¶ … Malicious network intrusion is typically associated with specific data trends and data alerts through which network attacks can be detected and mitigated. The evaluation of those data to illuminate identifiable trends relies on sequential observation at regular time intervals. This time-series-process approach to data analysis can apply either to single-series (i.e. univariate) observations or to multiple-series (i.e. multivariate) observations.
Stationery time series analysis is particularly useful in predictive modeling, but requires statistical uniformity of the observations (i.e. random variables) over time. Time series analysis is dependent on constant variance about a fixed mean. Moreover, that mean must be a constant and not a function of time shift, making it "weakly stationary."
Time series analyses that satisfy the applicable criteria allow IT security to detect and identify the nature and significance of non-randomness in data. Time series modeling exploits data trends in the past to formulate predictive models of future behavior. In principle, this is made possible by permitting the dependent variables to reflect past data and past independent-variable data. Time series are self-similar in that they reveal the same patterns at different scales. The available methods for time series modeling include autoregressive, moving average, and their hybrid: autoregressive moving average. In autoregressive analysis, the current data are presumed to be functions of previous data points. In moving-average analysis, correlation between the past and present is achieved by introducing past data into the current process. Meanwhile, the autoregressive-moving-average hybrid approach is intended to accommodate circumstances where neither autoregressive nor moving average is capable of precisely fitting complex auto-correlational data.
In time series predictive modeling, estimating the expected prediction error is a function of the difference between the observed data and the values predicted statistically by the past data, otherwise known as residual analysis. This process also provides the primary means of checking the models generated through times series analyses. This residual-analysis approach is flexible enough to employ time plots, histograms, and auto-correlation. Likewise, time-series analyses allow the forecasting of future events for which no available data yet exists.
