Glossary
Account role
Set of access rights that determine the actions available to a user when connected to the application web interface. Kaspersky MLAD includes a system administrator role and user roles.
AMQP topic
A hierarchical path to the data source used for sending messages via the AMQP protocol.
Anomaly
Any deviation in the behavior of a monitored asset that is abnormal, unexpected, and not prescribed by the industrial process.
Asset
A section of a hierarchical structure representing, for example, a plant, a shop, or a separate unit of a monitored asset.
Attention
A special configuration of the Event Processor intended to track events and patterns for specific subsets of event history (attention directions). An attention direction is defined by the event parameter value that is common for all events of this direction. The Event Processor detects events and patterns only for the attention directions defined in the attention settings.
Connector
Service that facilitates the exchange of data with external systems.
Data sampling
A method for adjusting the training set with reference to the time scale steps in the original dataset.
Detector
Component in the ML model that identifies anomalies and registers incidents.
Event
Set of values describing a change in the state of a monitored asset based on a predefined list of parameters, with the timestamp of the change.
Gradient boosting
Machine learning technique for classification and regression problems that builds a prediction model in the form of an ensemble of prediction models, which are typically decision trees (XGBoost).
ICS
Abbreviation for Industrial Control System. A package of hardware and software designed to automate control of process equipment at industrial enterprises.
Incident
A deviation from the expected (normal) behavior of a monitored asset identified by the anomaly detector.
Inference
The ML model works with telemetry data to detect anomalous behavior.
Inference indicator
A set of criteria used to determine the data time intervals on which the ML model performs the inference.
Learning indicator
A set of criteria used to determine the data time intervals on which the ML model performs the training.
Markup
A set of time intervals specified for tags that allows you to generate learning indicators and inference for the ML model.
ML model
Algorithm based on machine learning methods tasked with analyzing the telemetry of the monitored asset and detecting anomalies.
ML model branch
Determines how the predicted tag value, personal tag error and MSE are calculated. For a complex model, the calculation may involve multiple ML model elements that have a different composition of tags and error calculation parameters.
Monitor
Source of notifications about patterns, events, or values of event parameters detected by the Event Processor according to the defined monitoring criteria. The monitoring criteria define a sliding time interval, the number of sequential detections, filters for event parameter values, and the condition for detecting new events, patterns, or event parameter values.
Monitored asset hierarchical structure
A method of organizing monitored asset data in the form of a tree, whose leaf nodes correspond to source tags and/or tags processed by the Stream Processor service.
MQTT topic
A hierarchical path to the data source used for sending messages via the MQTT protocol.
Notification
A message containing information about an incident (or incidents) that is sent by the application via notification delivery systems (for example, by email) to the specified addresses.
Pattern
Sequence of events or other patterns identified within the stream of events from the monitored asset.
Preset
Set of tags generated by a user in arbitrary order or created automatically when an incident is registered. A set of tags in a custom preset can correspond to a certain aspect of the technological process or a section of the monitored asset.
Tag
Variable that contains the value of a specific process parameter such as temperature.
Top tag
Process parameter for which the largest deviation from the prediction was recorded at the time of incident registration.
Uniform temporal grid (UTG)
An infinite sequence of points in time separated by equal intervals, to which the stream of incoming telemetry data is converted.
