Decades of research and practice originated mechanisms that can gather data from any system and process them for identifying deviations from the nominal expected behavior of such system i.e., anomalies. Anomaly detection is conducted through Machine Learning (ML) algorithms that model the normal behavior of the system using information contained in a training dataset. This process is usually focused on optimizing the ML algorithm, neglecting the fact that an anomaly detector is very often integrated as a component within the system and should not be analyzed in isolation. This paper advocates that anomaly detectors should be i) designed to properly interact with other system components and ii) be aware of the operating context of the system during its operational life. This allows for detecting global and local (contextual) anomalies, enhancing the decision-making process at both component and system-level. We verify our conjecture by crafting and exercising a framework for designing and deploying system-aware anomaly detectors according to our design principles. This allows comparing traditional anomaly detectors against time-aware and system-aware detectors using two datasets obtained by monitoring an IoT device and ROS2-Based cyber-physical system and IoT networks under normal and anomalous operating conditions. Results show the superiority of time and system-aware detectors over their competitors, confirming our conjecture that anomaly detection is a system's business and should not be considered a standalone component.
System-Awareness: An Enabling Condition to Design and Deploy Anomaly Detectors / Muhammad Atif, Tommaso Zoppi, Andrea Bondavalli. - ELETTRONICO. - 2025 IEEE 22nd International Conference on Software Architecture Companion (ICSA-C):(2025), pp. 0-0. ( 22nd IEEE International Conference on Software Architecture (ICSA 2025) Odense, Denmark 31 March- 4 April, 2025) [10.1109/ICSA-C65153.2025.00077].
System-Awareness: An Enabling Condition to Design and Deploy Anomaly Detectors
Muhammad Atif;Tommaso Zoppi;Andrea Bondavalli
2025
Abstract
Decades of research and practice originated mechanisms that can gather data from any system and process them for identifying deviations from the nominal expected behavior of such system i.e., anomalies. Anomaly detection is conducted through Machine Learning (ML) algorithms that model the normal behavior of the system using information contained in a training dataset. This process is usually focused on optimizing the ML algorithm, neglecting the fact that an anomaly detector is very often integrated as a component within the system and should not be analyzed in isolation. This paper advocates that anomaly detectors should be i) designed to properly interact with other system components and ii) be aware of the operating context of the system during its operational life. This allows for detecting global and local (contextual) anomalies, enhancing the decision-making process at both component and system-level. We verify our conjecture by crafting and exercising a framework for designing and deploying system-aware anomaly detectors according to our design principles. This allows comparing traditional anomaly detectors against time-aware and system-aware detectors using two datasets obtained by monitoring an IoT device and ROS2-Based cyber-physical system and IoT networks under normal and anomalous operating conditions. Results show the superiority of time and system-aware detectors over their competitors, confirming our conjecture that anomaly detection is a system's business and should not be considered a standalone component.
| File | Dimensione | Formato | |
|---|---|---|---|
|
System-Awareness.pdf
Accesso chiuso
Tipologia:
Pdf editoriale (Version of record)
Licenza:
Tutti i diritti riservati
Dimensione
582.86 kB
Formato
Adobe PDF
|
582.86 kB | Adobe PDF | Richiedi una copia |
I documenti in FLORE sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
