We consider the problem of quantifying the degree of association between pairs of discrete event time series, with potential applications in forensic and cybersecurity settings. We focus in particular on the case where two associated event series exhibit temporal clustering such that the occurrence of one type of event at a particular time increases the likelihood that an event of the other type will also occur nearby in time. We pursue a non‐parametric approach to the problem and investigate various score functions to quantify association, including characteristics of marked point processes and summary statistics of interevent times. Two techniques are proposed for assessing the significance of the measured degree of association: a population‐based approach to calculating score‐based likelihood ratios when a sample from a relevant population is available, and a resampling approach to computing coincidental match probabilities when only a single pair of event series is available. The methods are applied to simulated data and to two real world data sets consisting of logs of computer activity and achieve accurate results across all data sets.

中文翻译：

---

量化离散事件时间序列与数字取证应用之间的关联

我们考虑量化离散事件时间序列对之间的关​​联度的问题，并将其应用于法证和网络安全设置中。我们特别关注以下情况：两个关联的事件序列表现出时间聚类，从而在特定时间发生一种类型的事件会增加另一种类型的事件也会在附近及时发生的可能性。我们针对该问题采用非参数方法，并研究了各种评分函数以量化关联，包括标记点过程的特征和事件间隔时间的摘要统计。提出了两种技术来评估所测关联度的重要性：当有相关人口的样本可用时，可以使用基于人口的方法来计算基于得分的似然比；当只有一对事件序列可用时，可以采用重采样方法来计算巧合匹配概率。该方法适用于模拟数据和两个包含计算机活动日志的真实世界数据集，并在所有数据集上获得准确的结果。