Topological Methods of Analysis in Behavioral Analytics Systems

Abstract

Purpose of the article: development of a methodology for the application of methods for analyzing big data based on topological constructions in relation to behavioral analytics systems to ensure corporate and cyber-physical security. Method: the technique is based on the algebraic theory of persistent homology. Along with algebraic topology, embedology (Takens-Mane embedding theory) and the theory of metric spaces are used. Result: the necessary concepts of algebraic topology are given, which underlie the analysis of user / entity behavior profiles: Vietoris-Rips simplicial complex, filtering by a set of cloud points, homology groups, persistence modules, topological characteristics and dependencies. At the first stage of the technique, the time series that describe the time-varying behavior of the user / entity are transformed into a cloud of points in the topological space. For this transformation, the methods of the Takens-Mane embedding theory and the algorithm of the method of false neighbors are used. At the subsequent stages of the methodology for the base and current point clouds, topological dependencies, diagrams (persistence, bar codes) characterizing the base and current behavior profiles, respectively, are built. At the final stage, the deviation of the current behavior profile from the baseline is revealed. To estimate the deviation, the Wasserstein, Chebyshev, bottleneck metrics and scaling based on the generalized Harrington desirability function are used. The results of practical testing of the proposed method of applying topological algorithms to the data of the monitoring system for the work of corporate network users with information resources are presented