Kaspersky Machine Learning for Anomaly Detection
5.0
English

Contents

[Topic 251713]

Installing the application

This section contains a step-by-step description of Kaspersky MLAD installation. During installation, Kaspersky MLAD creates the first application user with the system administrator role.

Prior to installation, you must make sure that the required amount of free space is available on the hard drive where the application will be installed. Docker service volumes must be stored on the drive where the application is installed. If the Docker volumes are stored on a different drive, you must move them and use the Docker configuration file to specify the path to the storage location of the volumes on the hard drive where the application is installed.

To install the application, each server must have a user account with root privileges that will be used to perform the installation. The directory for installing Kaspersky MLAD must be empty.

Installation of Kaspersky MLAD is performed by a qualified technical specialist of the Customer, a Kaspersky employee, or a certified integrator.

The Kaspersky MLAD server and the software installed on the server must meet the hardware and software requirements.

Kaspersky MLAD is installed according to the described procedure for application installation. Installation and use of Kaspersky MLAD is possible only on one server. Installation and use of different services and connectors on multiple servers is not possible.

Installation of Kaspersky MLAD will be interrupted if the integrity of the application archive has been breached. To obtain the correct archive of the application, please contact Kaspersky experts.

To install Kaspersky MLAD:

  1. Unpack the archive named Kaspersky_MLAD_5.0.0.-<build number>_ru-RU_en-US.tar.xz that is included in the distribution kit:

    tar xf Kaspersky_MLAD_5.0.0.< build number >_ru-RU_en-US.tar.xz

    The mlad-release-5.0.0-<build number> directory appears after the archive is unpacked.

  2. Navigate to the directory named mlad-release-5.0.0-<build number>:

    cd mlad-release-5.0.0-<build number>

  3. Run the setup.sh installation script:

    sudo ./setup.sh

  4. Follow the instructions of the Application Setup Wizard.

    Read the License Agreement carefully during installation. You must accept the terms of the End User License Agreement to install the application. If you do not accept the terms of the End User License Agreement, the installation process will be interrupted.

    Using the Application Setup Wizard, you can change the name and password of the first application user with the system administrator role.

    The application is installed in /opt/kaspersky/mlad by default. You can specify a different directory during installation.

To install Kaspersky MLAD in non-interactive mode:

  1. Unpack the archive named Kaspersky_MLAD_5.0.0.-<build number>_ru-RU_en-US.tar.xz that is included in the distribution kit:

    tar xf Kaspersky_MLAD_5.0.0.< build number >_ru-RU_en-US.tar.xz

  2. Navigate to the directory named mlad-release-5.0.0-<build number>:

    cd mlad-release-5.0.0-<build number>

  3. Run the setup.sh installation script with the following switches:

    sudo ./setup.sh -q -e accept -f <full path to installation directory>

    where:

    -q means that the application is installed in non-interactive mode. When installing the application in non-interactive mode, Kaspersky MLAD creates the first application user with the system administrator role and assigns it a default user name and password. To obtain the default user name and password, contact a qualified technical specialist of the Customer, a Kaspersky employee, or a certified integrator.

    -e accept means that you accept the terms of the End User License Agreement. You must accept the terms of the End User License Agreement to install the application. If you do not add the -e accept switch, installation of the application will not continue.

    You can read the text of the End User License Agreement in the text file named license_en.txt located in the 'legal' directory.

    -f <full path to installation directory> means the application will be installed in the specified directory. Skipping the -f switch will cause the application to be installed in the default directory /opt/kaspersky/mlad.

The application will be installed on the server. After installing the application, start it.

Some features will be unavailable until you add a license key.

Page top
[Topic 247986]

Updating the application

The application is updated using the upgrade.sh upgrade script. When Kaspersky MLAD is updated, all of the following data that was uploaded, received, or processed by the previous version of Kaspersky MLAD will be saved: tag configurations, presets, ML models, and settings of Kaspersky MLAD.

You can back up the previous version when updating the application, if needed.

A user account in the Kaspersky MLAD server operating system must have root access to update the application.

Prior to starting the update, make sure that there is free space on the hard drive:

  • If the application is being updated without performing a backup, the hard drive must have enough free space required to install Kaspersky MLAD.
  • If a backup is performed simultaneously with the application update and the backup copy is saved on the same drive, at least 50% of the total hard drive volume must be free.
  • If a backup copy is performed simultaneously with the application update and the backup copy is saved on another drive, the application installation drive must have free space in the amount required to install Kaspersky MLAD, and the drive for storing the backup copy must have free space equaling at least the amount of occupied disk space on the drive where the application is installed.

Updating Kaspersky MLAD is possible starting with application version 5.0.0-001.

The application will shut down while it updates. Kaspersky MLAD will not accept data from data sources or process it.

The Kaspersky MLAD server and the software installed on the server must meet the hardware and software requirements.

Kaspersky MLAD is updated to fix security flaws and application vulnerabilities or when new versions of the application are released under the current Technical Support Agreement. The application update is performed by a qualified technical specialist of the Customer, a Kaspersky employee, or a certified integrator.

The Kaspersky MLAD update will be interrupted if the integrity of the application archive has been breached. To obtain the correct archive of the application, please contact Kaspersky experts.

To update Kaspersky MLAD:

  1. Unpack the archive named mlad-5.0.0-<new build number>.tar.xz that is included in the distribution kit:

    tar xf mlad-5.0.0-<new build number>.tar.xz

  2. Go to the folder with the new application build:

    cd mlad-release-5.0.0-<new build number>

  3. Run the upgrade.sh script using one of the following methods:
    • If you need to back up a previous version and save the backup copy in the directory where Kaspersky MLAD is installed, run the following command:

      sudo ./upgrade.sh -f <full path to the application build to be updated>

      The backup copy will be created in a directory named mlad_backup-<version number>-<build number>. The directory will be created within the directory where the application is installed.

    • If you need to back up a previous version and save the backup copy in a different directory, run the following command:

      sudo ./upgrade.sh -b <full path to backup directory> -f <full path to application build to be updated>

    • To skip backup when updating the application, run:

      sudo ./upgrade.sh -b nobackup -f <full path to the application build to be updated>

    You can run the upgrade.sh script with the -h switch if you want to display the brief description of the script in the Kaspersky MLAD update interface:

    sudo ./upgrade.sh -h

  4. Follow the instructions of the Application Upgrade Wizard.

    Accept the terms of the End User License Agreement while running the Application Update Wizard. You must accept the terms of the End User License Agreement to update the application. If you do not accept the terms of the End User License Agreement, the update process will be interrupted.

    You can read the text of the End User License Agreement in the text file named license_en.txt located in the 'legal' directory.

To update Kaspersky MLAD in non-interactive mode:

  1. Unpack the archive named mlad-5.0.0-<new build number>.tar.xz that is included in the distribution kit:

    tar xf mlad-5.0.0-<new build number>.tar.xz

  2. Go to the folder with the new application build:

    cd mlad-release-5.0.0-<new build number>

  3. Run the upgrade script using one of the following methods:
    • If you need to back up a previous version and save the backup copy in the directory where Kaspersky MLAD is installed, run the following command:

      sudo ./upgrade.sh -q -e accept -f <full path to the application build to be updated>

      The backup copy will be created in a directory named mlad_backup-<version number>-<build number>. The directory will be created within the directory where the application is installed.

    • If you need to back up a previous version and save the backup copy in a different directory, run the following command:

      sudo ./upgrade.sh -q -e accept -b <full path to the backup directory> -f <full path to the application build to be updated>

    • To skip backup when updating the application, run:

      sudo ./upgrade.sh -q -e accept -b nobackup -f <full path to the application build to be updated>

    where:

    -q means that the application is updated in non-interactive mode.

    -e accept means that you accept the terms of the End User License Agreement. You must accept the terms of the End User License Agreement to update the application. If you do not add the -e accept switch, application updating will be interrupted.

    You can read the text of the End User License Agreement in the text file named license_en.txt located in the 'legal' directory.

    -b <full path to the backup directory> means Kaspersky MLAD will back up the current application version and save the backup to the specified directory.

    -b nobackup means that Kaspersky MLAD will update the application without backing up the current version.

    -f <full path to the application build to be updated> means the application installed in the specified directory will be updated.

Kaspersky MLAD will be updated to the version specified in the build number. All application files will be located in the directory where Kaspersky MLAD is installed (/opt/kaspersky/mlad by default).

Page top
[Topic 247987]

Checking the integrity of Kaspersky MLAD archive files

You can check the integrity of files in the Kaspersky MLAD archive to make sure that there have been no changes to its contents before beginning installation or upgrading the application.

Integrity checks are performed using the integrity.sh script. When the script is running, it sequentially verifies the checksums of files from the application archive.

To check the integrity of Kaspersky MLAD archive files:

  1. Unpack the archive named Kaspersky_MLAD_5.0.0.-<build number>_ru-RU_en-US.tar.xz that is included in the distribution kit:

    tar xf Kaspersky_MLAD_5.0.0.< build number >_ru-RU_en-US.tar.xz

    The mlad-release-5.0.0-<build number> directory appears after the archive is unpacked.

  2. Navigate to the directory named mlad-release-5.0.0-<build number>:

    cd mlad-release-5.0.0-<build number>

  3. Run the script for checking the integrity of the Kaspersky MLAD archive:

    ./integrity.sh

The results of checking the integrity of the application archive files on the computer are considered successful if the integrity.sh script ends with the SUCCEEDED message.

Page top
[Topic 291566]

Backing up the application

You can back up the application in accordance with your company regulations. You can back up Kaspersky MLAD when updating the application, if needed.

The application is backed up with the help of the backup.sh script. The Kaspersky MLAD backup procedure saves all of the following data that was uploaded, received, or processed by Kaspersky MLAD: tag configurations, presets, ML models, and settings of Kaspersky MLAD.

A user account in the Kaspersky MLAD server operating system must have root access to back up the application.

Prior to starting the backup, you must make sure that at least 50% of the hard drive space is free if you are saving the backup copy to the hard drive where the application is installed. If the backup copy is saved to another drive, you must make sure that this drive has enough free space necessary for installing Kaspersky MLAD.

Kaspersky MLAD backup capabilities are available starting with application version 5.0.0-001.

To back up Kaspersky MLAD:

  1. Go to the directory where Kaspersky MLAD is installed:

    cd mlad-release-5.0.0-<build number>

  2. Run the backup.sh script using one of the following methods:
    • If you want to save a backup copy in the directory where the application is installed, run the following command:

      sudo ./backup.sh -f <full path to application directory>

      The backup copy will be created in a directory named mlad_backup-<version number>-<build number>. The directory will be created within the directory where the application is installed.

    • If you need to save the backup copy to another directory, run the following command:

      sudo ./backup.sh -b <full path to backup directory> -f <full path to application directory>

  3. Follow the instructions of the backup wizard.

To back up Kaspersky MLAD in non-interactive mode:

  1. Go to the directory where Kaspersky MLAD is installed:

    cd mlad-release-5.0.0-<build number>

  2. Run the backup.sh script by doing one of the following:
    • If you want to save a backup copy in the directory where the application is installed, run the following command:

      sudo ./backup.sh -q -f <full path to application directory>

      The backup copy will be created in a directory named mlad_backup-<version number>-<build number>. The directory will be created within the directory where the application is installed.

    • If you need to save the backup copy to another directory, run the following command:

      sudo ./backup.sh -q -b <full path to backup directory> -f <full path to application directory>

    where:

    -q means that the application will be backed up in non-interactive mode.

    -b <full path to the backup directory> means Kaspersky MLAD will save the backup in that directory.

    -f <full path to application directory> means that the application installed in that directory will be backed up.

Page top
[Topic 247988]

Rolling back the application to the previous installed version

The application can be rolled back to a previously installed version by using the backup.sh script.

A user account in the Kaspersky MLAD server operating system must have root access to roll back the application to a previous version.

Kaspersky MLAD rollback capabilities are available starting with application version 5.0.0-001.

The application will shut down while it rolls back to the previous version. Kaspersky MLAD will not accept data from data sources or process it.

When rolling back Kaspersky MLAD to the previous installed version, all data received and processed by Kaspersky MLAD from the moment the application was upgraded to the moment of the rollback to the previous version will be lost. You are advised to verify that you have a full backup copy of all Kaspersky MLAD data.

To roll back Kaspersky MLAD to the previous installed version:

  1. Go to the directory containing the relevant backup copy of Kaspersky MLAD that the application rollback should restore:

    cd <directory containing the application backup copy>

  2. To roll back the application to the previous version, run the backup script named backup.sh with the -r switch:

    sudo ./backup.sh -r -f <full path to application directory>

  3. Follow the instructions of the backup wizard.

Kaspersky MLAD will be rolled back to the previous installed version.

Page top
[Topic 247989]

Scenario for restoring Kaspersky MLAD from a backup

If necessary, for example, if the server hosting Kaspersky MLAD malfunctions, you can restore the application from a backup copy of Kaspersky MLAD by using the backup.sh script.

A user account in the Kaspersky MLAD server operating system must have root access to restore the application.

The scenario for restoring the application from a backup copy consists of the following steps:

  1. Moving a backup copy of the application to the Kaspersky MLAD server

    Copy the directory containing the backup copy of the application to the server where the application is being restored.

  2. Restoring Kaspersky MLAD

    Go to the directory containing the backup copy of Kaspersky MLAD by running the following command:

    cd <directory containing the application backup copy>

    To restore the application from a backup copy, run the application backup script named backup.sh with the -r switch:

    sudo ./backup.sh -r -f <full path to the directory in which you need to restore the application>

    Follow the instructions of the backup wizard.

Page top
[Topic 247990]

Getting started

Before starting to work with Kaspersky MLAD, you must make sure that the following conditions are fulfilled:

  1. Descriptions of tags of received telemetry and assets of the hierarchical structure are prepared as a XLSX file to be imported into Kaspersky MLAD. This file is created by a qualified technical specialist of the Customer, a Kaspersky expert or a certified integrator.
  2. A set of presets has been prepared to monitor data flow and evaluate the performance of Kaspersky MLAD. A description of the presets is supplied in the form of a file in JSON format. This file is created by a qualified technical specialist of the Customer, a Kaspersky expert or a certified integrator.
  3. The telemetry data source is enabled and configured to send data to Kaspersky MLAD.
  4. The data transfer network is prepared to deliver telemetry data from the data source to the Kaspersky MLAD server, the network equipment is properly configured, and data transfer is allowed.
  5. Configuration settings and/or configuration files are prepared for the connector that will be used in Kaspersky MLAD to receive telemetry data or events from external systems. The connector must be configured and activated after Kaspersky MLAD is started.
  6. If ML models are provided as part of the Kaspersky MLAD Model-building and Deployment Service, the ML models are created and trained based on historical telemetry data by a Kaspersky expert or a certified integrator. The ML models have been prepared for import into Kaspersky MLAD as TAR files. The Kaspersky MLAD system administrator has been sent the codes for activating ML models. The ML model activation codes are stored in a secure storage location.
Page top
[Topic 247991]

Starting and stopping Kaspersky MLAD

By default, Kaspersky MLAD uses the systemctl utility to start or stop the application. If there is an unexpected restart of the server where the application is installed, the systemctl utility automatically starts Kaspersky MLAD.

If necessary, you can use scripts to start and stop the application. To do so, you must switch the application state control mode.

We recommend the systemctl utility for controlling the application state.

Starting or stopping the application with the systemctl utility

The user account must have root access to start or stop the application.

To start the application using the systemctl utility:

In the command line, run the following command:

sudo systemctl start mlad

Kaspersky MLAD will be started.

To stop the application using the systemctl utility:

In the command line, run the following command:

sudo systemctl stop mlad

Kaspersky MLAD will be stopped.

When stopping, the application saves service statuses. When the application starts again, the services will be restored to their previous status.

An error message is displayed if you attempt to run the start and stop scripts in control mode by using the systemctl utility.

Starting or stopping the application with the start and stop scripts

To start or stop the application using the start and stop scripts, first switch the application state control mode.

To start the application:

  1. Go to the folder where Kaspersky MLAD is installed (/opt/kaspersky/mlad by default).
  2. In the command line, run the following command:

    ./mlad-start.sh

Kaspersky MLAD will be started.

To stop the application:

  1. Go to the folder where Kaspersky MLAD is installed (/opt/kaspersky/mlad by default).
  2. In the command line, run the following command:

    ./mlad-stop.sh

Kaspersky MLAD will be stopped.

When stopping, the application saves service statuses. When the application starts again, the services will be restored to their previous status.

If you try to use the systemctl utility in control mode via start and stop scripts, an error message is displayed.

Page top
[Topic 247992]

Switching between Kaspersky MLAD state control modes

Kaspersky MLAD supports application state management in the following ways:

  • Using the systemctl utility (by default). If there is an unexpected restart of the server where the application is installed, the utility automatically starts Kaspersky MLAD.

    We recommend the systemctl utility for controlling the application state.

  • Using start and stop scripts.

If necessary, you can switch between different application state control modes by using the setup.sh script.

A user account in the Kaspersky MLAD server operating system must have root access to switch between modes.

To change the application state control mode:

  1. Go to the folder where Kaspersky MLAD is installed (/opt/kaspersky/mlad by default).
  2. To switch between application state control modes, run the installation script with an -s switch:

    sudo ./setup.sh -s

Kaspersky MLAD will change the application state control mode. When attempting to run start and stop scripts in application state control mode using the systemctl utility, or when attempting to use the systemctl utility with start and stop scripts while in application state control mode, an error message will be displayed.

Page top
[Topic 287614]

Updating Kaspersky MLAD certificates

The following certificates are used in Kaspersky MLAD:

  • Certificates for connecting to Kaspersky MLAD using the web interface.
  • Certificates for connecting connectors and services.

It is recommended to update certificates in the following cases:

  • Current certificates have been compromised.
  • Certificates have expired.
  • Certificates need to be updated in accordance with the enterprise information security requirements.

Updating a certificate for connecting to Kaspersky MLAD using the web interface

By default, Kaspersky MLAD uses a self-signed certificate that is automatically generated during the application installation to connect to the web interface. When using a self-signed certificate to connect to the Kaspersky MLAD web interface, the browser displays a warning that the security certificate or the established connection is not trusted.

To use trusted certificates to connect to the Kaspersky MLAD web interface, you can replace the self-signed certificate with a certificate received from a recognized certification authority or with a custom certificate that complies with the security standards of your organization.

Kaspersky MLAD store certificates for connecting to the web interface at <installation directory>/ssl/nginx/.

The certificate for connecting to Kaspersky MLAD using the web interface can be updated by a qualified technical specialist of the Customer, a Kaspersky employee or a certified integrator.

To update certificates for connecting to Kaspersky MLAD using the web interface:

  1. Obtain a trusted certificate and a key for this certificate to connect to the Kaspersky MLAD web interface.

    A certificate must be received for the IP address and domain name of the server on which Kaspersky MLAD is installed.

  2. Go to the directory containing the trusted certificate and the key to this certificate.
  3. In the command line, run the following commands:

    sudo chown root:root <new certificate.crt> <new certificate key.key>
    sudo chmod 640 <new certificate.crt> <new certificate key.key>
    sudo cp <new certificate.crt> <installation directory>/ssl/nginx/mlad_nginx.crt
    sudo cp <new certificate key.key> <installation directory>/ssl/nginx/mlad_nginx.key

    The new certificate and its key are saved at <installation directory>/ssl/nginx/ as mlad_nginx.crt and mlad_nginx.key, respectively.

  4. Go to the directory where Kaspersky MLAD is installed, and restart it.

After restarting, Kaspersky MLAD uses the new certificate to connect to the web interface.

Updating a certificate for connecting connectors and services

In Kaspersky MLAD, you can use a secure connection for OPC UA Connector, MQTT Connector, AMQP Connector, HTTP Connector, WebSocket Connector, and the Mail Notifier service. You can update certificates for connecting these connectors and the Mail Notifier service using a secure connection in the System parameters section of the administrator menu.

To connect the OPC UA Connector, MQTT Connector, AMQP Connector, HTTP Connector, and WebSocket Connector as well as the Mail Notifier service over a secure connection, it is recommended to use certificates created according to the X.509 standard with a certificate key length of at least 4,096 bits.

The certificate for connecting the KICS Connector is contained in the communication data package, which you can update in Kaspersky Industrial CyberSecurity for Networks. You can upload the updated communication data package to Kaspersky MLAD when configuring the KICS Connector. For detailed information about creating a communication data package, please refer to the Kaspersky Industrial CyberSecurity for Networks Help Guide.

Kaspersky Machine Learning for Anomaly Detection is compatible with Kaspersky Industrial CyberSecurity for Networks version 4.0 and later.

Page top
[Topic 247993]

First startup of Kaspersky MLAD

This section describes the sequence of application configuration steps that must be performed by the system administrator when Kaspersky MLAD is started for the first time.

The first startup of Kaspersky MLAD consists of the following steps:

  1. Starting Kaspersky MLAD

    Start Kaspersky MLAD. The following Kaspersky MLAD prerequisite services will run automatically:

    • API Server
    • Web Server
    • Message Broker
    • Keeper
    • Time Series Database
    • Database
    • Logger
    • Docker API Server
    • Migrations
    • Push server
  2. Connecting to the Kaspersky MLAD web interface

    Open the application web interface in a supported browser and enter the user name and password of the first Kaspersky MLAD user with the system administrator role defined during installation of the application. Change the password for your user account. For a secure connection to the Kaspersky MLAD web interface, you are advised to install a trusted certificate.

    In the System parameters section, in the administrator menu, specify the name of the monitored asset.

  3. Uploading a configuration of tags and assets of the hierarchical structure to Kaspersky MLAD

    For subsequent operation, upload tag and asset configuration to Kaspersky MLAD. Tag and asset configuration is described in a XLSX file. For an example of a tag and asset description, see the Appendix.

  4. Configuring connectors

    To work with data, configure the connectors used at your monitored asset. You can configure the following connectors:

  5. Configuring services

    In the System parameters section of the administrator menu, configure the services that you need to use for your monitored asset. In the Services section, check the statuses of the services and start them, if necessary. For example, the necessary connectors must be running to receive data, and the Anomaly Detector service must be running to correctly detect anomalies.

  6. Connecting to a data source

    When the connectors are configured, start the connectors used for your monitored asset. Go to the Dashboard section and make sure that data is being received by Kaspersky MLAD in online mode.

  7. Creating user accounts

    Create accounts for users of the application and assign the necessary roles to them. Create incident notifications for users.

Kaspersky Machine Learning for Anomaly Detection is prepared for operation, and the application is receiving and processing data.

Users can start working with Kaspersky MLAD using the web interface.

Page top
[Topic 247994]

Removing the application

A user account in the Kaspersky MLAD server operating system must have root access to uninstall the application.

Removal of Kaspersky MLAD must be performed by a qualified technical specialist of the Customer, a Kaspersky employee, or a certified integrator.

When Kaspersky MLAD is removed, all Kaspersky MLAD data that was received, uploaded, and processed since the application was installed will be lost. You are advised to verify that you have a full backup copy of all Kaspersky MLAD data. You can perform a backup when updating the application or with the help of the backup.sh script.

To remove Kaspersky MLAD:

  1. Go to the folder where Kaspersky MLAD is installed (/opt/kaspersky/mlad by default).

    cd mlad-release-5.0.0-<build number>

  2. Run the setup.sh installation script with the -u switch:

    sudo ./setup.sh -u

  3. Follow the instructions of the Application Removal Wizard.

    When deletion of the installed certificates is confirmed, the Wizard will delete the directory in which the backup copies are stored.

Kaspersky MLAD will be removed.

Page top
[Topic 248049]