Abstract

We present a probabilistic model of an intrusion in a marked renewal process.Given a process and a sequence of events, an intrusion is a subsequence ofevents that is not produced by the process. Applications of the model are, forexample, online payment fraud with the fraudster taking over a user's accountand performing payments on the user's behalf, or unexpected equipment failuresdue to unintended use. We adopt Bayesian approach to infer the probability of an intrusion in asequence of events, a MAP subsequence of events constituting the intrusion, andthe marginal probability of each event in a sequence to belong to theintrusion. We evaluate the model for intrusion detection on synthetic data, aswell as on anonymized data from an online payment system.

 

Introduction (beta)

None

 

Conclusion (beta)

None