Skip to content

Quantifying the association between discrete event time series with applications to digital forensics

Journal: Journal of the Royal Statistical Society A
Published: 2020
Primary Author: Christopher Galbraith
Secondary Authors: Padhraic Smyth, Hal Stern
Research Area: Digital

We consider the problem of quantifying the degree of association between pairs of discrete event time series, with potential applications in forensic and cybersecurity settings. We focus in particular on the case where two associated event series exhibit temporal clustering such that the occurrence of one type of event at a particular time increases the likelihood that an event of the other type will also occur nearby in time. We pursue a non‐parametric approach to the problem and investigate various score functions to quantify association, including characteristics of marked point processes and summary statistics of interevent times. Two techniques are proposed for assessing the significance of the measured degree of association: a population‐based approach to calculating score‐based likelihood ratios when a sample from a relevant population is available, and a resampling approach to computing coincidental match probabilities when only a single pair of event series is available. The methods are applied to simulated data and to two real world data sets consisting of logs of computer activity and achieve accurate results across all data sets.

Related Resources

CSAFE 2021 Field Update

CSAFE 2021 Field Update

The 2021 Field Update was held June 14, 2021, and served as the closing to the first year of CSAFE 2.0. CSAFE brought together researchers, forensic science partners and interested…
Algorithms in Forensic Science: Challenges, Considerations, and a Path Forward

Algorithms in Forensic Science: Challenges, Considerations, and a Path Forward

This CSAFE webinar was held on May 25, 2021. Presenter: Henry Swofford Ph.D. Candidate – University of Lausanne Presentation Description: Over the years, scientific and legal scholars have called for…
Source Code on Trial

Source Code on Trial

This CSAFE symposium was held on March 12, 2021. Presenter: Professor Edward Imwinkelried Edward L. Barrett, Jr. Professor of Law Emeritus, University of California – Davis School of Law Panelists:…
Statistical Methods for the Forensic Analysis of User-Event Data

Statistical Methods for the Forensic Analysis of User-Event Data

A common question in forensic analysis is whether two observed data sets originate from the same source or from different sources. Statistical approaches to addressing this question have been widely…