Understanding Traffic Patterns of Covid-19 IoC in Huge Academic Backbone Network SINET

Recently, APT (Advanced Persistent Threats) groups are using the COVID-19 pandemic as part of their cyber operations. In response to cyber threat actors, IoCs (Indicators of Compromise) are being provided to help us take some countermeasures. In this paper, we analyse how the coronavirus-based cyber attack unfolded on the academic infrastructure network SINET (The Science Information Network) based on the passive measurement with IoC. SINET is Japan's academic information infrastructure network. To extract and analyze the traffic patterns of the COVID-19 attacker group, we implemented a data flow pipeline for handling huge session traffic data observed on SINET. The data flow pipeline provides three functions: (1) identification the direction of the traffic, (2) filtering the port numbers, and (3) generation of the time series data. From the output of our pipeline, it is clear that the attacker's traffic can be broken down into several patterns. To name a few, we have witnessed (1) huge burstiness (port 25: FTP and high port applications), (3) diurnal patterns (port 443: SSL), and (3) periodic patterns with low amplitude (port 25: SMTP) We can conclude that some unveiled patterns by our pipeline are informative to handling security operations of the academic backbone network. Particularly, we have found burstiness of high port and unknown applications with the number of session data ranging from 10,000 to 35,000. For understanding the traffic patterns on SINET, our data flow pipeline can utilize any IoC based on the list of IP address for traffic ingress/egress identification and port filtering.

Download Full-text

Mining asynchronous periodic patterns in time series data

Proceedings of the sixth ACM SIGKDD international conference on Knowledge discovery and data mining - KDD '00 ◽

10.1145/347090.347150 ◽

2000 ◽

Cited By ~ 40

Author(s):

Jiong Yang ◽

Wei Wang ◽

Philip S. Yu

Keyword(s):

Time Series ◽

Time Series Data ◽

Series Data ◽

Periodic Patterns

Download Full-text

Dynamic cyber risk estimation with competitive quantile autoregression

Data Mining and Knowledge Discovery ◽

10.1007/s10618-021-00814-z ◽

2022 ◽

Author(s):

Raisa Dzhamtyrova ◽

Carsten Maple

Keyword(s):

Value At Risk ◽

Arrival Time ◽

Time Series Data ◽

Risk Estimation ◽

Series Data ◽

Cyber Attack ◽

Significance Level ◽

Confidence Levels ◽

Quantile Autoregression ◽

Cyber Risk

AbstractThe increasing value of data held in enterprises makes it an attractive target to attackers. The increasing likelihood and impact of a cyber attack have highlighted the importance of effective cyber risk estimation. We propose two methods for modelling Value-at-Risk (VaR) which can be used for any time-series data. The first approach is based on Quantile Autoregression (QAR), which can estimate VaR for different quantiles, i. e. confidence levels. The second method, we term Competitive Quantile Autoregression (CQAR), dynamically re-estimates cyber risk as soon as new data becomes available. This method provides a theoretical guarantee that it asymptotically performs as well as any QAR at any time point in the future. We show that these methods can predict the size and inter-arrival time of cyber hacking breaches by running coverage tests. The proposed approaches allow to model a separate stochastic process for each significance level and therefore provide more flexibility compared to previously proposed techniques. We provide a fully reproducible code used for conducting the experiments.

Download Full-text

TimeTrial: An Interactive Application for Optimizing the Design and Analysis of Transcriptomic Time-Series Data in Circadian Biology Research

Journal of Biological Rhythms ◽

10.1177/0748730420934672 ◽

2020 ◽

Vol 35 (5) ◽

pp. 439-451 ◽

Cited By ~ 2

Author(s):

Elan Ness-Cohn ◽

Marta Iwanaszko ◽

William L. Kath ◽

Ravi Allada ◽

Rosemary Braun

Keyword(s):

Time Series ◽

Experimental Design ◽

Time Series Data ◽

Synthetic Data ◽

Optimal Choice ◽

Series Data ◽

Detection Accuracy ◽

Periodic Patterns ◽

Detection Algorithms ◽

The Impact

The circadian rhythm drives the oscillatory expression of thousands of genes across all tissues, coordinating physiological processes. The effect of this rhythm on health has generated increasing interest in discovering genes under circadian control by searching for periodic patterns in transcriptomic time-series experiments. While algorithms for detecting cycling transcripts have advanced, there remains little guidance quantifying the effect of experimental design and analysis choices on cycling detection accuracy. We present TimeTrial, a user-friendly benchmarking framework using both real and synthetic data to investigate cycle detection algorithms’ performance and improve circadian experimental design. Results show that the optimal choice of analysis method depends on the sampling scheme, noise level, and shape of the waveform of interest and provides guidance on the impact of sampling frequency and duration on cycling detection accuracy. The TimeTrial software is freely available for download and may also be accessed through a web interface. By supplying a tool to vary and optimize experimental design considerations, TimeTrial will enhance circadian transcriptomics studies.

Download Full-text

Mining asynchronous periodic patterns in time series data

IEEE Transactions on Knowledge and Data Engineering ◽

10.1109/tkde.2003.1198394 ◽

2003 ◽

Vol 15 (3) ◽

pp. 613-628 ◽

Cited By ~ 76

Author(s):

Jiong Yang ◽

Wei Wang ◽

P.S. Yu

Keyword(s):

Time Series ◽

Time Series Data ◽

Series Data ◽

Periodic Patterns

Download Full-text

Kaleidomaps: A New Technique for the Visualization of Multivariate Time-Series Data

Information Visualization ◽

10.1057/palgrave.ivs.9500154 ◽

2007 ◽

Vol 6 (2) ◽

pp. 155-167 ◽

Cited By ~ 9

Author(s):

Kim Bale ◽

Paul Chapman ◽

Nick Barraclough ◽

Jon Purdy ◽

Nizamettin Aydin ◽

...

Keyword(s):

Time Series ◽

Time Series Data ◽

Multivariate Time Series ◽

Rapid Identification ◽

Series Data ◽

Data Sets ◽

Periodic Patterns ◽

Large Complex ◽

Visualization Tools ◽

Glass Patterns

In this paper, we describe a new visualization technique that can facilitate our understanding and interpretation of large complex multivariate time-series data sets. ‘Kaleidomaps’ have been carefully developed taking into account research into how we perceive form and structure within Glass patterns. We have enhanced the classic cascade plot using the curvature of a line to alter the detection of possible periodic patterns within multivariate dual periodicity data sets. Similar to Glass patterns, the concentric nature of the Kaleidomap may induce a motion signal within the brain of the observer facilitating the perception of patterns within the data. Kaleidomaps and our associated visualization tools alter the rapid identification of periodic patterns not only within their own variants but also across many different sets of variants. By linking this technique with traditional line graphs and signal processing techniques, we are able to provide the user with a set of visualization tools that permit the combination of multivariate time-series data sets in their raw form and also with the results of mathematical analysis. In this paper, we provide two case study examples of how Kaleidomaps can be used to improve our understanding of large complex multivariate time dependent data.

Download Full-text

Task-Decomposition based Anomaly Detection of Massive And High-Volatility Session Data on Academic Backbone Network

International Journal of Distributed and Parallel systems ◽

10.5121/ijdps.2021.12201 ◽

2021 ◽

Vol 12 (2) ◽

pp. 1-9

Author(s):

Ruo Ando ◽

Youki Kadobayashi ◽

Hiroki Takakura

Keyword(s):

Anomaly Detection ◽

Data Stream ◽

Dynamic Scheduling ◽

Time Series Data ◽

Series Data ◽

Task Decomposition ◽

Backbone Network ◽

High Volatility ◽

Scheduling Method ◽

Science Information

The Science Information Network (SINET) is a Japanese academic backbone network for more than 800 universities and research institutions. The characteristic of SINET traffic is that it is enormous and highly variable. In this paper, we present a task-decomposition based anomaly detection of massive and highvolatility session data of SINET. Three main features are discussed: Tash scheduling, Traffic discrimination, and Histogramming. We adopt a task-decomposition based dynamic scheduling method to handle the massive session data stream of SINET. In the experiment, we have analysed SINET traffic from 2/27 to 3/8 and detect some anomalies by LSTM based time-series data processing.

Download Full-text

spiralize: an R Package for Visualizing Data on Spirals

10.1101/2021.06.30.450482 ◽

2021 ◽

Author(s):

Zuguang Gu ◽

Daniel Huebschmann

Keyword(s):

Time Series ◽

General Solution ◽

Data Visualization ◽

Real World ◽

Time Series Data ◽

R Package ◽

Series Data ◽

Periodic Patterns ◽

Real World Datasets ◽

High Level

Spiral layout has two major advantages for data visualization. First, it is able to visualize data with long axes, which greatly improves the resolution of visualization. Second, it is efficient for time series data to reveal periodic patterns. Here we present the R package spiralize that provides a general solution for visualizing data on spirals. spiralize implements numerous graphics functions so that self-defined high-level graphics can be easily implemented by users. The power of spiralize is demonstrated by five real world datasets.

Download Full-text

Mining Dense Periodic Patterns in Time Series Data

22nd International Conference on Data Engineering (ICDE'06) ◽

10.1109/icde.2006.97 ◽

2006 ◽

Cited By ~ 10

Author(s):

Chang Sheng ◽

W. Hsu ◽

Mong Li Lee

Keyword(s):

Time Series ◽

Time Series Data ◽

Series Data ◽

Periodic Patterns

Download Full-text

Graphical Exploratory Data Analysis for Categorical Longitudinal and Time Series Data

PsycEXTRA Dataset ◽

10.1037/e634372013-001 ◽

2013 ◽

Author(s):

Stephen J. Tueller ◽

Richard A. Van Dorn ◽

Georgiy Bobashev ◽

Barry Eggleston

Keyword(s):

Time Series ◽

Data Analysis ◽

Exploratory Data Analysis ◽

Time Series Data ◽

Series Data ◽

Exploratory Data

Download Full-text

Some statistical and CI models to predict chaotic high-frequency financial data

Journal of Intelligent & Fuzzy Systems ◽

10.3233/jifs-189107 ◽

2020 ◽

Vol 39 (5) ◽

pp. 6419-6430

Author(s):

Dusan Marcek

Keyword(s):

Time Series Data ◽

Moving Average ◽

Methodological Approach ◽

Back Propagation ◽

Large Data ◽

Series Data ◽

Data Set ◽

Training Time ◽

Optimal Population ◽

Forecast Time

To forecast time series data, two methodological frameworks of statistical and computational intelligence modelling are considered. The statistical methodological approach is based on the theory of invertible ARIMA (Auto-Regressive Integrated Moving Average) models with Maximum Likelihood (ML) estimating method. As a competitive tool to statistical forecasting models, we use the popular classic neural network (NN) of perceptron type. To train NN, the Back-Propagation (BP) algorithm and heuristics like genetic and micro-genetic algorithm (GA and MGA) are implemented on the large data set. A comparative analysis of selected learning methods is performed and evaluated. From performed experiments we find that the optimal population size will likely be 20 with the lowest training time from all NN trained by the evolutionary algorithms, while the prediction accuracy level is lesser, but still acceptable by managers.

Download Full-text