Processing of request data into patterns

Prerequisites

  • The administrator has trained the Airlock Anomaly Shield​ machine learning models beforehand.
  • Airlock Anomaly Shield must be enabled and configured for an application.

Request processing

Description:

  1. Request data within a web session is aggregated into session metrics (e.g., timing statistics, request data statistics, or query parameter statistics).
  2. These session metrics are used as input for multiple machine learning models (e.g., Isolation Forest, clustering models, or interaction models).
  3. Each model computes an output value between 0.0 and 1.0. These values are referred to as anomaly indicator values.
  4. The anomaly indicator values are compared against defined thresholds, resulting in a binary outcome (true/false) for each model.
  5. The resulting set of binary outcomes forms the anomaly indicator pattern.
  6. Policy enforcement evaluates this anomaly indicator pattern to trigger actions, which are executed by the Security Gate according to the configuration.