gang or Individual Fraudster? </li></ul></ul><ul><ul><li>Expert or Novice? </li></ul></ul><ul><li>Estimate Potential Losses if Successful </li></ul><ul><li>Identify Other Threats or Opportunities </li></ul>
    22. 22. CEP Level 4 – Process Refinement & BPM What actions should we take to improve predictive performance? <ul><li>Evaluate Process Performance and Effectiveness </li></ul><ul><ul><li>Exception Detection, Response Efficiency and Mitigation </li></ul></ul><ul><ul><li>Knowledge Development </li></ul></ul><ul><li>Identify Changes to System Parameters and Processing </li></ul><ul><ul><li>Adjust Event Stream Processing Variables </li></ul></ul><ul><ul><li>Fine Tune Filters, Algorithms and Correlators </li></ul></ul><ul><li>Determine If Other Source Specific Resources are Required </li></ul><ul><li>Recommend Allocation and Direction of Resources </li></ul>
    23. 23. Database Management Examples Historical and referential data provides the context. <ul><li>Reference Database </li></ul><ul><ul><li>User and Environmental Profiles </li></ul></ul><ul><ul><li>Activity and Event Signatures and Profiles </li></ul></ul><ul><li>Inference Database </li></ul><ul><ul><li>Subject Identification </li></ul></ul><ul><ul><li>Situation and Threat Assessment </li></ul></ul><ul><ul><li>Knowledge Mining </li></ul></ul><ul><li>Referential Mapping Database Examples </li></ul><ul><ul><li>Mapping Between IP Address and Domain </li></ul></ul><ul><ul><li>Mapping Between Known Anonymous Proxies </li></ul></ul>
    24. 24. User Interaction and BAM <ul><li>Operational Visualization at all “Levels” </li></ul><ul><ul><li>Dynamic Graphical Representations of Situations </li></ul></ul><ul><ul><li>360 ° of Event-Driven Business Activity Management (BAM) </li></ul></ul><ul><ul><li>Supports the Decision Making Process of All Personnel </li></ul></ul><ul><li>Process and Resource Control </li></ul><ul><ul><li>Supports Resource Allocation and Process Refinement </li></ul></ul><ul><ul><li>Process Management and BPM </li></ul></ul><ul><li>Display Control & Personalization </li></ul><ul><ul><li>Different Operator Views Based on Job Function and Situation </li></ul></ul>
    25. 25. Our Agenda <ul><li>Introduction </li></ul><ul><li>Event-Decision Architecture </li></ul><ul><ul><li>Traditional vs. State-of-the-Art Processing Architecture </li></ul></ul><ul><ul><li>Capstone Constraints and Requirements </li></ul></ul><ul><ul><li>Inference and Processing Architecture </li></ul></ul><ul><li>Processing Patterns for PredictiveBusiness TM </li></ul><ul><li>Open Discussion </li></ul>
    26. 26. Processing Patterns Business Context Inference Processing Techniques Processing Patterns for PredictiveBusiness TM
    27. 27. Methods for Event-Decision Processing <ul><li>A sample of event-decision processing algorithms relevant to CEP: </li></ul><ul><ul><li>Rule-Based Inference </li></ul></ul><ul><ul><li>Bayesian Belief Networks (Bayes Nets) </li></ul></ul><ul><ul><li>Dempster-Shafer’s Method </li></ul></ul><ul><ul><li>Adaptive Neural Networks </li></ul></ul><ul><ul><li>Cluster Analysis </li></ul></ul><ul><ul><li>State-Vector Estimation </li></ul></ul><ul><li>Key Takeaway: Analytics for CEP exist in the art & science of mature multi-sensor data fusion processing - these analytics can be mapped to recurring business patterns. </li></ul>
    28. 28. Map Business Context to Methods Business Context Inference Processing Techniques <ul><ul><li>Classical Inference </li></ul></ul><ul><ul><li>Bayesian Belief Networks </li></ul></ul><ul><ul><li>Hidden Markov Models </li></ul></ul><ul><ul><li>Dempster-Shafer’s Method </li></ul></ul><ul><ul><li>Self-Organizing Feature Maps </li></ul></ul><ul><ul><li>State-Vector Estimation </li></ul></ul><ul><ul><li>Adaptive Neural Networks </li></ul></ul><ul><ul><li>Rule-Based Inference </li></ul></ul><ul><ul><li>Sensor Optimization </li></ul></ul><ul><ul><li>Complex Diagnostics </li></ul></ul><ul><ul><li>Fraud Detection </li></ul></ul><ul><ul><li>Intrusion Detection </li></ul></ul><ul><ul><li>Network Management </li></ul></ul><ul><ul><li>Counterterrorism </li></ul></ul><ul><ul><li>Opportunistic Trading </li></ul></ul><ul><ul><li>Compliance Monitoring </li></ul></ul><ul><ul><li>Supply Chain Optimization </li></ul></ul>Note: For Illustrative Purposes Only
    29. 29. Example Bayes Network I Identity Theft Detection / Phishing Source: Bass, T., TIBCO Software Inc., January 2006 Uses Proxy Alert Service Account Lockout Profile Mismatch Brand Phishing Alert Security Alert Customer Known Fraud IP Identity Theft Login Success Phishing Alert Brand Misuse
    30. 30. Example Bayes Network II Simple Web-Click Behavior Click Pg Subtype Click Elapsed Associate Session ID Stores Visited Click Pg Type Click to Purchase Session Time # Items Purchased ID Browser Recognize Session ID OS Total Purchase Session ID Code Click Price Price Click Count Source: Ambrosio, B., CleverSet Inc., December 2004
    31. 31. Recurring Pattern(s) for PredictiveBusiness TM <ul><li>Bayesian Techniques for Complex Event Processing in: </li></ul><ul><ul><li>SPAM Filtering </li></ul></ul><ul><ul><li>Telecommunications Fraud </li></ul></ul><ul><ul><li>Other Behavior-Based Fraud & Intrusion Detection </li></ul></ul><ul><ul><li>Financial Risk Management </li></ul></ul><ul><ul><li>Credit Approval and Credit Limit Automation </li></ul></ul><ul><ul><li>Medical Diagnosis </li></ul></ul><ul><ul><li>Military ID, Command and Control </li></ul></ul><ul><li>BNs dominate many other areas in Complex Event Processing </li></ul><ul><ul><li>Graphical representation of your domain knowledge </li></ul></ul><ul><ul><li>Both causality and probability reside in the models </li></ul></ul><ul><ul><li>Well established as a knowledge processing technique </li></ul></ul>
    32. 32. Event-Decision Processing Characteristics Adapted (this and the next slide) from: Steinberg, A., & Bowman, C., Handbook of Multisensor Data Fusion, CRC Press, 2001 Sensor Output Individual Event Aggregation (situation) Effect (situation, given plan) (Action) Entity Estimate Sensor Processing Event Processing Situation Assessment Impact Assessment Decision Making Activity Detection Assignment (L0) Event Preprocessing Attribution Assignment (L1) Event Refinement Relational Aggregation (L2) Situation Refinement Plan Interaction Aggregation (L3) Impact Assessment (Control) Planning (L4) Process Refinement Estimation Process Association Process JDL Model Levels
    33. 33. Comparison of Event-Decision Models Sense Detect Detect Analyze Analyze Decide Respond Sense & Respond Sensor Processing Collate Orient Sensor Processing (L0) Event Preprocessing Sensor Acquisition Collect Observe Sensing --- Activity Intelligence Cycle Boyd Loop Waterfall Model JDL Model Levels Decision Execution Disseminate Act Visualization Collate Evaluate Evaluate Disseminate Event Processing Situation Assessment Impact Assessment Decision Making Orient Pattern Processing / Feature Extraction (L1) Event Refinement Orient Situation Assessment (L2) Situation Refinement Orient --- (L3) Impact Assessment Decide Decision Making (L4) Process Refinement
    34. 34. Key Takeaways <ul><li>Event Processing can be Computationally Intensive </li></ul><ul><li>CEP Requires a Number of Technologies: </li></ul><ul><ul><li>Distributed Computing, Publish/Subscribe and SOA </li></ul></ul><ul><ul><li>Hierarchical, Cooperative Inference Processing </li></ul></ul><ul><ul><li>High Speed, Real Time Rules Processing with State Management </li></ul></ul><ul><ul><li>Event-Decision Architecture for Complex Events / Situations </li></ul></ul><ul><li>PredictiveBusiness™ is a Reality Today </li></ul>
    35. 35. Thank You! Tim Bass, CISSP Principal Global Architect [email_address] Complex Event Processing at TIBCO With BusinessEvents™
    36. 36. JDL Example: Inference ScoreCards Event Stream Raw Data Level 0 Pre-Processing Fraud Events Event Stream Level 1 Event Refinement ScoreCard Fraud Situations Fraud Events Level 2 Situation Assessment Business Impact Fraud Situations Level 3 Impact Assessment ScoreCard ScoreCard ScoreCard Event Source Task Level 4 Process Refinement ScoreCard Modified from: Steinberg, A., & Bowman, C., CRC Press, 2001

    ×