In Kaspersky MLAD, an ML model can contain the following detectors:
Limit Detector detects anomalies whenever the tag value falls below the minimum value or exceeds the maximum value.
Forecaster predicts the current behavior of an object based on data about its behavior in the recent past.
XGBoost with a certain probability detects anomalies in the monitored asset data based on the data sample for the examined time interval learned by the XGBoost classifier.
Rule Detector builds predictions for the tag values during normal operation of the monitored asset and registers incidents whenever one or multiple rules are triggered.
You can configure the procedure for detecting anomalies based on the specific features of your monitored asset by enabling or disabling the necessary detectors in the Anomaly Detector service settings.
System administrators can configure the Anomaly Detector service.
To configure the settings of the Anomaly Detector service in Kaspersky MLAD:
In the lower-left corner of the page, click the button.
Enable or disable the Limit Detector using the Use Limit Detector toggle switch.
Enable or disable the Forecaster detector using the Use Forecaster detector toggle switch.
Enable or disable the XGBoost detector using the Use XGBoost detector toggle switch.
Enable or disable use of the Rule Detector using the Use Rule Detector toggle switch.
Enable or disable the function for skipping gaps in the incoming data stream using the Skip gaps in data toggle switch.
In the Maximum number of records requested from the Message Broker service field, enter the number of records that must be requested from the Message Broker service for subsequent processing in the Anomaly Detector.
In the Number of messages sent in one block to the Message Broker service field, enter the number of incidents that must be sent to the Message Broker service at one time.
In the Number of simultaneously running models field, enter the maximum number of ML models that can analyze telemetry data at the same time.
For maximum performance of Kaspersky MLAD, the number of ML models running at the same time must not exceed 80% of the number of cores of the server where Kaspersky MLAD is installed.