Cyber Baselining: Statistical properties of cyber time series and the search for stability

A. Schulz, Ethan Aubin, P. Trepagnier, A. Wollaber
{"title":"Cyber Baselining: Statistical properties of cyber time series and the search for stability","authors":"A. Schulz, Ethan Aubin, P. Trepagnier, A. Wollaber","doi":"10.1109/HPEC.2019.8916350","DOIUrl":null,"url":null,"abstract":"Many predictive cyber analytics assume, implicitly or explicitly, that the underlying statistical processes they treat have simple properties. Often statistics predicated on Wiener processes are used, but even if not, assumptions on statistical stationarity, ergodicity, and memorylessness are often present. We present here empirical observations of several common network time series, and demonstrate that these assumptions are false; the series are non-stationary, non-ergodic, and possess complicated correlation structures. We compute several statistical tests, borrowed from other disciplines, for the evaluation of network time series. We discuss the implications of these results on the larger goal of constructing a meaningful cyber baseline of a network or host, intended to establish the bounds of “normal” behavior. For many common network observables used in defensive cyber operations, it may prove to be unrealistic to establish such a baseline, or detect significant deviations from it.","PeriodicalId":184253,"journal":{"name":"2019 IEEE High Performance Extreme Computing Conference (HPEC)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE High Performance Extreme Computing Conference (HPEC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HPEC.2019.8916350","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

Many predictive cyber analytics assume, implicitly or explicitly, that the underlying statistical processes they treat have simple properties. Often statistics predicated on Wiener processes are used, but even if not, assumptions on statistical stationarity, ergodicity, and memorylessness are often present. We present here empirical observations of several common network time series, and demonstrate that these assumptions are false; the series are non-stationary, non-ergodic, and possess complicated correlation structures. We compute several statistical tests, borrowed from other disciplines, for the evaluation of network time series. We discuss the implications of these results on the larger goal of constructing a meaningful cyber baseline of a network or host, intended to establish the bounds of “normal” behavior. For many common network observables used in defensive cyber operations, it may prove to be unrealistic to establish such a baseline, or detect significant deviations from it.
网络基线:网络时间序列的统计特性和对稳定性的追求
许多预测性网络分析都或隐或显地假设,他们处理的底层统计过程具有简单的属性。通常使用基于维纳过程的统计数据,但即使不使用,也经常存在关于统计平稳性、遍历性和无记忆性的假设。我们在这里提出了几个常见的网络时间序列的经验观察,并证明这些假设是错误的;该序列是非平稳的、非遍历的,具有复杂的相关结构。我们计算了几个统计检验,借鉴了其他学科,以评估网络时间序列。我们讨论了这些结果对构建网络或主机的有意义的网络基线的更大目标的影响,旨在建立“正常”行为的界限。对于防御性网络行动中使用的许多常见网络可观测物来说,建立这样一个基线或发现与之有重大偏差可能是不现实的。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信