Reputation: 11
Finding periodic patterns from several systems in a combined eventlog
I am working on some security analysis tools for network traffic in industrial control systems. I've hit a wall with my algorithmical abilites and would greatly appreciate some ideas.
A generalized description of the problem:
Assume there are X number of systems generating periodic events. Each system has its own period but they may have the same period as other systems. The systems also have a starting time offset, such that the first event is generated at T=offset. The events are sent trough a central node which relays them to a remote server.
The goal is to estimate the number of systems and their periods based on the timestamps of the generated events. The issue is that the way the data is sent obfuscates much of the information that could be used to seperate the systems from each other. Additionally I cannot assume that I will be able to interpret all parts of the packets since some devices use proprietary protocols.
This means that the data I have to work with is a timeline of events.
Further complicating the issue is that there may be several plausible guesses for the ammount of systems and their periods. A quick image of what I mean: Three timelines, one with unknown data, two with different guesses
The first timeline shows that data I have to work with, unknown events on a timeline. The seconds timeline shows one possible correct guess, two systems with periods 1 and 2. The third timeline shows another possible guess, three systems, all with periods 2.
Choosing the correct guess is not a problem as of now, since I've got hueristics that can pick the most likely one. Finding all the guesses is the issue.
I've spent a couple of days searching for papers and methods for acheiving this, since it feels to me like something some smart mathematician has though of previously, but i've not found much that is applicable.
My first attempt was of course fourier analysis, but since the data here is represented in one dimention and not as normal XY signal i don't see a way to apply those algorithms to this problem. Maybe i'm missing something.
Next attempt was using autocorrelation to detect periodic patterns, but since systems may (and are somewhat likely to) have the same periods this gave me alot of false positives and several false negatives. This may still be a viable option however.
I've also attempted to implement some very (very) naive solutions that basically assume number of systems, start offsets, and periods and attempt to get a "best fit" but that is neither good nor scalable. Basically brute force.
This question from 2010 is similar, but with they key difference that the origin of the event is know. Still may be interesting.
If anyone knows of any methods or papers that deal with this issue or similar stuff that i can adapt i would be very grateful.
Upvotes: 1
Views: 52
Answers (0)
Related Questions
- Line chart tooltip over all periods
- Fastest way to flatten / un-flatten nested JavaScript objects
- Find a period of eventually periodic sequence
- How to find list of possible words from a letter matrix [Boggle Solver]
- Representing and solving a maze given an image
- Unrelated tables and time intervals
- How to isolate periods with outliers on dataframe
- Calculate number of overlapping days between two datesets of periods according to condition and periods (partially) overlapping
- Algorithm for classifying words for hangman difficulty levels as "Easy","Medium", or "Hard"
- How do I select from a set of uncertain guesses?