RestaurantFraudDetection

An example that shows how to track unusual events within a large-scale restaurant for real-time fraud detection.

This example shows how to track unusual events within a large-scale restaurant for real-time fraud detection. It contains three submodules:

The AveragesAlerts submodule detects statistical anomalies in restaurant events. The queries in this module analyze certain ratios for each cashier, relative to the number of started checks. These include the number of no sales, voided checks, split checks, transfer checks, reopen checks, and recalled checks. When the average of any of these for a given cashier, or for all cashiers exceeds the average by more than one standard deviation, an alert is issued.

The ManualPatternsAlerts submodule detects the occurrence of the following pattern by using windows and joins. An alert is issued if the pattern occurs:


  1. Start check [event 3000].

  2. Ring item(s) [amount > 0 when the check is canceled].

  3. Cancel Check (requires manager override) [event 3999].

  4. No Sale [event 5101].

  5. No Receipt Printed (absence of event 5110).

The C8PatternsAlerts submodule monitors for the same pattern using CCL's pattern (MATCHING clause) syntax.

Parent topic: Network and Security Examples

Created March 8, 2010. Send feedback on this help topic to Sybase Technical Publications: pubs@sybase.com