doiSerbia

The CRI-model: A domain-independent taxonomy for non-conformance between observed and specified behaviour

Haubeck Christopher (University of Hamburg Distributed Systems and Information Systems, Hamburg, Germany)
Pokahr Alexander (Helmut-Schmidt-University/University of the Bundeswehr Hamburg Industrial Data Processing and Systems Analysis Group, Hamburg, Germany)
Reichert Kim (Adobe Systems Engineering GmbH, Hamburg, Germany)
Hohenberger Till (Adobe Systems Engineering GmbH, Hamburg, Germany)
Lamersdorf Winfried (University of Hamburg Distributed Systems and Information Systems, Hamburg, Germany)

Anomaly detection is the process of identifying nonconforming behaviour. Many approaches from machine learning to statistical methods exist to detect behaviour that deviate from its norm. These non-conformances of specifications can stem from failures in the system or undocumented changes of the system during its evolution. However, no generic solutions exist for classifying and identifying these non-conformances. In this paper, we present the CRI-Model (Cause, Reaction, Impact), which is a taxonomy based on a study of anomaly types in the literature, an analysis of system outages in major cloud companies and evolution scenarios which describe and implement changes in Cyber-Physical Production Systems. The goal of the taxonomy is to be usable for different objectives like discover gaps in the detection process, determine components most often affected by a particular anomaly type or describe system evolution. While the dimensions of the taxonomy are fixed, the categories can be adapted to different domains. We show and validate the applicability of the taxonomy to distributed cloud systems using a large data set of anomaly reports and cyber-physical production systems by categorizing common changes of an evolution benchmarking plant.

Keywords: taxonomy of anomalies, anomaly detection, evolution, distributed cloud systems, cyber-physical system