Digital-system research

Transparent anomaly detection for digital systems

MCIFT explores inspectable consistency, closure and graph-propagation features for APIs, databases, ETL processes, queues and service dependencies. Closure is a review signal, not proof that a workflow is correct.

01

The operational problem

Digital incidents often appear as several weak symptoms: latency rises, records stop progressing, dependent services disagree or a transaction never completes. Monitoring must connect these signals without hiding alert logic.

02

Relevant operational signals

  • API latency, status codes and traces
  • Database duration, locks and replication state
  • ETL stage counts, delays and rejects
  • Queue depth, age and retry activity
  • Transaction completion and dependency-graph events
03

How MCIFT maps the problem

A workflow can be represented as connected checks. Missing closure becomes an incompleteness feature; disagreement becomes a consistency feature; movement through dependencies becomes a propagation feature. None proves correctness or causality.

04

What must be compared

  • Static SLO and threshold alerts
  • Rate, error and duration monitoring
  • Seasonal and rolling baselines
  • Trace and dependency analysis
  • Existing observability or incident-detection rules
05

Potential applications

  • Incomplete API or transaction workflows
  • Database and replication anomalies
  • ETL reconciliation and data-pipeline reliability
  • Queue congestion and delayed work
  • Graph-based service-dependency review
06

Limitations

A closed workflow may still be consistently wrong. Missing telemetry can resemble a failed process. Topology, release changes and traffic regimes must be represented before alerts are interpreted.

07

Current evidence status

The mappings are exploratory and currently demonstrated with illustrative traces. Their operational value requires comparison with established observability methods on historical incidents and normal changes.

08

Data needed for validation

  • Timestamped traces and stage logs
  • Service and data dependency topology
  • Deployments and configuration-change records
  • Incident windows and operator decisions
  • Representative normal load and seasonal periods
09

Suggested evaluation metrics

  • Alert delay from first observable symptom
  • Precision and recall at incident level
  • False alerts per day or deployment
  • Missed incomplete workflows
  • Attribution usefulness
  • Coverage under missing telemetry

Test one workflow end to end.

Choose a bounded API, transaction or ETL process. Freeze the mapping, replay history and compare alerts with the observability baseline already trusted by the team.

Discuss a validation study
Contact