When analysing multiple time series that may be subject to changepoints, it is sometimes possible to specify a priori, by means of a graph, which pairs of time series are likely to be impacted by simultaneous changepoints. This article proposes an informative prior for changepoints which encodes the information contained in the graph, inducing a changepoint model for multiple time series that borrows strength across clusters of connected time series to detect weak signals for synchronous changepoints. The graphical model for changepoints is further extended to allow dependence between nearby but not necessarily synchronous changepoints across neighbouring time series in the graph. A novel reversible jump Markov chain Monte Carlo (MCMC) algorithm making use of auxiliary variables is proposed to sample from the graphical changepoint model. The merit of the proposed approach is demonstrated through a changepoint analysis of computer network authentication logs from Los Alamos National Laboratory (LANL), demonstrating an improvement at detecting weak signals for network intrusions across users linked by network connectivity, whilst limiting the number of false alerts.
翻译:在分析可能受更改点影响的多个时间序列时,有时有可能通过图表来指定一个先验性的时间序列,这些时间序列可能会受到同步更改点的影响。本篇文章提议在修改点之前先提供一个信息化的修改点,该修改点编码了图中所含的信息,从而产生一个多时间序列的修改点模型,在连接的时间序列组中借出强度,以探测同步变化点的微弱信号。变化点的图形模型进一步扩展,允许附近但不一定同步改变点之间在图形中相邻的时间序列中的依赖性。一个新的可逆性跳跃Markov链 Monte Carlo(MC)算法,使用辅助变量,建议从图形改变点模型中抽取样本。通过对Los Alamos国家实验室计算机网络验证日志进行变更点分析,表明拟议方法的优点,表明在发现网络连接到的用户网络入侵的薄弱信号方面有所改进,同时限制虚假警报的数量。