Support

Support for business applications

Kaspersky Machine Learning for Anomaly Detection

Basic concepts of Kaspersky MLAD

Incidents

Kaspersky Machine Learning for Anomaly Detection
Нет результатов
Online Help
FAQ Contact support Recovery tools Product videos

Incidents

December 6, 2023

ID 247968

Get as PDF

An incident is a deviation from the expected (normal) behavior of a monitored asset identified by the anomaly detector.

Kaspersky MLAD supports multiple types of anomaly detectors: Forecaster, Rule Detector, and Limit Detector. The Forecaster Detector serves as the foundation for neural network elements of an ML model, while diagnostic rules are based on the Rule Detector. Each detector analyzes incoming telemetry data received from the monitored asset to identify deviations from normal behavior of the asset.

In addition to detecting deviations from normal object behavior, Kaspersky MLAD monitors the quality of incoming data. If the input data stream is terminated or interrupted for a specific tag, or observations that arrived at the application too soon or too late are detected in the input stream, the Stream Processor service registers incidents.

When a deviation is detected, the corresponding detector records the date, time and relevant deviation parameters, and saves this data as an entry in the Incidents section. If incident notifications for users or external systems are configured in Kaspersky MLAD, information about an incident is sent to the intended recipients via the corresponding services of Kaspersky MLAD.

In this section

Incidents detected by a neural network element of an ML model

Incidents detected by an ML model element based on a diagnostic rule

Incidents detected by the Limit Detector

Incidents detected by the Stream Processor service

See also:

Working with incidents and groups of incidents

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.