What's new

Kaspersky Machine Learning for Anomaly Detection 3.0.0 introduces the following features and improvements:

• Models section of the web interface – the functionality for creating templates based on ML models and adding ML models based on the created templates is implemented. ML model templates preserve the algorithm structure, set of elements, and the training state of the ML model used to create the template.
• Stream Processor service – a new component is added for converting telemetry data received from the monitored asset at arbitrary real-time moments to a uniform temporal grid (UTG). The Stream Processor component considers possible data losses and processes observations received by Kaspersky MLAD too early or too late. In such cases, Stream Processor registers incidents.
• Event Processor service – the functionality that switches the Event Processor to the sleep mode according to a specified schedule is implemented. In the sleep mode, the Event Processor analyses sequences of events processed in the online mode once again to improve the quality of previously detected patterns and their structure. A mechanism for saving the Event Processor service state in the database after processing each episode of events is implemented. This mechanism ensures that the data is saved up to the last processed episode and reduces the need for computational resources required to save the full state of the Event Processor service. The functionality is added that allows you to view the structure of patterns as a layered hierarchy of nested elements, including the time intervals between the elements within the pattern.

• WebSocket Connector – a new connector is added that allows you to receive telemetry data from ICS systems and send messages about incident registration via the WebSocket protocol.
• System parameters section of the web interface – the functionality for managing logging levels of Kaspersky MLAD services, statuses and causes of incidents, and time intervals for displaying data on graphs in the Monitoring, History, and Time slice sections is implemented. The functionality for managing the user account blocking settings is added.
• Tags section of the web interface – the function is implemented to automatically add unknown tags received from external assets via the KICS Connector in accordance with the names of tags and assets in Kaspersky Industrial CyberSecurity for Networks 3.0 and later.