# How to Protect against Failed Authentications

An alerting current formula defines a formula which SL1 will test each time new data is collected. Each formula has collection objects to which the formula will be applied. When SL1 tests the alert formula, it will replace the latest collected values for all collection objects whenever SL1 determines that the formula to be tested is invalid. The validity of an alert can be validated by observing whether or not a new value has been inserted into the formula. An example of a validating rule with invalidating invalidation is illustrated using data consisting of one hundred thousand sales. If a formula were to be tested for regular changes of less than one tenth of a percent, the invalidating rule would hold true, because a normal distribution function would show such a deviation. In this example, the standard deviation is being used to illustrate the problem with the test rule. Sales volume may be increasing at a steady rate, while the average sale price is decreasing. Since an alert based on the sales volume would indicate an increase in average sale price, any downward variation of sales volume should trigger an alert to indicate an invalidation of the normal distribution.

A standard deviation, when used in an alert, is just an ordinary mathematical mean of the deviation that would be obtained if the distribution of the data taken was random. In this example, the mathematical mean for a continuous distribution is the mean of the deviation that would occur if the distribution were random. In other words, the standard deviation can be viewed as a deviation that occurred randomly. Using a normal distribution to describe the data sample can make the alert trigger an invalid one if the formula used to create the collection objects is not structured correctly.

Suppose, for example, that the sales volume of the previous month is set at 100. Assume further that the range of prices has been set at a level that produces a range of single-sale values within the interval [a b, c]. Now assume that for some reason these values do not form a normal distribution.

Assume also that the mean and standard deviation function would return values outside the range expected by any normal distribution. The formula that is evaluated would therefore trigger an invalid trigger if the values it returns are outside the range of the interval it is evaluating over. Now suppose further that the formula used to create the collection objects is: ab + b * mean (abs(a – c) / mean(abs(b – c) / mean (abs(a – d)), where ab is the arithmetic mean, b is the standard deviation, it is the range of prices, and d is the number of days in the interval. This is a very simple formula but if we were to use it to create a report that tells the company’s profits for the last six months the above problem would show up because the result would be outside the range expected by any normal distribution.

What should one do if the above problem occurs? Evaluate the formula in question using a data set with a normal distribution, not an abnormal one. That way the problem will show up, making it impossible to trigger the invalidation rule. The other option is to re-evaluate the formula using the normal distribution. In this case the problem would appear only if the values are very far from the mean or the normal distribution.

One could also assume that the customer did not supply valid pricing information and request that the formula be validated. If the validity of the requested formula is guaranteed then it could simply be assumed that the company could define two alerts that would trigger the normal and abnormal distributions respectively. Such a guarantee could not, however, be considered good enough to protect against failed authentications.

A third possibility is that the customer provides invalid inputs, but the formula used to compute the aggregated data uses a syntax tree rather than a traditional validator function returning true or false results. Assuming this scenario, then the formula may trigger two or more failure states, depending on the number of clauses in the input. Again, the aim here is to protect against failed authentications. 