Part 2 – Training and model enforcement

After collecting several thousands of sessions as training data, the machine learning model can be prepared and enforced as described in this article.

  1. Go to:
    Application Firewall >> Anomaly Shield >> tab Applications
  2. AAS (no dropshadow) applications in Data Collection mode
  3. In the application list, click the Button - Manage models (gears button) button to manage the machine learning model of the application. The Anomaly Shield Model Management page opens up.
  4. Optional: In the section ColdDB Cluster Sync click Merge remote data, if the Gateway is operated in a cluster setup,
  5. In the section Training Task, select a period of training data with the following in mind:
    • Select at least several thousand sessions of realistic production data.
    • Select session data for a period of 35 days. It is important to train the machine learning model with the full range of different sessions and traffic behaviors that may occur in a typical calendar month.
    AAS Training Task
  6. Click the Train button to create a prepared model. Note that training may take some time, depending on the number of selected sessions and the available system resources.
  7. In the section Prepared Model status OK appears. If the status is Incomplete or Empty, consider using a larger data set for training.
  8. AAS Prepared Model
  9. In the section Prepared Model click the Enforce model button to enforce the prepared model for the Anomaly Shield application.
  10. The machine learning model is enforced with status OK.
  11. AAS Enforced Model

    Proceed with Part 3 – Trigger, pattern and rule configuration.