A Renewal Model of Intrusion.

We present a probabilistic model of an intrusion in a renewal process. Given a process and a sequence of events, an intrusion is a subsequence of events that is not produced by the process. Applications of the model are, for example, online payment fraud with the fraudster taking over a user's account and performing payments on the user's behalf, or unexpected equipment failures due to unintended use. We adopt Bayesian approach to infer the probability of an intrusion in a sequence of events, a MAP subsequence of events constituting the intrusion, and the marginal probability of each event in a sequence to belong to the intrusion. We evaluate the model for intrusion detection on synthetic data and on anonymized data from an online payment system.

[1]  Z. Schuss Theory and Applications of Stochastic Processes: An Analytical Approach , 2009 .

[2]  S. Asgarpoor,et al.  Preventive Maintenance Using Continuous-Time Semi-Markov Processes , 2006, 2006 38th North American Power Symposium.

[3]  Vipin Kumar,et al.  Anomaly Detection for Discrete Sequences: A Survey , 2012, IEEE Transactions on Knowledge and Data Engineering.

[4]  Barnabás Póczos,et al.  Group Anomaly Detection using Flexible Genre Models , 2011, NIPS.

[5]  Xin-She Yang,et al.  Introduction to Algorithms , 2021, Nature-Inspired Optimization Algorithms.

[6]  Barnabás Póczos,et al.  Hierarchical Probabilistic Models for Group Anomaly Detection , 2011, AISTATS.

[7]  New York Dover,et al.  ON THE CONVERGENCE PROPERTIES OF THE EM ALGORITHM , 1983 .

[8]  David Lando,et al.  On cox processes and credit risky securities , 1998 .

[9]  S. Lalley RENEWAL THEORY , 2014 .

[10]  V. Chavez-Demoulin,et al.  High-frequency financial data modeling using Hawkes processes , 2012 .

[11]  Richard M. Everson,et al.  Hidden Markov Independent Component Analysis , 2000 .

[12]  Charu C. Aggarwal,et al.  Outlier Detection for Temporal Data , 2014, Outlier Detection for Temporal Data.

[13]  Dan Stowell,et al.  Segregating event streams and noise with a Markov renewal process model , 2012, J. Mach. Learn. Res..

[14]  A. McNeil,et al.  Common Poisson Shock Models: Applications to Insurance and Credit Risk Modelling , 2003, ASTIN Bulletin.

[15]  Brian Everitt,et al.  An Introduction to Latent Variable Models , 1984 .

[16]  David A. Clifton,et al.  A review of novelty detection , 2014, Signal Process..

[17]  R. Gallager Stochastic Processes , 2014 .

[18]  Hoang Pham,et al.  A quasi renewal process and its applications in imperfect maintenance , 1996, Int. J. Syst. Sci..

[19]  Yosihiko Ogata,et al.  Statistical Models for Earthquake Occurrences and Residual Analysis for Point Processes , 1988 .

[20]  Michael I. Jordan,et al.  Modeling Events with Cascades of Poisson Processes , 2010, UAI.

[21]  L. Baum,et al.  A Maximization Technique Occurring in the Statistical Analysis of Probabilistic Functions of Markov Chains , 1970 .

[22]  Sameer Singh,et al.  Novelty detection: a review - part 1: statistical approaches , 2003, Signal Process..

[23]  Zoubin Ghahramani,et al.  A Unifying Review of Linear Gaussian Models , 1999, Neural Computation.