Request data processing into anomaly indicator pattern
Prerequisites
The administrator has trained the Airlock Anomaly Shield​ machine learning models beforehand.
Airlock Anomaly Shield must be enabled and configured for an application.
Request processing
Description:
Some properties of the requests of a session are aggregated into metrics of this session. This is mostly a statistical evaluation of the request properties.
These metrics are subsequently fed to different machine learning models. The models generate indicator patterns as the output signal.
The output signal is a value between 0.0 and 1.0 and the group of these values is named anomaly indicator values.
These values are then in turn evaluated via pre-defined thresholds producing a binary output for each indicator. Whereas this group of bits is called an anomaly indicator pattern. The thresholds are pre-defined but also tunable by the customer.
So simply put, anomaly indicator patterns in Airlock Anomaly Shield are the output of a machine learning model.
The policy enforcement configuration allows the customer to create a trigger, that is matched against the anomaly indicator pattern. The Security Gate will execute actions based upon the configured action handling.