358 research outputs found
Bayesian Detection of Changepoints in Finite-State Markov Chains for Multiple Sequences
We consider the analysis of sets of categorical sequences consisting of
piecewise homogeneous Markov segments. The sequences are assumed to be governed
by a common underlying process with segments occurring in the same order for
each sequence. Segments are defined by a set of unobserved changepoints where
the positions and number of changepoints can vary from sequence to sequence. We
propose a Bayesian framework for analyzing such data, placing priors on the
locations of the changepoints and on the transition matrices and using Markov
chain Monte Carlo (MCMC) techniques to obtain posterior samples given the data.
Experimental results using simulated data illustrates how the methodology can
be used for inference of posterior distributions for parameters and
changepoints, as well as the ability to handle considerable variability in the
locations of the changepoints across different sequences. We also investigate
the application of the approach to sequential data from two applications
involving monsoonal rainfall patterns and branching patterns in trees
Bayesian changepoint models motivated by cyber-security applications
Changepoint detection has an important role to play in the next generation of cyber security defenses. A cyber attack typically changes the behaviour of the target network. Therefore, to detect the presence of a network intrusion, it can be informative to monitor for changes in the high-volume data sources that are collected inside an enterprise computer network. However, most traditional changepoint detection methods are not adapted to characterise what cyber security analysts mean by a change, and consequently raise too many false alerts but also overlook weak signals that are suggestive of a real attack. This thesis will present three novel Bayesian changepoint models that address some challenges raised by cyber data: the first model combines evidence across a graph of time series to identify patterns of changepoints that are a priori more likely to correspond to an attack; the second model offers robustness to non-exchangeable data within segments so that normal dynamic phenomena observed in cyber data can be captured; and, the third model relaxes the standard assumption that changes are instantaneous, so that time intervals where cyber data may be subject to non-instantaneous changes can be identified.Open Acces
Bayesian Nonparametric Hidden Semi-Markov Models
There is much interest in the Hierarchical Dirichlet Process Hidden Markov
Model (HDP-HMM) as a natural Bayesian nonparametric extension of the ubiquitous
Hidden Markov Model for learning from sequential and time-series data. However,
in many settings the HDP-HMM's strict Markovian constraints are undesirable,
particularly if we wish to learn or encode non-geometric state durations. We
can extend the HDP-HMM to capture such structure by drawing upon
explicit-duration semi-Markovianity, which has been developed mainly in the
parametric frequentist setting, to allow construction of highly interpretable
models that admit natural prior information on state durations.
In this paper we introduce the explicit-duration Hierarchical Dirichlet
Process Hidden semi-Markov Model (HDP-HSMM) and develop sampling algorithms for
efficient posterior inference. The methods we introduce also provide new
methods for sampling inference in the finite Bayesian HSMM. Our modular Gibbs
sampling methods can be embedded in samplers for larger hierarchical Bayesian
models, adding semi-Markov chain modeling as another tool in the Bayesian
inference toolbox. We demonstrate the utility of the HDP-HSMM and our inference
methods on both synthetic and real experiments
Changepoint detection on a graph of time series
When analysing multiple time series that may be subject to changepoints, it is sometimes possible to specify a priori, by means of a graph, which pairs of time series are likely to be impacted by simultaneous changepoints. This article proposes an informative prior for changepoints which encodes the information contained in the graph, inducing a changepoint model for multiple time series that borrows strength across clusters of connected time series to detect weak signals for synchronous changepoints. The graphical model for changepoints is further extended to allow dependence between nearby but not necessarily synchronous changepoints across neighbouring time series in the graph. A novel reversible jump Markov chain Monte Carlo (MCMC) algorithm making use of auxiliary variables is proposed to sample from the graphical changepoint model. The merit of the proposed approach is demonstrated through a changepoint analysis of computer network authentication logs from Los Alamos National Laboratory (LANL), demonstrating an improvement at detecting weak signals for network intrusions across users linked by network connectivity, whilst limiting the number of false alerts
- …