Trust Slope Anomaly Detection

Mechanism

The trust-slope mechanism maintains, for each credentialed attester in the mesh, a time-series of trust evaluations produced by the architecture's evaluation pipeline. The evaluation pipeline draws on observation admissibility outcomes, peer-attestation cross-checks, governance-credential validity, and behavior-profile consistency, and produces a scalar trust value at a configured cadence. The trust-slope primitive computes the gradient of that time-series and then evaluates the gradient itself against a continuity model fit to the attester's historical trajectory.

Continuity is the operative concept. A well-behaved attester produces a trust trajectory whose slope evolves smoothly: trust may rise as successful corroboration accumulates, may decline modestly under sustained operational stress, and may plateau during steady-state operation, but in all cases the slope itself changes gradually. A sudden deviation — an abrupt slope inversion, a step-change in gradient magnitude, or a discontinuity in the second derivative — signals a structural change in the underlying generative process. That structural change is the anomaly the primitive is designed to detect.

Detected discontinuities enter the architecture as credentialed monitoring events. The event record retains the affected attester, the discontinuity signature (slope before, slope after, gradient of gradient), the contributing observations, and the timestamp. The event itself is admissible lineage: downstream governance procedures can act on the event, audit can reconstruct the detection, and federated meshes can exchange the events as first-class evidence. Response actions range from heightened scrutiny (raising the corroboration threshold for the affected attester's observations) through partial re-credentialing (requiring renewed attestation of specific capability classes) to full zero-trust re-establishment (revoking credentials and requiring fresh enrollment).

Operating Parameters

Continuity-model parameters govern the sensitivity and selectivity of the detector. Window length determines the historical horizon over which the continuity model is fit; short windows respond quickly to genuine change but admit more false positives from noise, while long windows produce stable baselines at the cost of slower detection. Slope-deviation thresholds determine the magnitude of gradient change required to trigger an event; the thresholds are typically expressed as multiples of the locally estimated slope variance, so that the detector adapts to attesters operating in noisier versus quieter regimes.

Cadence parameters govern the rate at which trust evaluations are produced and the rate at which the continuity model is updated. Defense applications under active threat may operate the evaluation pipeline at sub-second cadence with continuity updates at second cadence; civilian critical-infrastructure deployments may operate at minute or hour cadence consistent with their operational tempo. The architecture admits the cadence as a declared parameter so that the same primitive applies across deployment regimes.

Response-action parameters govern the mapping from detected discontinuity to governance action. The mapping is itself credentialed: the architecture admits a governance-signed policy specifying which discontinuity signatures trigger which actions, so that the response logic is auditable and revisable through the same governance procedures that admit credentials in the first place.

Hysteresis parameters govern the transition out of an alerted state once a discontinuity has been recorded. A naively reactive detector that resumes nominal admission immediately upon return of the slope to its prior gradient is exploitable by an adversary who induces a transient and then reverts; the disclosed primitive admits a governance-signed dwell time during which heightened scrutiny is maintained even after the slope renormalizes, with the dwell duration parameterized per discontinuity-signature class. Reset parameters govern the conditions under which the continuity-model history is purged or rebased, typically following a credentialed re-credentialing event that constitutes an explicit acknowledgment that the prior trajectory is no longer the appropriate baseline.

Cross-attester correlation parameters govern the detection of coordinated discontinuities across multiple attesters, which is a stronger signal than any individual discontinuity. The architecture admits a configurable correlation window during which multiple discontinuity events from related attesters are aggregated into a campaign-class event with elevated severity. Relatedness is established by shared credentialing authority, shared physical co-location, shared capability class, or shared upstream observation source, and is itself a credentialed attribute of the attester maintained against the same lineage substrate.

Alternative Embodiments

Embodiments may differ in the continuity model. A simple embodiment fits a low-order polynomial to the trust trajectory and tests slope deviations against the polynomial residual; a more elaborate embodiment uses a Kalman filter or Gaussian-process regression that maintains an explicit uncertainty envelope around the predicted slope. The architectural primitive is invariant under the choice: any model that produces a baseline gradient and an uncertainty envelope can drive the discontinuity detector.

Embodiments may differ in the granularity of the trust evaluation. A coarse embodiment evaluates trust as a single scalar per attester; a fine embodiment maintains separate trust trajectories per capability class (timing, positioning, identity, sensor reporting), with separate slope-continuity tests on each. The fine embodiment localizes anomalies to specific capabilities, supporting partial re-credentialing without revoking the attester's full participation.

Embodiments addressing federated meshes may exchange continuity-event records across mesh boundaries, enabling cross-mesh recognition of attesters whose trajectories degrade in one mesh and propagate to others. Byzantine-robust embodiments evaluate the continuity model against adversarial reports by drawing on the same multi-source-corroboration primitive that governs observation admissibility.

Embodiments addressing slow-burn compromise — adversarial campaigns that deliberately introduce only gradual changes to evade discontinuity tests — may layer a long-horizon continuity model over the short-horizon detector. The long-horizon model tests the second-order continuity of the slope itself, surfacing campaigns whose individual increments evade the primary detector but whose cumulative trajectory diverges from the historically continuous norm. The architecture admits multiple continuity models operating concurrently, each emitting its own credentialed events into the shared lineage substrate.

Composition

Trust-slope continuity composes with the credentialing and zero-trust primitives that govern attester participation. A discontinuity event is the trigger that drives an attester back into the credentialing pipeline; the credentialing pipeline produces the renewed credential or the revocation that closes the loop. The two primitives operate on the same lineage substrate, and the discontinuity event is itself admissible evidence within governance.

Trust-slope continuity also composes with anti-spoofing and admissibility-filter primitives. Sustained rejection patterns at the admissibility filter produce a downward gradient in the affected attester's trust trajectory; if the gradient changes abruptly — for example, when an attester transitions from healthy operation to systematic spoofed-input emission — the continuity detector flags the transition as an event independent of the absolute trust value. The two primitives reinforce one another: admissibility flags individual bad observations, and continuity flags the structural shift that produces them.

The primitive composes with governance-procedure primitives by emitting discontinuity events into the same lineage substrate that records governance deliberations, votes, and policy promulgations. A discontinuity event therefore enters the governance record as a first-class evidentiary artifact, citable by motion, by audit, and by post-incident review without requiring extraction from a separate monitoring database. The primitive composes with federation primitives by exporting discontinuity events as portable evidence across mesh boundaries, with the receiving mesh validating the event against the originating mesh's credential set and admitting the event as evidence within its own governance procedures only if the originating credentials remain valid under the receiving mesh's recognition policy. The primitive composes with audit primitives by retaining the continuity-model state at the moment of detection, admitting reconstruction of the detection by an independent auditor without requiring access to live evaluation pipelines.

Prior Art Distinction

Conventional trust monitoring relies on threshold tests applied to scalar trust scores: an attester whose score falls below a threshold is downgraded or revoked, and an attester whose score remains above the threshold is admitted. The threshold-test approach is structurally blind to compromise that begins with a high trust score and degrades rapidly but has not yet crossed the threshold. The compromise is fully observable in the rate of change but invisible to the threshold detector.

The disclosed primitive differs by treating the slope itself as the observable. Slope continuity is sensitive to the onset of compromise rather than only to its terminal state, and slope-discontinuity events are themselves credentialed lineage rather than transient threshold crossings. The primitive also differs from generic anomaly-detection approaches in that the detection is structurally tied to credential lifecycle: a detected discontinuity drives re-credentialing or zero-trust re-establishment rather than producing only an alert.

Disclosure Scope

The disclosure encompasses the trust-slope continuity primitive, the discontinuity-event lineage, the parameterization of continuity models and response policies, and the composition of the primitive with credentialing, zero-trust re-establishment, admissibility filtering, and federated-mesh evidence exchange. Embodiments span scalar and capability-class trust trajectories, polynomial through state-space continuity models, and deployment regimes from sub-second defense applications to civilian operational-tempo critical infrastructure.

Application contexts contemplated within the disclosure include defense identity meshes where insider compromise must be detected before propagation, civilian zero-trust networks where credential lifecycle is policy-governed, multi-tenant cloud infrastructure where tenant attesters operate under mutual distrust, supply-chain attestation networks where component-provenance attesters can be co-opted by adversaries, and IoT fleets where compromise of individual nodes must be detected against a backdrop of natural attestation drift. In each context the structural primitive — continuity-tested trajectory rather than threshold-tested scalar — applies without modification, and the same lineage substrate carries the discontinuity events into the governance procedures that close the credentialing loop.

The disclosure is to be construed broadly with respect to the continuity model, the discontinuity-signature taxonomy, the response-action policy, and the cadence at which the trust-slope primitive operates. Implementations may select among polynomial, Kalman, Gaussian-process, and deep-learning continuity models; among slope-step, gradient-curvature, and second-derivative-discontinuity signatures; among heightened-scrutiny, partial-re-credentialing, and full-revocation responses; and among sub-second through hourly cadences. Variants along these axes remain within the disclosed primitive provided the structural pattern — slope as the observable, continuity as the test, credentialed events as the output, credentialing-pipeline integration as the closure — is preserved.