Skip to content

Building an Anomaly Detection Model using Falkonry Insights

Creating a Baseline Model

How to create a univariate baseline anomaly detection model with:

  1. Select a numeric signal that has consistent data with good sampling rate (>100 mHz recommended)
  2. Identify the baseline normal behavior period (learning range) represented in the selected signal
  3. Run an ANOMALYLEARN flow. Once complete, review the output of the model.
    1. When the output contains gaps, it is likely that the input data has missing values or irregular sampling. Consider revising the learning range to select a period where there is more consistent data in the input signal.
    2. For lower latency change the aperture setting to something smaller (non-default). Consult Falkonry Experts before settling on a non-default aperture.
  4. Capture the Model ID from the flow response for the model that has satisfactory results
  5. Use the Signal ID and the Model ID to start live monitoring.

Evaluate Anomaly Model on Historical Data

Remember to evaluate your anomaly model on the hisotrical data which is explained in the video above. If you are satisfied with the output, you may write it to the M[0] output line.

Warning

NEVER write output to M[0] for any time range that was evaluated during live monitoring. Doing so may interfere with other system artifacts, creating confusion at best and unreliable results at worst.

Revising an Anomaly Model

To revise an existing anomaly detection AI model, we need 3 pieces of information.

  1. Identifier for the signal whose anomaly model needs a revision
  2. One or more new normal time ranges that the model should learn
  3. Source Model that must be revised.