Processing of request data into patterns
Prerequisites
- The administrator has trained the Airlock Anomaly Shield​ machine learning models beforehand.
- Airlock Anomaly Shield must be enabled and configured for an application.
Request processing
Description:
- Request data within a web session is aggregated into session metrics (e.g., timing statistics, request data statistics, or query parameter statistics).
- These session metrics are used as input for multiple machine learning models (e.g., Isolation Forest, clustering models, or interaction models).
- Each model computes an output value between 0.0 and 1.0. These values are referred to as anomaly indicator values.
- The anomaly indicator values are compared against defined thresholds, resulting in a binary outcome (true/false) for each model.
- The resulting set of binary outcomes forms the anomaly indicator pattern.
- Policy enforcement evaluates this anomaly indicator pattern to trigger actions, which are executed by the Security Gate according to the configuration.
