Application of Time Series Algorithms in Cybersecurity
Abstract
Abstract: This paper explores the application of time series algorithms to enhance anomaly detection in cybersecurity. Windows log files such as PowerShell Operational, Windows Defender, Firewall, System, and others were analyzed, focusing on those with the highest informational potential and data volume. Various models were used: exponential smoothing (Holt-Winters), Prophet, Fourier analysis, and Kalman filter for modeling seasonal, periodic, and linear patterns in system events. Advanced methods include LSTM and GRU neural networks, as well as ensemble algorithms like Random Forest and XGBoost, which demonstrated high accuracy in detecting unusual behavior. Special emphasis was placed on dynamic models such as Bayesian Structural Time Series to understand system states over time. Experiments show that applying multiple models enables a robust and adaptive approach to log analysis, especially for early detection of attacks and deviations from norms. The proposed framework highlights the importance of predictive analytics in preventive cybersecurity and provides a foundation for developing intelligent systems for real-time monitoring and response.
References
[2] He, L. (2010). Fourier methods for turbomachinery applications. Progress in Aerospace Sciences, 46(8), 329-341.
[3] Gurin, D., Yevsieiev, V., Abu-Jassar, A., & Maksymova, S. (2024). Using the Kalman Filter to Represent Probabilistic Models for Determining the Location of a Person in Collaborative Robot Working Area. Multidisciplinary Journal of Science and Technology, 4(8), 66-75.
[4] Ibrahim, L., Huang, S., Ahmad, L., & Anderljung, M. (2024). Beyond static AI evaluations: advancing human interaction evaluations for LLM harms and risks. arXiv preprint arXiv:2405.10632.
[5] Liu, W., Lai, Z., Bacsa, K., & Chatzi, E. (2024). Neural extended Kalman filters for learning and predicting dynamics of structural systems. Structural Health Monitoring, 23(2), 1037-1052.
[6] Kheradmand, S., Rebain, D., Sharma, G., Sun, W., Tseng, Y. C., Isack, H., ... & Yi, K. M. (2024). 3d gaussian splatting as markov chain monte carlo. Advances in Neural Information Processing Systems, 37, 80965-80986.
[7] Landauer, M., Skopik, F., & Wurzenberger, M. (2024). A critical review of common log data sets used for evaluation of sequence-based anomaly detection techniques. Proceedings of the ACM on Software Engineering, 1(FSE), 1354-1375.
[8] Hakanen, M. (2025). Developing cyber security detection capabilities using Microsoft Sentinel.
[9] Borra, P. (2024). Securing Cloud Infrastructure: An In-Depth Analysis of Microsoft Azure Security. International Journal of Advanced Research in Science, Communication and Technology (IJARSCT) Volume, 4.
[10] Curtis, R. O., & Marshall, D. D. (2000). Why quadratic mean diameter?. Western Journal of Applied Forestry, 15(3), 137-139.
[11] Lee, D. K., In, J., & Lee, S. (2015). Standard deviation and standard error of the mean. Korean journal of anesthesiology, 68(3), 220-223.
[12] Larson, M. G. (2008). Analysis of variance. Circulation, 117(1), 115-121.
[13] Jalilibal, Z., Amiri, A., Castagliola, P., & Khoo, M. B. (2021). Monitoring the coefficient of variation: A literature review. Computers & Industrial Engineering, 161, 107600.
[14] Colacito, R., Ghysels, E., Meng, J., & Siwasarit, W. (2016). Skewness in expected macro fundamentals and the predictability of equity returns: Evidence and theory. The Review of Financial Studies, 29(8), 2069-2109.
[15] Jensen, J. H., & Helpern, J. A. (2010). MRI quantification of non‐Gaussian water diffusion by kurtosis analysis. NMR in Biomedicine, 23(7), 698-710.
[16] Cliff, A. D., & Ord, K. (1970). Spatial autocorrelation: a review of existing and new measures with applications. Economic Geography, 46(sup1), 269-292.
[17] Atkins, D. C., Baldwin, S. A., Zheng, C., Gallop, R. J., & Neighbors, C. (2013). A tutorial on count regression and zero-altered count models for longitudinal substance use data. Psychology of Addictive Behaviors, 27(1), 166.
[18] Puhan, M. A., Soesilo, I., Guyatt, G. H., & Schünemann, H. J. (2006). Combining scores from different patient reported outcome measures in meta-analyses: when is it justified?. Health and quality of life outcomes, 4, 1-8.
[19] Živanović, M. M., & Milošević, M. (2025, March 19–21). Modeling Time Series from Log Files: An ARIMA Approach for Security-Related Event Detection and Prediction. 24th International Symposium INFOTEH-JAHORINA.
[20] U. M. Sirisha, M. C. Belavagi, and G. Attigeri, "Profit prediction using ARIMA, SARIMA and LSTM models in time series forecasting: A comparison," IEEE Access, vol. 10, pp. 124715–124727, 2022.
[21] M. Melina, S. Sukono, H. Napitupulu, N. Mohamed, Y. H. Chrisnanto, A. I. Hadiana, et al., "Comparative analysis of time series forecasting models using ARIMA and neural network autoregression methods," BAREKENG: Jurnal Ilmu Matematika dan Terapan, vol. 18, no. 4, pp. 2563–2576, 2024
I (we), the author(s), hereby declare under full moral, financial and criminal liability that the manuscript submitted for publication to the Journal of Computer and Forensic Sciences
a) is the result of my (our) own original research and that I (we) hold the right to publish it;
b) does not infringe any copyright or other third-party proprietary rights;
c) complies with the Journal’s research and publishing ethics standards;
d) has not been published elsewhere, under this or any other title;
e) is not under consideration by another publication, under this or any other title.
I (we) also declare under full moral, financial and criminal liability:
f) that all conflicts of interest that may directly or potentially influence or impart bias on the work have been disclosed in the manuscript;
g) that if the article has been accepted for publishing I (we) will transfer all copyright ownership of the manuscript to the University of Criminal Investigation and Police Studies in Belgrade.
Signed by the Corresponding Author on behalf of the all other authors.