Skip to content

Quantifying the association between discrete event time series with applications to digital forensics

Journal: Journal of the Royal Statistical Society A
Published: 2020
Primary Author: Christopher Galbraith
Secondary Authors: Padhraic Smyth, Hal Stern
Research Area: Digital

We consider the problem of quantifying the degree of association between pairs of discrete event time series, with potential applications in forensic and cybersecurity settings. We focus in particular on the case where two associated event series exhibit temporal clustering such that the occurrence of one type of event at a particular time increases the likelihood that an event of the other type will also occur nearby in time. We pursue a non‐parametric approach to the problem and investigate various score functions to quantify association, including characteristics of marked point processes and summary statistics of interevent times. Two techniques are proposed for assessing the significance of the measured degree of association: a population‐based approach to calculating score‐based likelihood ratios when a sample from a relevant population is available, and a resampling approach to computing coincidental match probabilities when only a single pair of event series is available. The methods are applied to simulated data and to two real world data sets consisting of logs of computer activity and achieve accurate results across all data sets.

Related Resources

A Response to the Threat of Stegware

A Response to the Threat of Stegware

Stegware refers to software, programs or apps that allow insertion of malware into a digital file, such as an image or video, using steganography techniques. Although it has been in…
A Forensic Analysis of Joker-Enabled Android Malware Apps

A Forensic Analysis of Joker-Enabled Android Malware Apps

This project aims at developing a set of automated Android Malware vetting tools to discover all the malicious behaviors of Android Malwares in the forms of files in the local…
LogExtractor: Extracting Digital Evidence from Android Log Messages via String and Taint Analysis

LogExtractor: Extracting Digital Evidence from Android Log Messages via String and Taint Analysis

Mobile devices are increasingly involved in crimes. Therefore, digital evidence on mobile devices plays a more and more important role in crime investigations. Existing studies have designed tools to identify and/or…
Forensic Analysis on Joker Family Android Malware

Forensic Analysis on Joker Family Android Malware

Android is the most popular operating system among mobile devices and the malware targeted explicitly for Android is rapidly growing and spreading across the mobile ecosystem. In this paper, we…