PingIntelligence

AI engine training variables

PingIntelligence AI training depends on a set of parameters configured using Global configuration update REST API. These parameters should be configured before starting the system. It is recommended that you review the variables and configure the best values for your environment. Frequent updates to the training variables may lead to a change in behavior of the AI system. The following are the parameters that need to be configured:

  • attack_initial_training

  • attack_update_interval

  • continuous_learning

  • window_length

The following table describes the various training variables:

Training variables
Variable Description

attack_initial_training

The number of hours that you want to train the AI model before it moves to the prediction mode. The default value is 24-hours. The minimum value is 1 hour.

attack_update_interval

The time interval in hours at which you would want the model thresholds to be updated. The default value is 24 hours. The minimum value is 1 hour. The value in this variable takes effect only when continuous_learning is set to true.

continuous_learning

Setting this value to true configures the AI model to learn continuously based on the live traffic. If it is set to false, the AI model detects attack based on the initial training.

window_length

The maximum time period that the AI model uses to detect attacks across APIs. The default and maximum value for window_length is 24 hours. The training period should be longer than the window_length period.

root_api_attack

Configure as true if you want AI engine to detect attacks on the root API. Set it to false if you do not wish the AI engine to detect attacks on the root API. The default value is false.

session_inactivity_duration

The time in minutes for an inactive user session after which API Behavioral Security (ABS) decides that the session has terminated. The default value is 30 minutes. You can configure it to any value in minutes.

This variable only applies to account take over attack.

Following is a snippet from the response global config API.

{
    “company”: “ping identity”,
    “name”: “api_globalconfig”,
    “description”: “This report contains status information of ABS global configurations”,
    “global_config”: {
         “attack_initial_training”: 2,
         “attack_update_interval”: 1,
        “api_discovery”: true,
        “discovery_initial_period”: 100,
        “discovery_subpath”: 3,
        “discovery_update_interval”: 1,
        “poc”: false,
        “url_limit”: 120,
        “response_size”: 150,
         “continuous_learning”: false,
        “attack_list_count”: 400000,
         “root_api_attack”: true, “session_inactivity_duration”: 10
    }
}
Miscellaneous variables
Variable Description

response_size

Maximum size in MB of the data fetched by external calls to ABS REST APIs. The default value is 100 MB.

enable_ssl

By default it is set to true, and SSL communication is enabled between API Security Enforcer (ASE) and ABS, and for external systems making rest API calls to ABS. See Configure SSL for more information.