The design of intrusion detection systems remains a viable area of research, despite their existing positive effects on cyberspace protection in the literature [1,2,3]. Phase-space analysis techniques have been successful in sensing peculiar situations in cardiovascular signals [4], alerting patients to impending epileptic seizures, and detecting the potential failure of the rotor gearbox of helicopters. But can phase-space methods be used with noisy data timing in computers to dynamically uncover anomalous activities in cyberspace?

This paper discusses the authors’ intention to investigate whether data from computers, such as changes in levels or rates of alternating and direct power, central processing unit (CPU) speed, disk drive and memory accesses, or network interface and graphics card activity, could be used to model normal operating failures in network systems. They conjecture that the profiles of noninvasive sensors might be predictors of failure in computers and may consequently reveal anomalous software execution.

The authors propose combining the well-known theories of dynamical systems and time series analysis [4] to isolate false-positive and false-negative computer intrusion detections, to better alert network administrators. They convincingly detail the phase-space algorithms already used to successfully warn of impending seizures and failures in helicopters. However, the proposed research is apparently still in its infancy, given that the authors do not provide any concrete results of the relevance of phase-space study to cyberspace anomaly detection. Nevertheless, cyberspace security researchers ought to read this interesting paper and weigh in on the relevance of the theories of dynamical systems and time series analysis to the defense of Internet networks.