TY - JOUR AU - Sharadkin, Dmyto PY - 2017/06/30 Y2 - 2024/03/29 TI - Сhange-point detection test based on the analysis of the time series' autocorrelation and its application for information security JF - Collection "Information Technology and Security" JA - ITS VL - 5 IS - 1 SE - MATHEMATICAL AND COMPUTER MODELING DO - 10.20535/2411-1031.2017.5.1.120555 UR - https://its.iszzi.kpi.ua/article/view/120555 SP - 42-54 AB - <p align="justify">Methods for detection changes in the behavior of technical objects, in particular in modern information and computer networks, which are based on the analysis of time series has been investigated. It is shown that these objects are characterized by great internal complexity, as well as a variety of probability distribution of their values. A wide range of possible forms and characteristics of behavior changes caused by unpredictability of both the causes themselves and their possible impact on these objects makes research and practical application of change-point detection in this field extremely difficult. These limitations restrict every single method and require the combined aggregate application of the tests for change-point detection in models. The paper survey is one of such tests, which is based on the application of the first order autocorrelation coefficient of the time series. Statistical simulation of the process has been applied for analysis of the possibilities of the test, its power, efficiency and restrictions. Dependencies of the test’s results on the various change-detection algorithm parameters are analyzed. An examining, analyzing and comparison of the test with similar ones for detection of changes in the behavior of objects has been executed. It was determined that in difficult cases the test shows not the worst, but often the best result in terms of the numbers of type I and type II errors, and of the time, which was spent for decision making. The utilization of this test for monitoring of the information and computer networks could increase the level of protection against  various types  of DoS attacks, intrusions, as well as from other causes of  efficiency loss.</p> ER -