ASTD Patterns for Integrated Continuous Anomaly Detection In Data Logs

TL;DR

This paper introduces ASTD patterns and a new operator for continuous, modular anomaly detection in data logs, simplifying system design and enabling adaptive, ensemble-based unsupervised anomaly detection in data streams.

Contribution

It proposes a novel specification pattern and a new ASTD operator, Quantified Flow, for modular, continuous anomaly detection systems in data streams using the ASTD language.

Findings

ASTD patterns effectively modularize anomaly detection systems.

The Quantified Flow operator enables seamless combination of models.

The approach simplifies the development of continuous anomaly detection systems.

Abstract

This paper investigates the use of the ASTD language for ensemble anomaly detection in data logs. It uses a sliding window technique for continuous learning in data streams, coupled with updating learning models upon the completion of each window to maintain accurate detection and align with current data trends. It proposes ASTD patterns for combining learning models, especially in the context of unsupervised learning, which is commonly used for data streams. To facilitate this, a new ASTD operator is proposed, the Quantified Flow, which enables the seamless combination of learning models while ensuring that the specification remains concise. Our contribution is a specification pattern, highlighting the capacity of ASTDs to abstract and modularize anomaly detection systems. The ASTD language provides a unique approach to develop data flow anomaly detection systems, grounded in the combination of processes through the graphical representation of the language operators. This simplifies the design task for developers, who can focus primarily on defining the functional operations that constitute the system.