Glossary of Terms
As you explore Scianta’s technology and the world of cognitive computing, you’ll come across some terminology you may be unfamiliar with. We’ve gathered a few terms here which we think will be helpful for you to know.
Any object whose time-varying behavior we want to learn. Actors are often people – users, customers, employees, etc. Importantly, actors may also be machines (such as servers, firewalls, networks, vehicles, industrial robots), systems, product lines, stores, groups of users, or anything else whose changes across time may be tracked by a series of events. Actors are the core modeling elements in Extreme Vigilance.
Artificial Intelligence (AI)
An asset is an entity, generally a machine such as a server, that is acted upon by one or more actors but whose behaviors we are not learning. If we are learning the behavior of an asset then that asset is treated as an actor.
A Machine Intelligence system designed to give people the insight to make smarter decisions. The natural evolution of machine learning, Cognitive Computing attempts to imbue, in computer systems, the same insight and understanding we see in humans. See also: On Cognitive Computing
A named container that holds (persists) all of the information about actors and assets in an Extreme Vigilance system. A cognitive model consumes events, learns normal behavior, detects and quantifies anomalous behaviors, and communicates with the outside world through a stream of cognitive signals. You may create one to many cognitive models. Every Extreme Vigilance installation has at least one, deployed, production, cognitive model model.
A special purpose data type stored by SCM in a dedicated Splunk index, signals serve as Scianta’s cognitive analytics language. Taken together, cognitive signals serve as Scianta’s persistent knowledge store across knowledge nodes. There are three classes of signal: analytics signals, action signals, and status signals. Analytics signals are the result of the recursive cognitive analysis performed by Extreme Vigilance. They characterize the behavior of an actor and record the existence and severity of hazards, threats, and anomalies. Additionally, analytics signals record the relevancy level of the analyzed behavior. Action signals record actions taken by the system. Status signals record the point-in-time status of the system.
Common Information Model (CIM)
A shared semantic model focused on extracting informational value from data. In Splunk, the CIM is implemented as an add-on that contains a collection of data models, documentation, and tools that support the consistent, normalized treatment of data for maximum efficiency at search time. The CIM maps client-specific information into the form needed by Extreme Vigilance. See also: The Splunk Common Information Model (external) and the DIKW Pyramid (external).
Compatibility Index (CIX)
A scalar value in the range 0-1 that represents the degree of membership a measured value has in the fuzzy set that represents a particular Concept. The CIX is a qualitative statement of the measured value’s compatibility with a quantitative Concept. CIX values are used in Extreme Vigilance as measures of compatibility, similarity, and relevancy with Concepts and Rule Sets. This allows Extreme Vigilance to maintain high levels of granularity and fidelity in its cognitive analytics.
An idea represented by a semantic term. In Extreme Vigilance these terms are listed together as a Context, which can be user defined or system generated. “Tall” and “Short” are semantic terms that might be used to describe Concepts in the Context of “Height”. “Speed” might be a Context comprised of the Concepts “Fast” and “Slow”. Each Concept is characterized by a Fuzzy Set in Extreme Vigilance’s cognitive computing engine.
A collection of semantic terms or Concepts that form a conceptually coherent view of a knowledge domain. “Cheap” and “Expensive” are semantic terms that might be used to describe Concepts in the Context of “Price”. “Inventory Level” might be a Context comprised of the Concepts “Minimal”, “Adequate” and “Abundant”. Contexts can be categorized into Classes based on external metrics, such as time-of-day, product category, store location, type of network, etc.
A collection of data object identifiers and their properties, enabling the selection of attributes that will drive analysis. Data dictionaries must establish the data source, time, actors, assets, and actions; they may also establish many more key-value pairs and informational variables. A data dictionary defines and relates data objects for developers as well as the various components of Extreme Vigilance. Preparing a set of data dictionaries is a first step in connecting Extreme Vigilance to the client’s environment.
A data model is a hierarchically structured search-time mapping of semantic knowledge about one or more datasets. In Extreme Vigilance, a data model contains one to many data dictionaries and defines how data elements and data collections are connected to each other, how they are processed, and how they transported and stored within the system. It encodes the domain knowledge necessary to build a variety of specialized searches of those datasets. These specialized searches are used by Splunk software to generate reports for Splunk Pivot users and are used by Extreme Vigilance to define the parameters used by Cognitive Models.
An event is a record of something happening. In machine data, it can be a record of a state change, a discovery, or simply a snapshot of an entity’s state. Events are typically time-ordered and can be taken together to reflect actor behaviors the enterprise. Events are the primary data type in Splunk. An event contains a time stamp, information about the source of the event, and a collection of fields containing data that describes the event. Extreme Vigilance uses events to learn the behavior of the actor(s) associated with the event.
A groundbreaking cognitive computing system designed to deliver machine-intelligence driven solutions for specific high value use cases using behavior analysis, transactional analytics, relevancy analysis and a cognitive rules engine. A Scianta Analytics Extreme Vigilance system consists of one or more targeted Extreme Vigilance apps running atop the Scianta Cognitive Modeler (SCM) platform in Splunk.
A data element in an event or signal. Fields contain data whose behavior may change over time. Extreme Vigilance associates fields with a taxonomy to enable learning from its behavior. Every taxonomy is associated with a terrain to establish granularity of time-based understanding.
A landscape consists of all of the terrains and cognitive graphs associated with a specific actor.
A class of computer systems designed to “think” and learn independently. Machine intelligence systems can bee further classified bay design intent. Artificial Intelligence (AI) systems are generally intended to make decisions in place of people. Cognitive Computing systems are designed to provide the deep insight necessary for people to make smarter decisions.
Developed in the late 1950’s, machine learning has been called “the field of study that gives computers the ability to learn without being explicitly programmed.” (Arthur Samuel, 1959)
Order of Operations
Also: Actor Order of Operation (AOO). The probabilistic order of actions (operations) performed by an actor over a time interval, including the day of week and time of day of each operation. Extreme Vigilance uses advanced cognitive graph theory to learn AOOs.
A set or cohort of actors grouped by some arbitrary attribute. A peer group might be the set of data center managers in the same geographic region or business unit. Peer groups enable deep behavior analysis by revealing similarity and dissimilarity between members of the group. Extreme Vigilance uses Peer Group similarity analysis to produce signals related to unusual actor behaviors.
Scianta Cognitive Modeler (SCM)
Scianta’s distributed cognitive analytics platform, providing powerful behavior analysis, transaction detection and analysis, relevancy analysis, transactional graph analysis, and a cognitive rues engine. Deployed as a Splunk app across one to many cognitive knowledge nodes, SCM provides the analytics fabric for Scianta’s Knowledge Web. SCM differs from traditional machine learning architectures by characterizing its results in qualitative, rather than threshold or parametric terms.
An instance of Extreme Vigilance. Architecturally, a system includes one instance of the Extreme Vigilance app, and one deployment of the Scianta Cognitive Modeler platform, installed within one deployment of Splunk Enterprise.
A hierarchical organization of event data that describes the relationships between data elements both locally (for the actor) and globally (for all actors in the same landscape). A taxonomy has four elements: Actor, Action, Process, Field. Some Actor takes some Action, characterized by some Process against some Field. Every terrain has a unique taxonomy.
A multi-dimensional and dynamically sized mathematical “surface” that stores incoming data. Terrains enable cognitive models to learn time-varying normal behavior and isolate an actor’s periods of regular activity (such as an employee’s work days and time of day). Cognitive models also use the information density of terrains to regularly evaluate the trust level that Extreme Vigilance will place on anomalous behavior discoveries. Terrains sit at the bottom of a taxonomy and form the basis of Extreme Vigilance’s behavior modeling capabilities.
A point in the range of values in a field at which a change of state occurs. Most analytics systems use thresholds as binary limits, in which a measured value is either above or below the threshold. Extreme Vigilance uses thresholds in a qualitative fashion, answering the question “how compatible is the measured value with the threshold?” Qualitative measurement enables value-based judgements, informing the user with an understanding of change rates and degrees of violation. Extreme Vigilance makes it easier to predict when violations may occur or alter response based on the level of violation. Thresholds may be dynamically created and adjusted, which is useful for measuring normalcy or working with a dynamically resizing system. Thresholds may also be preset to a static value, such as a compliance requirement or known equipment tolerance.