FIELD OF THE INVENTION:
[001] The present invention relates to field of application usage, and more
particularly to a method and system for identifying anomaly during usage of an
application provided by a service provider.
BACKGROUND OF THE INVENTION:
[002] In quest of providing better user experience at doorstep, companies around the
world are engaged in enhancing their services by using various technologies.
Companies are providing services in the form of applications to users and these
applications keep on updating/changing to enrich the user experience. However, it is
not necessary that every change in the application may impact the user behaviour in
positive way. Sometimes, the activities performed or occurred in the application at the
server side may also affect the user behaviour in negative way which ultimately
hampers the utilization of the application. It is an extremely challenging task to
identify why user behaviour changes towards usage of the application and what are
the factors responsible for the same.
[003] Particularly, it is very difficult to identify if the reason for change in user
behaviour is related to a user side issue, or a service provider side issue. A service
provider may not resolve the user side issue but for knowing the cause related to
service provider side, they keep on struggling in taking feedback from users. It is well
known that the collection of data from feedback and its analysis is quite time
consuming and sometimes before rectification of the issue, users may lose interest in
the application or may have switched to another application. Moreover, in today’s
connected world where the servers, data centers and computing devices are placed at
different locations, it becomes a technical challenge to locate the reason causing the
anomaly in the usage of the application.
[004] Thus, there is need of one or more techniques which may help in automatically
identifying the reason or cause of change in user behaviour so that the service
provider may rectify the same in timely manner.
3
[005] The information disclosed in this background of the disclosure section is only
for enhancement of understanding of the general background of the invention and
should not be taken as an acknowledgement or any form of suggestion that this
information forms the prior art already known to a person skilled in the art.
SUMMARY OF THE INVENTION:
[006] Before the present method, system and hardware enablement is described, it is
to be understood that this disclosure is not limited to the particular systems, and
methodologies described, as there can be multiple possible embodiments of the
present disclosure which are not expressly illustrated in the present disclosure. It is
also to be understood that the terminology used in the description is for the purpose of
describing the particular versions or embodiments only and is not intended to limit the
scope of the present disclosure.
[007] In one embodiment of the present disclosure, a method for identifying an
origin of an anomaly in usage of an application being provided by a service provider is
disclosed. The method comprises detecting a deviation in a usage pattern when a
current usage time deviates from a preset usage pattern for the application in a timeinterval. Further, the method comprises identifying a set of interdependent events
being occurred before the deviation, wherein each interdependent event comprises at
least a pair of service provider side event and user side event. Furthermore, the method
comprises generating a set of event scores corresponding to the set of interdependent
events using a Pearson correlation coefficient (Pearson's r). The method further
comprises determining at least one interdependent event having highest event score in
such a manner that the identified at least one set of interdependent events comprises a
service provider side event impacting corresponding user side event, thereby causing
the anomaly in the usage of application.
[008] In another embodiment of the present disclosure, a system for identifying an
origin of an anomaly in usage of an application being provided by a service provider is
disclosed. The system comprises a detection unit configured to detect a deviation in a
usage pattern when a current usage time deviates from a preset usage pattern for the
application in a time-interval. The system further comprises an identification unit
configured to identify a set of interdependent events being occurred before the
4
deviation, wherein each interdependent event comprises at least a pair of service
provider side event and user side event. The system further comprises a generation
unit configured to generate a set of event scores corresponding to the set of
interdependent events using a Pearson correlation coefficient. Further, the system
comprises a determination unit configured to determine at least one set of
interdependent event having highest event score in such a manner that the identified at
least one interdependent events comprises a service provider side event impacting
corresponding user side event, thereby causing the anomaly in the usage of
application.
[009] The foregoing summary is illustrative only and is not intended to be in any
way limiting. In addition to the illustrative aspects, embodiments, and features
described above, further aspects, embodiments, and features will become apparent by
reference to the drawings and the following detailed description.
OBJECTS OF THE INVENTION:
[0010] An object of present invention is to provide a system and method to identify the
potential root cause efficiently and accurately for change in user behaviour while
using an application.
[0011] Another object of present invention is to provide a system and method to
reduce complexity of process for identifying the potential root cause for change in
user behaviour while usage the application.
BRIEF DESCRIPTION OF DRAWINGS:
[0012] The accompanying drawings, which are incorporated in and constitute a part
of this disclosure, illustrate exemplary embodiments and, together with the
description, serve to explain the disclosed embodiments. In the figures, the left-most
digit(s) of a reference number identifies the figure in which the reference number first
appears. The same numbers are used throughout the figures to reference like features
and components. Some embodiments of system and/or methods in accordance with
embodiments of the present subject matter are now described, by way of example
only, and with reference to the accompanying figures, in which:
5
[0013] Figure 1 describes an exemplary environment 100 for identifying an origin of
an anomaly in usage of an application, in accordance with an embodiment of the
present invention.
[0014] Figure 2 describes a block diagram of a system for identifying the origin of an
anomaly in usage of an application, in accordance with an embodiment of the present
invention.
[0015] Figure 3 describes a flowchart describing a method of identifying the origin of
an anomaly in usage of an application, in accordance with an embodiment of the
present invention.
[0016] It should be appreciated by those skilled in the art that any block diagrams
herein represent conceptual views of illustrative systems embodying the principles of
the present subject matter. Similarly, it will be appreciated that any flow charts, flow
diagrams, state transition diagrams, pseudo code, and the like represent various
processes which may be substantially represented in computer readable medium and
executed by a computer or processor, whether such computer or processor is explicitly
shown or not.
DETAILED DESCRIPTION OF DRAWINGS:
[0017] In the present document, the word "exemplary" is used herein to mean
"serving as an example, instance, or illustration." Any embodiment or implementation
of the present subject matter described herein as "exemplary" is not necessarily to be
construed as preferred or advantageous over other embodiments.
[0018] In the following detailed description of the embodiments of the disclosure,
reference is made to the accompanying drawings that form a part hereof, and in which
are shown by way of illustration specific embodiments in which the disclosure may be
practiced. These embodiments are described in sufficient detail to enable those skilled
in the art to practice the disclosure, and it is to be understood that other embodiments
may be utilized and that changes may be made without departing from the scope of
the present disclosure. The following description is, therefore, not to be taken in a
limiting sense.
[0019] Disclosed herein is a method and system for identifying an origin of an
anomaly in usage of an application being provided by a service provider. In the highly
6
competitive world, it is very important for the service provider to add more users with
their services. However, it becomes a serious concern if the service provider finds a
dip in the usage of the application without knowing the reason. In such scenario, the
service provider may use hit and trial methods to find the reason of the dip in the
usage of the application. Further, the service provider may try to get feedback from
the users to know the reason of the dip in the usage of the application. However, such
searching of the cause for dip in usage of the application by hit and trial and feedback
process is very time consuming, sometimes, it becomes much complex as well, that
till the time service provider finds the reason for less usage of the application, the
users may move to another application or lose interest in the application. This could
therefore incur huge losses to the service provider and would also hamper his
professional growth. Locating the cause of such dip becomes more technically
challenging when various computing devices like servers and data centers associated
with the service provider operates from different geographical locations.
[0020] The present disclosure understands this need and provides a system that keeps
on monitoring the usage of application and as soon as the system encounters some
deviation in the usage of the application from the normal routine. In such scenario, the
system analyzes the events performed by at the user side and service provider side
before the deviation to understand which event has created an impact on usage of the
application in order to send a report to the service provider to rectify the issue. To
monitor such deviation, the system identifies the interdependency of user side events
on service provider side events and calculates strength of interdependency by
providing event scores. Once the deviation is detected in the usage of the application,
the system look for the origin of such anomaly by determining the interdependent
event happened before the deviation and have highest score. The determination of
score corresponding to the interdependent events have been explained in detail in the
subsequent paragraphs of the specification. The system uses the interdependency of
the events to train a model for score generation in real-time. Once the model is
trained, the system check for only those interdependent events which had happened
before the deviation in the usage of application and having highest score.
[0021] This way, the present disclosure reduces the complexity for identifying the
potential root cause for change in user behaviour towards an application. The present
7
disclosure may also develop an event score matrix to indicate the interdependency of
the events. Whenever a deviation from a preset behaviour is detected then the system
automatically checks for the interdependent events happened just before the deviation
and based on the score matrix prepared. Using the score matrix, the system may find
out the origin of the anomaly by considering those interdependent events having the
highest score. Without waiting for the feedback from the users and analysing the huge
data of feedbacks, the system with self-evaluation of preset usage pattern and current
usage pattern may efficiently find the origin of the anomaly. This further helps the
service provider to rectify the causes in timely manner to enrich the user experience.
[0022] Figure 1 presents an exemplary environment 100 of a system for identifying
an origin of an anomaly in usage of an application being provided by a service
provider, in accordance with an embodiment of the present disclosure. It must be
understood to a person skilled in art that the system 104 may also be implemented in
various environments, other than as shown in Fig. 1. At one side, that system 104 may
be connected with various servers running the applications (102_1-102_n) provided
by the service provider. One another side, the system 104 may be connected with
various user devices (108_1-108_m) using the applications 102_1-102_n. the system
104 may be communicatively coupled to the servers running the applications (102_1-
102_n) and the user devices (108_1-108_m) using the applications via a
communication network 106.
[0023] In one implementation, the network 106 may be a wireless network, a wired
network, or a combination thereof. The network 106 can be implemented as one of the
different types of networks, such as intranet, local area network (LAN), wide area
network (WAN), the internet, and the like. The network 106 may either be a dedicated
network or a shared network. The shared network represents an association of the
different types of networks that use a variety of protocols, for example, Hypertext
Transfer Protocol (HTTP), Hypertext Transfer Protocol Secure (HTTPS),
Transmission Control Protocol/Internet Protocol (TCP/IP), Wireless Application
Protocol (WAP), and the like, to communicate with one another. Further the network
106 may include a variety of network devices, including routers, bridges, servers,
computing devices, storage devices, and the like..
8
[0024] The detailed explanation of the exemplary environment 100 is explained in
conjunction with Figure 2 that shows a block diagram 200 of the system 202 (similar
to system 104 of Fig. 1) for identifying origin of anomaly during usage of the
application, in accordance with an embodiment of the present disclosure. Although
the present disclosure is explained considering that the system 202 is implemented on
a server, it may be understood that the system 202 may be implemented in a variety of
computing systems, such as a laptop computer, a desktop computer, a notebook, a
workstation, a mainframe computer, a server, a network server, a cloud-based
computing environment. It may be understood that the system 202 may be accessed
by multiple users who would be interested in knowing the causes of the anomaly in
the usage pattern. In one implementation, the system 202 may comprise the cloudbased computing environment in which a user may operate individual computing
systems configured to execute remotely located applications. Examples of the user
devices may include, but are not limited to, a IoT device, IoT gateway, portable
computer, a personal digital assistant, a handheld device, and a workstation. The user
devices may also be communicatively coupled to the system 104.
[0025] In one implementation, the system 202 may comprise an I/O interface 204, a
processor 206, a memory 208 and the units 210. The memory 208 may be
communicatively coupled to the processor 206 and the units 210. Further, the memory
208 may store preset usage pattern 208a of the application, Bit map detector 208b and
event score information 208c. The significance and use of each of the stored
quantities is explained in the upcoming paragraphs of the specification. The processor
206 may be implemented as one or more microprocessors, microcomputers,
microcontrollers, digital signal processors, central processing units, state machines,
logic circuitries, and/or any devices that manipulate signals based on operational
instructions. Among other capabilities, the processor 206 is configured to fetch and
execute computer-readable instructions stored in the memory 208. The I/O interface
204 may include a variety of software and hardware interfaces, for example, a web
interface, a graphical user interface, and the like. The I/O interface 204 may allow the
system 202 to interact with the user directly or through the user devices. Further, the
I/O interface 204 may enable the system 202 to communicate with other computing
devices, such as web servers and external data servers (not shown). The I/O interface
9
204 can facilitate multiple communications within a wide variety of networks and
protocol types, including wired networks, for example, LAN, cable, etc., and wireless
networks, such as WLAN, cellular, or satellite. The I/O interface 204 may include one
or more ports for connecting many devices to one another or to another server.
[0026] In one implementation, the units 210 may comprise a detection unit 212, an
identification unit 214, a generation unit 216, a determination unit 218, an event
monitoring unit 220, and a report generation unit 222. According to embodiments of
present disclosure, these units 212-222 may comprise hardware components like
processor, microprocessor, microcontrollers, application-specific integrated circuit for
performing various operations of the system 202. It must be understood to a person
skilled in art that the processor 206 may perform all the functions of the units 212-222
according to various embodiments of the present disclosure.
[0027] Now referring back to figure 1 showing the environment 100, in which the
system 104 is connected with plurality of web applications 102_1, 102_2,…..,102_n
(provided by the service providers) and the user devices 108_1,108_2,….108_m
using the applications. Initially, when the application is launched or when the user
starts using the application, the event monitoring unit 220 of the system 202 simply
monitors the usage of the application by various users 108_1, 108_2,….,108_m. and,
over the time system 202 understands the usage of the applications by the users.
Based on the usage, the system 202 may define a preset usage pattern 110
corresponding to each application. The preset usage pattern 110 once generated is
stored in the memory 208 for future reference. The preset usage pattern 110 may
comprise a plurality of usage times corresponding to a plurality of time-intervals. It
may be understood by a skilled person that each application provided by the service
provider may have set pattern of usage. For example, web application “XYZ” may be
chatting application and may have different frequency of usages during different
times of a day. For example, the usage may be “low” in time-interval 11:00 PM to
6:00 AM, “moderate” in time-interval 6:00 AM to 10:00 AM and at “peak” in timeinterval 10:00 AM to 11:00 PM. It may be understood to a skilled person that the
above considered example is merely for an illustration purpose and not for limiting
the scope of the present disclosure. There may be different types of applications, for
example, payment applications, gaming applications, email applications, shopping
10
applications and the like which may have different set of usage patterns based on the
day of week, time of a day or any other factor. Accordingly, the preset usage pattern
110 for the application “XYZ” may be stored in the memory 208. Similarly, for each
of the applications 102_1, 102_2,,…..,102_n the preset usage pattern 110 may be
stored in the memory 208 of the system 104, 202.
[0028] Since the objective of the present disclosure is to identify the origin of an
anomaly during the usage of the application, it is important to monitor the current
usage pattern vis-à-vis the preset usage pattern 110. For this, the determination unit
218 of the system 202 keeps on detecting a deviation in current usage pattern from the
preset usage pattern 110 stored in the memory 208. Particularly, when a current usage
pattern of the users is different from the preset usage pattern 110 for the application
stored in the memory 208, the system 202 may consider such deviation as an anomaly
and tries to figure out the potential root cause of such anomalies. Referring back to the
above chatting application “XYZ” which was having the peak usage pattern during
10:00 AM to 11:00 PM. However, during the monitoring a significant dip in the
usage may be observed starting from 2PM which continues for another 2 to 3 hours.
Such indication directly/indirectly shows either the users are interested or facing some
technical issues while using the application during the slowdown period. In any case
such indication may have a negative impact not only on user’s experience but also on
the application’s performance. Here, the technical problem is how to identify where
actually the things has gone wrong. In the computing environment the software and
hardware are working round the clock to make these applications run smoothly on
user devices. Even a slightest technical issue may hamper the working of entire
architecture. In the above example, timely detecting and fixing the issue which has
caused the slowdown of working of the chatting application “XYZ” becomes utmost
important for the service provider.
[0029] Hence, to detect the potential root cause of such anomaly, the identification
unit 214 of the system 202 may identify a set of interdependent events being occurred
before the deviation has detected i.e., before 2PM. According to embodiment, the
interdependent events may comprise at least a pair of service provider side event and
user side event. The service provider side event may comprise, for example, providing
update in software of application, data centre related events (addition, removal,
11
upgradation), resolving bugs of the application, server related events etc. Whereas, the
user side event events may comprise, for example providing login information,
activating features of the application, using features of the application, updating the
application, deactivating or deleting the application etc. As the present invention aims
to find the root cause for such anomaly generation and the system 202 may rectify the
service provider side errors which may impact the user side event. Thus, the system
identifies the user side event and service provider side events which may be occurred
before the deviation and are interdependent in nature.
[0030] To check the interdependency of the user side and service provider side events,
the generation unit 216 of the system 202 may generate event scores corresponding to
the set of interdependent events using a Pearson correlation coefficient (Pearson's r).
Particularly, how one event is related or dependent to other event, it may be identified
by the score of the event pair. The event score defines the strength of relationship
between the two events. The system 202 uses Pearson’s correlation coefficient for
generating the event scores. The same is expressed by:
where, r is the Pearson’s correlation coefficient, xi is the service provider side event at
an instant of time, yi is the user side event at an instant of time, ̅x is mean value of the
service provider side event in the time-interval and ̅y is mean value of the service
provider side event in the time-interval.
[0031] In an embodiment, the generation unit 216 may generate the event score for
each of the events with respect to the other events. By analyzing the score generated
for the event pairs, the system 202 may analyse that the event pairs are interdependent
and have strong or weak relationship with respect to one another. In another
embodiment, event score is generated for most frequently used events of the user side
with respect to service provider side events such as connectivity, data centre,
upgradation of application etc.
12
[0032] Once the anomaly is detected, the determination unit 218 may further
determine at least one interdependent event which may have happened before the
starting of the anomaly and have highest event score in combination with the user side
event. Particularly, the determination unit 218 may determine at least one
interdependent event which may be of service provider side event but has created
impact on corresponding user side event based on the highest score. Such highest
scorer interdependent event may be the potential root cause of anomaly generation.
[0033] Same may be understood by an example. In an exemplary embodiment, let us
consider a scenario for single user ‘X’, where the user ‘X’ is using an application ‘A’
for creating an emoji. The application ‘A’ may have various features such as creating
emoji, creating collage, etc. The user ‘X’ may click a picture at time “T1” and create
the emoji based on the picture at time “T2”. In the meanwhile, the application ‘X’ gets
“updated” by the service provider to improve the feature of creating emoji at time
“T3” and may be updated to improve the feature of creating collage at time “T4”. The
user may again create an emoji at time “T5’ and may not like the created emoji, thus
may reduce use of the application. The system 202 detects the dip in the current usage
pattern of the application ‘X’ and determines that the current usage pattern is not same
as that of the preset usage pattern 110 of application ‘X’. The system 202 monitors all
such events performed on the different user sides and checks whether the overall usage
of the application ‘X’ has changed from the preset usage pattern 110. If the system 202
encounters similar kind of trend for a number of users 108_1, 108_2,…..,108_m, then
the system 202 considers such reduction or fall in the usage of the application as
anomaly.

[0034] To check the origin of the anomaly or the potential root cause of the anomaly,
the system 202 identifies a set of interdependent events being occurred before the
deviation i.e., update in application for creating emoji (event ‘P’) at time “T3”, update
in application to improve the feature of creating collage (event ‘Q’) at time “T4”,
create an emoji (event ‘R’) at time “T5”. The event scores are generated for each user
side event with respect to the service provider side event in the following manner:
Events/scores Events/scores Events/scores
PP/S1 PQ/S4 PR/S7
13
QP/S2 QQ/S5 QR/S8
RP/S3 RQ/S6 RR/S9
Table-1
[0035] The determination unit 218 is configured to determine at least one
interdependent event such as update performed for emoji creation by the service
provider (event ‘P’) and user creating the emoji after update (i.e., event ‘R’) having a
highest event score. Here, the service provider event happened at “T3” and “T4”
which has an impact on user side event performed at “T5” after which the usage
pattern of the various users 108_1, 108_2….108_m for the application ‘A’ is deviated
from the preset usage pattern 110. In this way, the system 202 may identify at least
one set of interdependent events which comprises a service provider side event (event
P) impacting corresponding user side event (event R), thereby causing the anomaly in
the usage of application. Further, after determination of the highest score related
interdependent events(e.g., S7 in above situation), the report generation unit 222
generates the report listing one or more reasons for the anomaly in the usage of the
application.
[0036] In an exemplary embodiment, the detection unit 212 may detect that the user
has reduced the use of application and may set a time flag at time “T5”. Further, the
detection unit 212 may determine a time window for identifying the origin of anomaly
based on the time flag. The time window may be T3-T5, but not limited thereto. The
identification unit 214 may analyse all the pairs of the events within the determined
time window “T3-T5” based on the event scores i.e. the identification unit 212 may
analyse the pairs “PQ” and “PR”. Since, the pair “PR” have high event score (i.e. S7)
than the pair “PQ”, thus event ‘P’ may be identified for origin of anomaly which is the
reason for deviation in usage of the application. Therefore, the report generation unit
222 may generate a report based on the identified pair PR that may be indicative of
potential root cause.
[0037] In this way, the present invention not only identifies the origin of the anomaly
but also provide the reasoning of the anomaly generation to the service provider so
14
that the service provider may rectify the issues and the application may run in smooth
manner and user experience is enhanced.
[0038] Figure 3 illustrates a flowchart describing a method for identifying an origin of
an anomaly in usage of an application being provided by a service provider, in
accordance with an embodiment of the present invention.
[0039] As illustrated in Figure.3, the method includes one or more blocks illustrating
identifying an origin of an anomaly in usage of an application. The method may be
described in the general context of computer executable instructions. Generally,
computer executable instructions can include routines, programs, objects, components,
data structures, procedures, modules, units, and functions, which perform specific
functions or implement specific abstract data types.
[0040] The order in which the method is described is not intended to be construed as a
limitation, and any number of the described method blocks can be combined in any
order to implement the method. Additionally, individual blocks may be deleted from
the methods without departing from the spirit and scope of the subject matter
described herein. Furthermore, the method can be implemented in any suitable
hardware, software, firmware, or combination thereof.
[0041] At block 302, the method 300 may include detecting a deviation in a usage
pattern when a current usage pattern deviates from a preset usage pattern for the
application in a time-interval. To identify the preset usage pattern, the usage of the
application by a plurality of users may be monitored corresponding to a time-interval.
[0042] At block 304, the method 300 may include identifying a set of interdependent
events being occurred before the deviation. The interdependent event may be at least a
pair of service provider side event and user side event.
[0043] At block 306, the method 300 may include generating a set of event scores
corresponding to the set of interdependent events using a Pearson correlation
coefficient (Pearson's r). Particularly, the score generated by the Pearson correlation
coefficient determines the relationship between the user side event and service
15
provider side event i.e., the interdependency of the events. The event score is
determined by:
where, r is the Pearson’s correlation coefficient, xi is the service provider side event at
an instant of time, yi is the user side event at an instant of time, ̅x is mean value of the
service provider side event in the time-interval and ̅y is mean value of the service
provider side event in the time-interval.
[0044] At block 308, the method 300 includes determining at least one interdependent
event having highest event score in such a manner that the identified interdependent
events are causing the anomaly in the usage of application. In an embodiment, the
interdependent events may comprise a service provider side event which is impacting
corresponding user side event.
[0045] Based on the determination of origin of the anomaly in the usage of the
application, a report is prepared for listing out all the reasons responsible for such
anomaly. This report is generated to update the service provider on the potential root
cause of anomaly and after getting the knowledge about the reason, the service
provider may be able to rectify the reason in a timely manner to enrich user
experience. Further, as there is no requirement of taking feedback from the users and
no hit and trial is required, so, the complexity of the process is also reduced up to a
large extent.
[0046] A description of an embodiment with several components in communication
with each other does not imply that all such components are required. On the contrary,
a variety of optional components are described to illustrate the wide variety of possible
embodiments of the invention.
[0047] When a single device or article is described herein, it will be clear that more
than one device/article (whether they cooperate) may be used in place of a single
16
device/article. Similarly, where more than one device or article is described herein
(whether they cooperate), it will be clear that a single device/article may be used in
place of the more than one device or article or a different number of devices/articles
may be used instead of the shown number of devices or programs. The functionality
and/or the features of a device may be alternatively embodied by one or more other
devices which are not explicitly described as having such functionality/features. Thus,
other embodiments of the invention need not include the device itself.
[0048] Finally, the language used in the specification has been principally selected for
readability and instructional purposes, and it may not have been selected to delineate
or circumscribe the inventive subject matter. It is therefore intended that the scope of
the invention be limited not by this detailed description, but rather by any claims that
issue on an application based here on. Accordingly, the embodiments of the present
invention are intended to be illustrative, but not limiting, of the scope of the invention,
which is set forth in the following claims.
[0049] Advantages of the embodiment of the present disclosure are illustrated herein:
1. Enhance the user experience as the service provider may now rectify the
anomality in a shorter duration.
2. Provide ease to the service provider to know the reasons of anomaly origin
which may lead to optimization of the services.

We Claim:
1. A method for identifying an origin of an anomaly in usage of an application being
provided by a service provider, the method comprising:
detecting (302) a deviation in a usage pattern when a current usage time deviates from
a preset usage pattern for the application in a time-interval;
identifying (304) a set of interdependent events being occurred before the deviation,
wherein each interdependent event comprises at least a pair of service provider side event and
user side event;
generating (306) a set of event scores corresponding to the set of interdependent
events using a Pearson correlation coefficient (Pearson's r); and
determining (308) at least one interdependent event having highest event score in such
a manner that the identified at least one set of interdependent events comprises a service
provider side event impacting corresponding user side event, thereby causing the anomaly in
the usage of application.
2. The method as claimed in claim 1, further comprising:
monitoring a usage of the application being used by a plurality of users;
determining the preset usage pattern of the application based on the monitoring,
wherein the preset usage pattern comprises a plurality of usage times corresponding to a
plurality of time-intervals.
3. The method as claimed in claim 1, wherein the generating the set of event scores
comprises:
where, r is the Pearson’s correlation coefficient, xi is the service provider side
event at an instant of time, yi is the user side event at an instant of time, ̅x is mean
value of the service provider side event in the time-interval and ̅y is mean value of the
service provider side event in the time-interval.
19
4. The method as claimed in claim 1, further comprising:
generating a report, based on the analysing of the at least one set of interdependent
events having the highest event score, listing one or more reasons for the anomaly in the
usage of the application.
5. A system for identifying an origin of an anomaly in usage of an application being
provided by a service provider, the system comprising:
a detection unit (212) configured to detect a deviation in a usage pattern when a
current usage time deviates from a preset usage pattern for the application in a time-interval;
an identification unit (214) configured to identify a set of interdependent events being
occurred before the deviation, wherein each interdependent event comprises at least a pair of
service provider side event and user side event;
a generation unit (216) configured to generate a set of event scores corresponding to
the set of interdependent events using a Pearson correlation coefficient (Pearson's r); and
a determination unit (218) configured to determine at least one interdependent event
having highest event score in such a manner that the identified at least one set of
interdependent events comprises a service provider side event impacting corresponding user
side event, thereby causing the anomaly in the usage of application.
6. The system as claimed in claim 6, wherein the determination unit (218) is further
configured to:
monitor a usage of the application being used by a plurality of users; and
determine the preset usage pattern of the application based on the monitoring, wherein
the preset usage pattern comprises a plurality of usage times corresponding to a plurality of
time-intervals.
7. The system as claimed in claim 6, wherein the generation unit (216) is further
configured to generate the set of event scores by:
20
where, r is the Pearson’s correlation coefficient, xi is the service provider side event at an
instant of time, yi is the user side event at an instant of time, ̅x is mean value of the service
provider side event in the time-interval and ̅y is mean value of the service provider side event
in the time-interval.
8. The system as claimed in claim 6, wherein a report generation unit (222) is configured
to:
generate a report, based on the analysing of the at least one set of interdependent
events having the highest event score, listing one or more reasons for the anomaly in the
usage of the application.