A Distance Measure for Attention Focusing and Anomaly Detection in Systems Monitoring

Any attempt to introduce automation into the monitoringof complex physical systems must start from a robust anomaly detection capability. This task is far from straightforward, for a single definition of what constitutes an anomaly is difficult to come by. In addition, to make the monitoring process efficient, and to avoid the potential for information overload on human operators, attention focusing must also be addressed. When an anomaly occurs, more often than not several sensors are affected, and the partiallyredundant information they provide can be confusing, particularly in a crisis situation where a response is needed quickly. The focus of this paper is a new technique for attention focusing. The techniqueinvolves reasoning about the distance between two frequency distributions, and is used to detect both anomalous system parameters and “broken” causaldependencies. These two forms of information together isolate the locus of anomalous behavior in the system being monitored.