Predictive ML model elements predict the behavior of an object from data on its recent behavior. Predictive ML model elements include neural network elements and linear regression-based elements.
Kaspersky MLAD model builder supports the following architectures for ML model predictive elements:
Dense. Neural network element of an ML model with a fully connected architecture. When creating an ML model element, you must specify the multipliers for calculating the number of neurons on inner layers and the activation functions on them.
TCN. Neural network element of an ML model with a hierarchical time-based convolutional architecture. When creating an ML model element, you must specify the filter size and number, extensions on layers, activation functions on them and the number of layers in the residual block.
CNN. Neural network element of an ML model with a convolutional architecture. When creating an ML model element, you must specify the number of neurons on the layers of encoder, the size and number of filters on layers, and the size of the maximum sampling window (MaxPooling).
RNN. Neural network element of an ML model with a recurrent architecture. When creating an ML model element, you must specify the number of GRU neurons on layers and the number of time-distributed neurons on the layers of the decoder.
Transformer. Neural network element of an ML model with a transformer architecture. When creating an element of the ML model, the number of attention heads and the number of transformer encoders are specified.
Linear regression. Element of an ML model based on linear regression.
A predictive element of an ML model generates the following artifacts as a result of inference:
Predicted tag values. These are displayed in the central part of the Monitoring and History sections on individual graphic areas of the selected preset.
Individual prediction errors are the differences between the predicted and actual values for each tag. These are displayed in the central part of the Monitoring and History sections on individual graphic areas of the selected preset.
The total prediction error (cumulative prediction error) is the total discrepancy between the predicted and actual values. Cumulative prediction error and the cumulative prediction error threshold are displayed in the graphic area in the central part of the Monitoring and History sections after the graphic areas of the selected preset and on the ML model element artifact graph located at the bottom of the sections.
If the cumulative prediction error exceeds the cumulative prediction error threshold, predictive element of the ML model considers this a deviation in the behavior of the monitored asset and registers an incident.