US Patent 9942254 Measure based anomaly detection

Method and system for detecting an unknown undesirable event, such as (but not limited to) a cyber-threat, a cyber-intrusion, a financial fraud event or a monitored process malfunction of breakdown. An exemplary method embodiments comprises obtaining a dataset comprising a plurality n of multidimensional data points with a dimension m≥2 wherein each data point is a vector of m features, processing the MDPs using measure-based diffusion maps to embed the MDPs into a lower dimension embedded space, and detecting in the embedded space an abnormal MDP without relying on a signature of a threat, the abnormal MDP being indicative of the unknown undesirable event.