Abstract
We present a probabilistic model of an intrusion in a marked renewal process.Given a process and a sequence of events, an intrusion is a subsequence ofevents that is not produced by the process. Applications of the model are, forexample, online payment fraud with the fraudster taking over a user's accountand performing payments on the user's behalf, or unexpected equipment failuresdue to unintended use. We adopt Bayesian approach to infer the probability of an intrusion in asequence of events, a MAP subsequence of events constituting the intrusion, andthe marginal probability of each event in a sequence to belong to theintrusion. We evaluate the model for intrusion detection on synthetic data, aswell as on anonymized data from an online payment system.