MA2DF: A Multi-Agent Anomaly Detection Framework

Abstract

Time-sensitive safety-critical systems store traces as a collection of time-stamped messages that are generated while a system is operating. Analysis of these traces becomes a key task as it allows one to find faults or errors within a system that is otherwise difficult to discern, especially in complex systems. Furthermore, finding any form of anomalous behaviour becomes critical in time-sensitive and safety-critical systems where a late detection will often lead to dire consequences. Most available approaches are generally used in networking or business process analysis. We focus on creating a lightweight and explainable approach for time-sensitive safety-critical systems.By using a set of system traces under both normal and anomalous conditions, our approach attempts to classify whether or not a trace is anomalous. In this work, we introduce MA2DF, Multi-Agent Anomaly Detection Framework, a novel multi-agent based graph design approach for online and offline anomaly detection in system traces. Our approach takes advantage of the timing information between a sequence of events and also the event sequences to learn and discern between normal and anomalous traces. We present two approaches, an offline approach to discern anomalous behaviour by utilizing the event occurrence workflow graph. The second approach is an online streaming algorithm that monitors the sequence of events as they arrive in real-time. This can be used to detect anomalies, find the cause, and improve system resilience. We show how our approach, MA2DF, is superior to other state-of-the-art models. The paper will explore the technical feasibility and viability of MA2DF by utilizing industry strength case study using traces from a field-tested hexacopter.