Skip to main content
Version: 1.0.0

Anomaly Detection

Cert-IX Anomaly Detection uses advanced machine learning to identify unusual patterns and behaviors in your AI systems and infrastructure.

How It Works​

Behavioral Baseline​

The system learns normal behavior patterns:

  • Network traffic patterns
  • User activity profiles
  • System resource usage
  • AI model input/output patterns
  • API call frequencies

Real-time Monitoring​

Continuous analysis of:

  • All registered assets
  • Network communications
  • User sessions
  • AI model operations
  • Data access patterns

Anomaly Identification​

When behavior deviates from baseline:

  • Deviation is scored for significance
  • Context is analyzed
  • Alert is generated if threshold exceeded
  • Recommended actions provided

Anomaly Types​

Network Anomalies​

  • Unusual traffic volumes
  • New connection patterns
  • Unexpected protocols
  • Geographic anomalies
  • Time-based deviations

User Behavior Anomalies​

  • Unusual login times
  • Atypical access patterns
  • Privilege escalation attempts
  • Data exfiltration indicators
  • Impossible travel detection

AI System Anomalies​

  • Model performance degradation
  • Unusual input patterns
  • Output distribution changes
  • Resource consumption spikes
  • Pipeline execution anomalies

Data Anomalies​

  • Unusual data access volumes
  • Sensitive data queries
  • Bulk data operations
  • Schema violations
  • Data flow anomalies

Using Anomaly Detection​

Viewing Anomalies​

  1. Navigate to AI Security β†’ Anomaly Detection
  2. View the anomaly dashboard
  3. Filter by type, severity, or date
  4. Click any anomaly for details

Anomaly Details​

Each anomaly includes:

  • Timestamp - When detected
  • Type - Category of anomaly
  • Severity - Risk level
  • Affected Assets - Impacted resources
  • Deviation Score - How unusual
  • Context - Related events
  • Recommendations - Suggested actions

Taking Action​

For each anomaly, you can:

  • Investigate - Dig deeper into the event
  • Acknowledge - Mark as reviewed
  • Escalate - Create an incident
  • Dismiss - Mark as false positive
  • Add to Baseline - Update normal behavior

Configuration​

Detection Sensitivity​

Adjust sensitivity levels:

  • High - More alerts, fewer missed events
  • Medium - Balanced approach (recommended)
  • Low - Fewer alerts, may miss subtle anomalies

Baseline Period​

Configure learning period:

  • Minimum: 7 days
  • Recommended: 30 days
  • Custom period available

Alert Thresholds​

Set custom thresholds for:

  • Deviation score triggers
  • Frequency-based alerts
  • Asset-specific sensitivity

Exclusions​

Create exclusions for:

  • Known safe behaviors
  • Scheduled maintenance
  • Approved activities
  • False positive patterns

Alerts and Notifications​

Alert Channels​

Receive anomaly alerts via:

  • Dashboard notifications
  • Email
  • Slack/Teams
  • Webhook
  • SMS (critical only)

Alert Rules​

Create custom rules for:

  • Specific anomaly types
  • Severity thresholds
  • Asset groups
  • Time-based conditions

Best Practices​

  1. Allow learning time - Give the system time to establish baselines
  2. Review regularly - Check anomalies daily
  3. Tune sensitivity - Adjust based on your environment
  4. Update baselines - Reflect legitimate changes
  5. Investigate promptly - Don't let anomalies go stale

Related: