Kaspersky Machine Learning for Anomaly Detection

ML models

Expand all | Collapse all

An ML model is an algorithm based on machine learning methods tasked with analyzing the telemetry of the monitored asset and detecting anomalies.

An ML model is created by Kaspersky experts or a certified integrator for a specific monitored asset while taking into account the specifications of the asset and the characteristics of telemetry data. The general structure of the algorithm (architecture) is formed during creation of the ML model. Then the ML model is trained based on historical telemetry data and is thereby adjusted to the behavior of a specific object.

An ML model loaded into Kaspersky MLAD to work with a monitored asset consists of one or several elements, each of which is an independent ML model. The overall result of the Anomaly Detector service is formed by combining the results of the ML model elements. Normally, the more complex the industrial processes of the monitored asset are, the more elements the ML model will contain.

A Kaspersky MLAD ML model can be built using one or more detectors running in parallel:

  • Forecaster.
  • Rule Detector.
  • Limit Detector.
  • XGBoost.

In Kaspersky MLAD, an ML model can be imported or created based on a template. In turn, ML model templates are created based on previously added ML models. ML model templates preserve the algorithm structure, set of elements, and the state of the ML model used to create the template. The state of the created ML model will match the training state of the source ML model when the template was created.

Using templates, you can add ML models of the same type to Kaspersky MLAD. These models will analyze data received from equipment of the same type with a similar set of tags. When creating an ML model from a template, you can configure the use of other tags in the ML model by specifying tag IDs that differ from the ones in the source ML model.

See also:

Managing ML models and templates