Detecting periodic subsequences in cyber security data

Statistical approaches to cyber-security involve building realistic probability models of computer network data. In a data pre-processing phase, separating automated events from those caused by human activity should improve statistical model building and enhance anomaly detection capabilities. This...

Full description

Saved in:
Bibliographic Details
Published in:arXiv.org 2017-06
Main Authors: Price-Williams, Matthew, Heard, Nick, Turcotte, Melissa
Format: Article
Language:English
Subjects:
Anomalies
Authentication
Automation
Change detection
Computer networks
Cybersecurity
Missing data
Statistical analysis
Statistical models
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Statistical approaches to cyber-security involve building realistic probability models of computer network data. In a data pre-processing phase, separating automated events from those caused by human activity should improve statistical model building and enhance anomaly detection capabilities. This article presents a changepoint detection framework for identifying periodic subsequences of event times. The opening event of each subsequence can be interpreted as a human action which then generates an automated, periodic process. Difficulties arising from the presence of duplicate and missing data are addressed. The methodology is demonstrated using authentication data from the computer network of Los Alamos National Laboratory.
ISSN:2331-8422