English

Detecting periodic subsequences in cyber security data

Applications 2017-07-04 v1

Abstract

Statistical approaches to cyber-security involve building realistic probability models of computer network data. In a data pre-processing phase, separating automated events from those caused by human activity should improve statistical model building and enhance anomaly detection capabilities. This article presents a changepoint detection framework for identifying periodic subsequences of event times. The opening event of each subsequence can be interpreted as a human action which then generates an automated, periodic process. Difficulties arising from the presence of duplicate and missing data are addressed. The methodology is demonstrated using authentication data from the computer network of Los Alamos National Laboratory.

Keywords

Cite

@article{arxiv.1707.00640,
  title  = {Detecting periodic subsequences in cyber security data},
  author = {Matthew Price-Williams and Nick Heard and Melissa Turcotte},
  journal= {arXiv preprint arXiv:1707.00640},
  year   = {2017}
}

Comments

31 pages, 10 Figures

R2 v1 2026-06-22T20:36:38.041Z