Request data processing into anomaly indicator pattern

Prerequisites

  • The administrator has trained the Airlock Anomaly Shield​ machine learning models beforehand.
  • Airlock Anomaly Shield must be enabled and configured for an application.

Request processing

ML-Request-to-Anomaly-Data-Conversion_svg_drawio_data
  1. Description:
  2. Some properties of the requests of a session are aggregated into metrics of this session. This is mostly a statistical evaluation of the request properties.
  3. These metrics are subsequently fed to different machine learning models. The models generate indicator patterns as the output signal.
  4. The output signal is a value between 0.0 and 1.0 and the group of these values is named anomaly indicator values.
  5. These values are then in turn evaluated via pre-defined thresholds producing a binary output for each indicator. Whereas this group of bits is called an anomaly indicator pattern. The thresholds are pre-defined but also tunable by the customer.
  6. So simply put, anomaly indicator patterns in Airlock Anomaly Shield are the output of a machine learning model.
  7. The policy enforcement configuration allows the customer to create a trigger, that is matched against the anomaly indicator pattern. The Security Gate will execute actions based upon the configured action handling.