Abstract:
We consider the linear system of difference equations for the cumulative sum used in detecting network attacks. In the flow of events each can be dangerous with the known probability, in this case the cumulative sum is increased to the certain amount. In the opposite case it is reduced. Suspicious events are not dangerous if rare, therefore the cumulative sum traces the relative amount of them. Reaching the threshold means the alarm situation, while hitting zero is the reset. The average number of events up to the alarm for the initial value of the cumulative sum is driven by the system of difference equations. We construct the solution, prove that it is unique (there is only one bounded solution), establish some properties of this solution. In particular, it is positive, piecewise constant and non-increasing. The used technique is similar to the sweeping method and the maximum principle widely used in mathematical physics. Solvability is established using the spectral theory. The proof of the existence theorem is constructive: the presented algorithm can be used for calculating the solution.
Keywords:difference equations; boundary value difference problems.