Abstract
This paper investigates the use of the ASTD language for ensemble anomalydetection in data logs. It uses a sliding window technique for continuouslearning in data streams, coupled with updating learning models upon thecompletion of each window to maintain accurate detection and align with currentdata trends. It proposes ASTD patterns for combining learning models,especially in the context of unsupervised learning, which is commonly used fordata streams. To facilitate this, a new ASTD operator is proposed, theQuantified Flow, which enables the seamless combination of learning modelswhile ensuring that the specification remains concise. Our contribution is aspecification pattern, highlighting the capacity of ASTDs to abstract andmodularize anomaly detection systems. The ASTD language provides a uniqueapproach to develop data flow anomaly detection systems, grounded in thecombination of processes through the graphical representation of the languageoperators. This simplifies the design task for developers, who can focusprimarily on defining the functional operations that constitute the system.