Processing of request data
Request data processing into anomaly indicator pattern

Prerequisites

  • The Airlock Anomaly Shield machine learning models have been trained by the administrator beforehand.

Request processing

ML-Request-to-Anomaly-Data-Conversion
  • Description:
  • Some properties of the requests of a session are aggregated into metrics of this session. This is mostly a statistical evaluation of the request properties.
  • These metrics are subsequently fed to different machine learning models. The models generate indicator patterns as the output signal.
  • The output signal is a value between 0.0 and 1.0 and the group of these values is named anomaly indicator values.
  • These values are then in turn evaluated via pre-defined thresholds producing a binary output for each indicator. Whereas this group of bits is called an anomaly indicator pattern. The thresholds may be pre-defined but are tunable by the customer.
  • So simply put, anomaly indicator patterns in Airlock Anomaly Shield are the output of a machine learning model.
  • The policy enforcement configuration allows the customer to create a trigger, that is matched against the anomaly indicator pattern. The Security Gate will execute actions based upon the configured action handling.