DeepGuardian Struture
The Aggregator corresponds to the main framework unit, being responsible for coordinating the Federated Training procedure. It performs the management and distribution of the different ML models used for anomaly detection.
The Collector and the Agent components have several responsibilities. On one hand, the Collector is responsible for collecting the network inbound and outbound traffic passing through the main interface of application it is next to. On the other hand, the Agent is responsible for inferencing stored data, resulting in the identification of the potential malicious flows that are then reported to the Dashboard. Periodically, there is also a routine in this component, that executes federated training rounds to train a new instance of the ML model, thus keeping the local ML model up to date with the newest network changes. This process is managed by the Aggregator for all the cloud-native applications being monitored.
The dashboard consists of a GUI that provides observability over the inbound and outbound network traffic of the protected application, being possible to represent normal and malicious flows. With this dashboard, it is possible to identify and select services that will be protected and visualize the network flows of this service in real time. It is also possible to change the parameters from the ML models that classify the network flows of each application, including results from each ML models, its accuracy and the parameters that have been used and led to the results.