Skip to content

Quantifying the association between discrete event time series with applications to digital forensics

Journal: Journal of the Royal Statistical Society A
Published: 2020
Primary Author: Christopher Galbraith
Secondary Authors: Padhraic Smyth, Hal Stern
Research Area: Digital

We consider the problem of quantifying the degree of association between pairs of discrete event time series, with potential applications in forensic and cybersecurity settings. We focus in particular on the case where two associated event series exhibit temporal clustering such that the occurrence of one type of event at a particular time increases the likelihood that an event of the other type will also occur nearby in time. We pursue a non‐parametric approach to the problem and investigate various score functions to quantify association, including characteristics of marked point processes and summary statistics of interevent times. Two techniques are proposed for assessing the significance of the measured degree of association: a population‐based approach to calculating score‐based likelihood ratios when a sample from a relevant population is available, and a resampling approach to computing coincidental match probabilities when only a single pair of event series is available. The methods are applied to simulated data and to two real world data sets consisting of logs of computer activity and achieve accurate results across all data sets.

Related Resources

Statistical methods for digital image forensics: Algorithm mismatch for blind spatial steganalysis and score-based likelihood ratios for camera device identification

Statistical methods for digital image forensics: Algorithm mismatch for blind spatial steganalysis and score-based likelihood ratios for camera device identification

Forensic science currently faces a variety of challenges. Statistically suitable reference databases need to be developed and maintained. Subjective methods that can introduce bias need to be replaced by objective…
Statistical Methods for the Forensic Analysis of User-Event Data

Statistical Methods for the Forensic Analysis of User-Event Data

A common question in forensic analysis is whether two observed data sets originate from the same source or from different sources. Statistical approaches to addressing this question have been widely…
Hunting wild stego images, a domain adaptation problem in digital image forensics

Hunting wild stego images, a domain adaptation problem in digital image forensics

Digital image forensics is a field encompassing camera identication, forgery detection and steganalysis. Statistical modeling and machine learning have been successfully applied in the academic community of this maturing field.…
Statistical Methods for the Forensic Analysis of Geolocated Event Data

Statistical Methods for the Forensic Analysis of Geolocated Event Data

A common question in forensic analysis is whether two observed data sets originated from the same source or from different sources. Statistical approaches to addressing this question have been widely…
Do you have 44.03 seconds?

44.3 Seconds. That is the average amount of time it takes for a visitor to provide site feedback.
Test it yourself by taking the survey.


    A scientist/researcherA member of the forensic science communityA journalist/publicationA studentOther. Please indicate.


    Learn more about CSAFE overall.Discover research CSAFE is undertaking.Explore collaboration opportunities.Find tools and education opportunities.Other. Please indicate.


    YesNo