Kaspersky Machine Learning for Anomaly Detection
5.0
English
Working with the main menu  >  Managing ML models  >  Working with manually created ML models  >  Adding a predictive element to an ML model

Adding a predictive element to an ML model

System administrators and users who have the Create models permission from the Manage ML models group of rights can add ML model elements. The functionality is available after a license key is added.

To add a predictive element to an ML model:

  1. In the main menu, select the Models section.
  2. To add a predictive element, do the following:
    1. In the asset tree, next to the name of the ML model to which you want to add a predictive element, open the vertical menu An icon in the form of three dots arranged horizontally. and select Create element.
    2. In the window that opens, select the element type Predictive element.
    3. Click the Create button.

    A list of options appears on the right.

  3. In the Name field, specify the name of the ML model element.
  4. Enter a description for the ML model element in the Description field.
  5. In the General element settings block, do the following:
    1. In the Reminder period (sec) field, specify the period in seconds, upon reaching which the ML model will generate a repeated incident if anomalous behavior is retained in each UTG node.

      The default value of this setting is 0, which corresponds to no reminders.

    2. In the Period of recurring alert suppression (sec) field, specify the period in seconds during which the ML model does not log repeated incidents for the same element.

      The default value of this setting is 0 (repeat incidents not suppressed).

    3. In the Anomaly observation interval (sec) field, enter the period (in seconds) during which the anomalous behavior of the tag is monitored to make a decision regarding incident registration.
    4. In Anomaly duration share in interval, enter as a decimal fraction the proportion of the period in Anomaly observation interval (sec) that must elapse for the ML model element to register an incident.

      You can specify a value in the range of 0 to 1.

    5. In the Color of incident dot indicators field, select the color of the indicator points of the incidents logged by the ML model element on the graphs in the Monitoring and History sections. This color will also be used to display the graph of the artifact generated by this element.
    6. If necessary, in the Incident status drop-down list, select a status to be automatically assigned to incidents logged by the ML model element.
    7. If necessary, in the Incident cause drop-down list, select the cause to be automatically set for incidents logged by the ML model element if this cause is known in advance.
    8. In the Detection threshold field, specify a prediction error threshold value upon reaching which an incident is logged.

      The value of this parameter will be automatically adjusted after training the ML model element. If necessary, you can change the value of this parameter.

    9. If required, in the Expert opinion field, specify the expert opinion that will be automatically generated for incidents registered by the ML model element if the contents of this opinion are known in advance.
  6. Select one of the following ML model predictive element architectures: Dense, RNN, CNN, TCN, Transformer, or LR.
  7. If necessary, turn on the Advanced neural network settings toggle switch.

    The toggle switch is only available for elements with a Dense, RNN, CNN, TCN, or Transformer architecture.

  8. In the Main settings block, do the following:
    1. In the Grid step (sec) field, specify the element's UTG period (in seconds) expressed as an integer or decimal.
    2. In the Input tags drop-down list, select one or more tags that serve as the source data for predicting the values of the output tags.

    3. In the Output tags drop-down list, select one or several tags whose behavior is predicted by the model element.

    4. In the Smoothing factor field, specify the cumulative prediction error smoothing factor in decimal format.

      The higher the coefficient, the less smoothing is applied to the data.

    5. In the Prediction error power exponent field, specify the power to which the prediction error value is raised at each UTG node before calculating the cumulative error.
  9. In the Window settings block, do the following:
    1. In the Input window (steps) field, specify the size of the input value window, from which the ML model element predicts the output values.

      The window size is indicated in the number of UTG steps.

    2. In the Output window offset field, specify the number of UTG steps by which the beginning of the output window will be shifted relative to the beginning of the input window.
    3. In the Output window (steps) field, specify an output tag prediction length calculated from the input tags on the input window.
  10. If extended setup mode is enabled and you are adding an element with a Dense architecture, do the following:
    1. In the Multipliers for calculating number of neurons per layer field, provide the multipliers, separated by a comma without spaces, by which to multiply the number of input tags to calculate the number of neurons in the ML model element layers.

      The default value of this parameter is 8,4,8.

    2. In the Activation function per layer field, specify one of the following activation functions on each layer of an ML model element separated by a comma without spaces:
      • relu: A non-linear activation function that converts an input value to a value between 0 and positive infinity.
      • selu: A monotonically increasing function that enables normalization based on the central limit theorem.
      • linear: A linear function that is a straight line proportional to the input data.
      • sigmoid: A non-linear function that converts input values to values between 0 and 1.
      • tanh: A hyperbolic tangent function that converts input values to values between -1 and 1.
      • softmax: A function that converts a vector of values to a probability distribution that adds up to 1.

      The default value of this setting is relu,relu,relu.

    3. In the Regularization field, specify the regularization coefficient in decimal format to prevent overfitting of the ML model element.

      The default value of this parameter is 0.

  11. If extended setup mode is enabled and you are adding an element with an RNN architecture, do the following:
    1. In the GRU neurons per layer field, specify the number of GRU neurons on layers separated by a comma without spaces.

      The default value of this parameter is 40,40.

    2. In the Number of neurons in TimeDistributed layer field, specify the number of neurons distributed in time on the layers of the decoder separated by a comma without spaces.

      The default value of this parameter is 40,20.

    3. If you need to restore data received as input to the network, turn on Use autoencoder toggle switch.
    4. In the Regularization field, specify the regularization coefficient in decimal format to prevent overfitting of the ML model element.

      The default value of this parameter is 0.

  12. If extended setup mode is enabled and you are adding an element with an CNN architecture, do the following:
    1. In the Filter size per layer field, specify the size of the filters for each layer of the element separated by a comma without spaces.

      The default value of this parameter is 2,2,2.

    2. In the Number of filters per layer field, specify the number of filters for each layer of the ML model element separated by a comma without spaces.

      The default value of this parameter is 50,50,50.

    3. In the Regularization field, specify the regularization coefficient in decimal format to prevent overfitting of the ML model element.

      The default value of this parameter is 0.

    4. In the MaxPooling window size per layer field, specify the maximum sampling window size on each layer separated by a comma without spaces.

      The default value of this parameter is 2,2,2.

    5. In the Number of neurons in decoder field, specify the number of neurons on the layers of the decoder.
    6. If you need to restore data received as input to the network, turn on Use autoencoder toggle switch.

  13. If extended setup mode is enabled and you are adding an element with an TCN architecture, do the following:
    1. In the Regularization field, specify the regularization coefficient in decimal format to prevent overfitting of the ML model element.

      The default value of this parameter is 0.

    2. In the Size of filters field, specify the size of the filters for the ML model element.

      The default value of this parameter is 3.

    3. In the Number of layers in residual block field, specify the number of residual block layers.

      The default value of this parameter is 1.

    4. In the Number of filters per layer field, specify the number of filters for each ML model element layer.

      The default value of this parameter is 64.

    5. In the Dilation per layer field, specify the exponential expansion values of the output data on the layers as a comma-separated list.

      The default value of this parameter is 1,2,4,8,16.

    6. In the Decoder layer type field, select one of the following types of layer to precede the output layer:
      • TimeDistributedDense (default): A fully connected architecture layer.
      • GRU: A layer with a recurrent architecture.
    7. In the Activation function drop-down list, select one of the following activation functions:
      • linear: A linear activation function whose result is proportional to the input value.
      • relu: A non-linear activation function that converts an input value to a value between zero and positive infinity. If the input value is less than or equal to zero, the function returns a value of zero; otherwise, the function returns the input value.

      The default value of this parameter is linear.

  14. If extended setup mode is enabled and you are adding an element with a Transformer architecture, do the following:
    1. In the Encoder regularization field, specify the regularization coefficient in the encoder in decimal format.

      The default value of this parameter is 0.01.

    2. In the Number of attention heads field, specify the number of attention heads.

      The default value of this parameter is 1.

    3. In the Number of encoders field, specify the number of encoders.

      The default value of this parameter is 1.

    4. In the Multipliers for calculating number of neurons per layer field, provide the factors, separated by a comma without spaces, by which to multiply the number of input tags to calculate the number of neurons in the decoding layers.

      The default value of this parameter is 10,5,10.

  15. In the upper-right corner of the window, click the Save button.

When the first item in the ML model is created, a Predictive elements group will be automatically created in the asset tree. The newly created element appears in this group.

The ML model element will be assigned the Not trained status, and the ML model to which the added element belongs will be assigned the Not trained status. To run inference on the ML model, all of its predictive elements and elliptic envelope-based elements must be trained.

Article ID: 256033, Last review: Nov 21, 2024
Page top