Use this URL to cite or link to this record in EThOS: http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.718430
Title: Bayesian change point models for regime detection in stochastic processes with applications in cyber security
Author: Bolton, Alexander
Awarding Body: Imperial College London
Current Institution: Imperial College London
Date of Award: 2016
Availability of Full Text:
Access from EThOS:
Full text unavailable from EThOS. Please try the link below.
Access from Institution:
Abstract:
Some important cyber security data can be modelled using stochastic processes that undergo changes in behaviour over time. Consider a piece of malicious software (malware) that performs different functions as it runs. Data obtained from this software switch between different behaviours that correspond to different functions. Coders create new strains of similar malware by making minor changes to existing malware; these new samples cannot be detected by methods that only identify whether an exact executable file has been seen before. Comparing data from new malware and existing malware, in order to detect similar behaviours, is a cyber security challenge. Methods that can detect these similar behaviours are used to identify similar malware samples. This thesis presents a generalised change point model for stochastic processes that includes regimes, i.e. recurring parameters. For generality the stochastic processes are assumed to be multivariate. A new reversible jump Markov chain Monte Carlo (RJMCMC) sampler is presented for inferring model parameters. The number of change points or regimes need not be specified before inference as the RJMCMC sampler allows these to be inferred. The RJMCMC sampler is applied in different contexts, including estimating malware similarity. A new sequential Monte Carlo (SMC) sampler is also presented. Like the RJMCMC sampler, the SMC sampler infers change points and regimes, but the SMC inference is computed online. The SMC sampler is also applied to detect regimes in a variety of contexts, including connections made in a computer network.
Supervisor: Heard, Nicholas ; Adams, Niall Sponsor: Engineering and Physical Sciences Research Council ; Heilbronn Institute for Mathematical Research
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.718430  DOI: Not available
Share: