SiPTA: Signal Processing for Trace-based Anomaly Detection

TitleSiPTA: Signal Processing for Trace-based Anomaly Detection
Publication TypeConference Paper
Year of Publication2014
AuthorsZadeh, M. Mehdi Zein, M. Salem, N. Kumar, G. Cutulenco, and S. Fischmeister
Conference NameProc. of the International Conference on Embedded Software (EMSOFT)
Date PublishedOct.
Conference LocationNew Dehli, India

Given a set of historic good traces, trace-based anomaly detection deals with the problem of determining whether or not a specific trace represents a normal execution scenario. Most current approaches mainly focus on application areas outside of the embedded systems domain and thus do not take advantage of the intrinsic properties of this domain.

This work introduces SiPTA, a novel technique for offline trace-based anomaly detection that utilizes the intrinsic feature of periodicity found in embedded systems. SiPTA uses signal processing as the underlying processing algorithm. The paper describes a generic framework for mapping execution traces to channels and signals for further processing. The classification stage of SiPTA uses a comprehensive set of metrics adapted from standard signal processing. The system is particularly useful for embedded systems, and the paper demonstrates this by comparing SiPTA with state-of-the-art approaches based on Markov Model and Neural Networks. The paper shows the technical feasibility and viability of SiPTA through multiple case studies using traces from a field-tested hexacopter, a mobile phone platform, and a car infotainment unit.  In the experiments, our approach outperformed every other tested method.

Refereed DesignationRefereed
Related files: 


Looking for motivated students (undergrads and grads) interested in working on embedded software and systems research. Mail Sebastian Fischmeister for further information.