Anomaly Shield model management page

Anomaly shield model management

This configuration page is accessible by clicking on the gears button in the Models column of the Anomaly Shield Application page.

Section – Enforced Model

Fields/buttons

Description

Status

  • When OK is displayed, the training was successful. The quality of the trained data is not linked to this status. This status can be activated.
  • Status Incomplete is displayed if not all machine learning models have been trained successfully. This may happen when insufficient or overly homogeneous training data have been used in training. This status can be activated but may not perform optimally.
  • Status Empty is displayed if none of the models can be trained. This status cannot be activated.

Training date

Date and time of the training.

Sessions used in training

The number of sessions in the chosen time period.

First session

Date and time of the oldest session that is used in this training.

Last session

Date and time of the newest session that is used in this training.

Buttons

Import
Button to up upload a model zip file.

Export
Creates a zip file of the current model for download.

Delete
Deletes the model from the current Airlock Gateway configuration. Note that the model is deleted at the time the configuration is activated.

Section – Prepared Model

Fields/buttons

Description

Status

  • When OK is displayed, the training was successful. The quality of the trained data is not linked to this status. This status can be activated.
  • Status Incomplete is displayed, if not all 6 machine learning models have been trained successfully. This may happen when too less training data have been trained or in case the training data have been too homogeneous, e.g. generate the same status codes in all analyzed sessions. This status can be activated, but may not perform optimally.
  • Status Empty is displayed, if an insufficient number of sessions has been trained. This status cannot be activated.

Training date

Date and time of the training.

Sessions used in training

The number of sessions in the chosen time period.

First session

Date and time of the oldest session that is used in this training.

Last session

Date and time of the newest session that is used in this training.

Buttons

Enforce Model
The prepared model will be enforced once the configuration is activated.

Export
Creates a zip file of the current model for download.

Delete
Deletes the model from the current Airlock Gateway configuration. Note that the model is deleted at the time the configuration is activated.

Section – Training Task

Fields/buttons

Description

Automatic retraining

The automatic retraining feature analyses collected session data and is automatically scheduled with a quarterly training date (Next training).
Note that automatic retraining requires at least 5 weeks of continuous session data, otherwise the scheduled retraining does not start. This way, Airlock Anomaly Shield ensures that the training of the anomaly models is based on a sufficient number of non-anomalous sessions.

  • Configuration options:
  • Off – training has to be started and enforced manually.
  • Retrain only – retraining is started based on the scheduled Next training date, but the model enforcement has to be started manually.
  • Retrain and enforce – recommended setting for continuous improvement of Anomaly Shield models based on automatic retraining and enforcement.

Selected sessions

The number of sessions that are included in this training task.

Training data from

Date and time of the oldest session that is used in this training.

Training data to

Date and time of the newest session that is used in this training.

Button

Train
Button to start the configured training. The button will be locked in status Training in Progress in case/while training is ongoing.

Section – ColdDB Cluster Sync

Fields/buttons

Description

Button

Merge remote data
Button to merge ColdDB data from the remote cluster node into the local ColdDB. This button is only activated in a cluster setup. The merged ColdDB is only available on the local node and will not be distributed to the remote node.