Imperial College London
Portrait Picture

Professor Nick Heard

Faculty of Natural SciencesDepartment of Mathematics

Chair in Statistics
 
 
 
//

Contact

 

+44 (0)20 7594 1490n.heard Website

 
 
//

Location

 

543Huxley BuildingSouth Kensington Campus

//

Summary

 

Publications

Citation

BibTex format

@article{Sanna:2020:10.1007/s11222-020-09943-9,
author = {Sanna, Passino F and Heard, NA},
doi = {10.1007/s11222-020-09943-9},
journal = {Statistics and Computing},
pages = {1241--1254},
title = {Classification of periodic arrivals in event time data for filtering computer network traffic},
url = {http://dx.doi.org/10.1007/s11222-020-09943-9},
volume = {30},
year = {2020}
}
Download

RIS format (EndNote, RefMan)

TY  - JOUR
AB  - Periodic patterns can often be observed in real-world event time data, possibly mixed with non-periodic arrival times. For modelling purposes, it is necessary to correctly distinguish the two types of events. This task has particularly important implications in computer network security; there, separating automated polling traffic and human-generated activity in a computer network is important for building realistic statistical models for normal activity, which in turn can be used for anomaly detection. Since automated events commonly occur at a fixed periodicity, statistical tests using Fourier analysis can efficiently detect whether the arrival times present an automated component. In this article, sequences of arrival times which contain automated events are further examined, to separate polling and non-periodic activity. This is first achieved using a simple mixture model on the unit circle based on the angular positions of each event time on the p-clock, where p represents the main periodicity associated with the automated activity; this model is then extended by combining a second source of information, the time of day of each event. Efficient implementations exploiting conjugate Bayesian models are discussed, and performance is assessed on real network flow data collected at Imperial College London.
AU  - Sanna,Passino F
AU  - Heard,NA
DO  - 10.1007/s11222-020-09943-9
EP  - 1254
PY  - 2020///
SN  - 0960-3174
SP  - 1241
TI  - Classification of periodic arrivals in event time data for filtering computer network traffic
T2  - Statistics and Computing
UR  - http://dx.doi.org/10.1007/s11222-020-09943-9
UR  - https://link.springer.com/article/10.1007%2Fs11222-020-09943-9
UR  - http://hdl.handle.net/10044/1/79250
VL  - 30
ER  -
Download