Periodic patterns can often be observed in real-world event time data, possibly mixed with non-periodic arrival times. For modelling purposes, it is necessary to correctly distinguish the two types of events. This task has particularly important implications in computer network security; there, separating automated polling traffic and human-generated activity in a computer network is important for building realistic statistical models for normal activity, which in turn can be used for anomaly detection. Since automated events commonly occur at a fixed periodicity, statistical tests using Fourier analysis can efficiently detect whether the arrival times present an automated component. In this article, sequences of arrival times which contain automated events are further examined, to separate polling and non-periodic activity. This is first achieved using a simple mixture model on the unit circle based on the angular positions of each event time on the p-clock, where p represents the main periodicity associated with the automated activity; this model is then extended by combining a second source of information, the time of day of each event. Efficient implementations exploiting conjugate Bayesian models are discussed, and performance is assessed on real network flow data collected at Imperial College London.

中文翻译：

---

事件时间数据中定期到达的分类以过滤计算机网络流量

经常可以在现实世界的事件时间数据中观察到周期性模式，可能与非周期性到达时间混合在一起。出于建模目的，必须正确地区分两种类型的事件。该任务对计算机网络安全性具有特别重要的意义。在那里，将自动轮询流量和人为活动隔离在计算机网络中对于建立正常活动的现实统计模型非常重要，而该模型又可以用于异常检测。由于自动化事件通常以固定的周期发生，因此使用傅立叶分析的统计测试可以有效地检测到达时间是否代表自动化组件。在本文中，将进一步检查包含自动事件的到达时间序列，以区分轮询和非周期性活动。p时钟，其中p代表与自动活动相关的主要周期性；然后，通过结合第二个信息源（每个事件的一天中的时间）来扩展此模型。讨论了利用共轭贝叶斯模型的有效实现，并根据伦敦帝国理工学院收集的实际网络流量数据评估了性能。