Kaspersky Machine Learning for Anomaly Detection

Contents

Tags

Expand all | Collapse all

Tags are the main objects of observation in Kaspersky MLAD. A tag is a process parameter transmitted within the industrial network (for example, a controlled temperature). Measurements of physical parameters, as well as setpoints, commands, or states of control systems can be transmitted as tags. The values of tags are transmitted and received by the assets over specific protocols. The values of tags are displayed on graphs in the History and Monitoring sections and are also used to detect incidents.

Kaspersky MLAD provides the following types of tags:

  • Source tags

    The values of these tags are received by Kaspersky MLAD directly from the monitored asset if the Stream Processor service is disabled.

    Source tags are displayed in the monitored asset hierarchical structure.

  • Tags processed by the Stream Processor service

    Tag values received as a result of the processing of the input tag stream by the Stream Processor service.

    The Stream Processor service can convert an input tag stream to a UTG. For each node in the uniform sequence, the Stream Processor service calculates the tag values for the output stream. Depending on how many input observations have been accumulated for each node and how long ago the observations were last received, the Stream Processor service can calculate output tag values by aggregation (calculating a tag value based on multiple tag observations accumulated for the corresponding node of the uniform sequence) or imputation (restoring the tag value for an empty node of the uniform sequence based on the values of this tag received earlier).

    The Stream Processor service can also calculate derivative tags based on incoming telemetry data. For example, the Stream Processor service can calculate a moving average or an average for a group of tags.

    Tags processed by the Stream Processor service are displayed in the monitored asset hierarchical structure.

Kaspersky MLAD supports several methods for obtaining telemetry data (tags). Depending on the monitored asset attributes and the tag transmission capabilities, you can select one of the following methods for receiving tags:

See also:

Managing assets and tags

Page top
[Topic 247966]