Logical Components

Anomaly detection algorithms
Relevant system and/or process attributes (possible co-stimulators) and an algorithm for evaluating the degree of co-stimulation
Granular response mechanisms, policy description for defining the appropriate response given the confidence/severity of the anomaly, and an algorithm for executing the response mechanisms following a suitable order of volatility [Farmer, Venema].