= Approaches for System Condition Evaluation

The physics-based activity detection system select a label for each measurement in the time series.
From this array of labels, there are multiple approaches to evaluate if the system is performing as expected or not.
Each approach result in a different intermediate data format (from the detection system to the trust model) and represent a different interpretation of the detection.
Selecting one approache is a core design choice for the complete system.

Both approaches are simmilar and each could be expressed with the other.
However they differ in the format of the output.
This outputformat may influence how the trust model ingest the new results and how the time series are submitted for state detection.
== Approach 1. Compliance to Security Policies 

#figure(image("images/a1.svg", width:100%),caption: "Data pipeline of the first approache.")

With the security policy approach, each power measurement receives a label corresponding to the compliance of the system to pre-defined security policies.
The label is ternary with 
- 1 = Policies Respected 
- 0 = Not all Policies Respected
- -1 = Unsure 

== Approach 2. Presence of Specific Patterns

#figure(image("images/a2.svg", width:100%),caption: "Data pipeline of the second approache.")

The second approach generates a single label for a complete time series based on the presence of a specific pattern.
The selected pattern could be representative of a known anomalous state.
This approache is similar to the first one as it also look for a state in the time serie (the presence of the pattern could be described as a security policy) but differs by the decision algorithm that could take into account large portions of unknown to decide on an unknown output (-1).