Support

Support for business applications

Kaspersky Machine Learning for Anomaly Detection

Working with the main menu

Managing ML models

Working with markups

Creating markup

Kaspersky Machine Learning for Anomaly Detection
Нет результатов
Online Help
FAQ Contact support Recovery tools Product videos

Creating markup

December 6, 2023

ID 256414

Save as PDF

You can use markup to generate learning indicators or inference of the ML model.

To create markup:

  1. In the main menu, select the Models section.
  2. In the asset tree, next to the name of the asset for which you want to create a markup, open the vertical menu and select Create markup.

    A list of options appears on the right.

  3. Specify the name of the markup in the Name field.
  4. Enter a description for the markup in the Description field.
  5. In the Grid step (sec) field, specify a UTG period for markup in seconds expressed as a decimal.
  6. In the Markup color field, select a color that will be used to highlight data intervals selected by the markup.
  7. If necessary, use the toggle switch to turn on the Treat inconclusive result as positive option.

    If Kaspersky MLAD cannot unequivocally evaluate the fulfillment of criteria specified in the Time filter and Tag conditions settings blocks, for example, due to the absence of observations for tags, the application will consider specified criteria to be fulfilled when this option is enabled.

  8. In the Time filter settings block, do the following:
    1. Click the Add interval button.
    2. In the Interval type drop-down list, select one of the following time interval types:
      • Fixed. If you select this type of interval, specify the days of the week and the time interval during which the input data must be validated according to the specified criteria.

        You can specify only the beginning or the end of a single interval.

      • Recurrent. If you select this type of interval, specify the years, dates, days of the week, and daily time interval for periodically validating input data according to the specified criteria.

    You can add one or more time intervals.

  9. To add tag behavior criteria, do the following:
    1. In the Tag conditions settings block, click the Condition button.

    2. In the Tag drop-down list, select the tag for which to add a tag behavior criterion.

      If you want to exclude the selected criterion from the condition block that you are adding, click NOT to the left of the selected tag. The NOT caption in the button will be highlighted in bold.

      For example, click NOT to add a condition that contains no steps with the specified settings.

    3. In the Behavior drop-down list, select one of the following tag behaviors that must be tracked:
      • Over: the tag value exceeds the specified threshold.
      • Below: the tag value falls below the specified threshold.
      • Rising: the trendline of tag values is increasing.
      • Falling: the trendline of tag values is decreasing.
      • Level: there are no pronounced changes in the trendline of tag values.
      • Step change: the trendline of the selected tag is displaying abrupt upward or downward shifts.
      • Flat: the selected tag is transmitting the same value.
      • Spread: abrupt changes in the spread of values are being observed around the trendline of the selected tag.
    4. In the Window field, specify an interval for analyzing the behavior of tags in the UTG steps.
    5. Depending on the value selected for Behavior, do one of the following:
      • If you selected Over or Below, use the Threshold field to specify the tag threshold value, and specify the minimum number of times the threshold value can be breached in a separate window in the Minimum violations field.
      • If you selected Rising, Falling, or Level, use the Threshold slope field to specify the trend slope percentage value that must be exceeded for the trend to be considered as growing or falling, and specify the time interval between adjacent trend estimates in the Evaluation period field.

        By default, the Threshold slope setting is not defined. If the setting is not defined, Kaspersky MLAD will determine the trend direction automatically.

        By default, the Evaluation period setting has a value of 1. With this value, the trend is estimated at each UTG node.

      • If you selected Step change, use the Minimum change field to specify the minimum shift value for the tag trendline, and select one of the following tag value change directions from the Direction drop-down list: Any, Up or Down.

        By default, the Minimum change setting is not defined. If the setting is not defined, Kaspersky MLAD will determine it automatically.

      • If you selected Flat, use the Value field to specify the value that the tag should transmit, and specify the maximum tag value spread in the Spread field.

        By default, the Value setting is not defined. If the setting is not defined, any repeating tag value triggers the criterion.

      • If you selected Spread, use the Minimum change field to specify the minimum value by which the tag value spread around the trendline can change, and select one of the following spread change directions in the Direction drop-down list: Any, Flare, or Shrink.

        By default, the Minimum change setting is not defined. If the setting is not defined, Kaspersky MLAD will determine it automatically.

        The tag behavior criterion is met when the tag spread around the trendline increases and/or decreases.

    6. To add a tag behavior criterion to a condition block, click the plus sign at the bottom of the condition block and repeat steps 9b through 9e.
    7. If the block contains more than one tag behavior criterion, select one of the following logical operators between the criterion rows:
      • AND if you need to track both criteria in the markup.
      • OR if you need to track one of the defined criteria in the markup.

  10. If you need to check whether the fulfillment of a pre-condition triggered the fulfillment of a post-condition, do the following:
    1. Add one of the following temporal operators:
      • Wait if you need to generate the result of the criteria check in the last node of the maximum waiting interval.
      • If ahead if you need to generate the result of the criteria check at the time of a pre-condition check.

      The Wait and If ahead buttons are available after adding at least one condition.

      A precondition is a block of conditions preceding the temporal operator. A postcondition is a block of conditions following a temporal operator.

      The precondition block is checked in the current UTG node.

      Markup with an If ahead temporal operator can be used in learning indicators only.

    2. In the Recess (steps) field, specify the following time intervals:
      • from: the interval between the current UTG node and the first future UTG node, in which the post-condition block is checked (minimum waiting interval).
      • to: the interval between the current UTG node and the last future UTG node, in which the post-condition block is checked (maximum waiting interval).

      The post-condition block is checked in the UTG nodes between the minimum and maximum waiting intervals.

    3. In the Check drop-down list, select one of the following group operators:
      • To check the fulfillment of tag behavior criteria from the post-conditions block in all UTG nodes between the minimum and maximum waiting intervals, select the All steps group operator.
      • To check the fulfillment of tag behavior criteria from the post-conditions block in at least one UTG node between the minimum and maximum waiting intervals, select the Any step group operator.

      If the Wait temporal operator is added, the criteria check result is determined in the last node of the maximum waiting interval. If the check of the precondition block in the current UTG node gave a negative result (FALSE) or an undefined result (UNDEFINED), the same value will be the result of the check of the post-condition block. If the check of the precondition block in the current UTG node gave a positive result (TRUE), then the check of the post-condition block is performed in each UTG node between the minimum and maximum waiting interval. The result of the check is determined by the fulfillment of the condition depending on the selected group operator: All steps or Any step. If more than one condition check is performed using the Wait temporal operator, the result of the previous temporal condition check is the precondition for each subsequent check of the Wait temporal condition.

      If the If ahead temporal operator is added, the criteria check result is generated at the time of the precondition check.

  11. Select one of the following logical operators between markup blocks:
    • AND if you need to track the tag behavior criteria in both blocks of conditions.
    • OR if you need to track the tag behavior criteria in only one of the blocks of conditions.
  12. In the upper-right corner of the window, click the Save button.

The new markup will be displayed in the Markups group of the asset tree. The Markups group is created automatically and displayed as part of the selected section of the asset tree.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.