Raffaele Ruggeri

Raffaele Ruggeri

Cyber Security Specialist

Homework 9

3 minute read

Theory

Properties of the Sampling Mean and Variance


Sampling Mean Properties:

  • Unbiasedness: The expected value of the sample mean equals the population mean: E[X̄]=μ
  • Consistency: As sample size increases, the sample mean converges to the population mean
  • Efficiency: Among unbiased estimators, the sample mean has the smallest variance for normal populations
  • Normality: For large samples, the sampling distribution of the mean is approximately normal (Central Limit Theorem)

Sampling Variance Properties:

  • Unbiasedness: The sample variance with (n-1) denominator is an unbiased estimator of population variance
  • Consistency: Sample variance converges to population variance as n increases
  • Chi-square distribution: For normal populations, (n-1)S²/σ² follows a chi-square distribution with (n-1) degrees of freedom

Law of Large Numbers

The Law of Large Numbers states that as the sample size approaches infinity, the sample mean converges to the population mean. There are two forms:

Weak Law: The sample mean converges in probability to the population mean Strong Law: The sample mean converges almost surely to the population mean

This fundamental principle ensures that larger samples provide more reliable estimates of population parameters.

Cybersecurity Applications

Network Traffic Analysis: Security analysts collect large samples of network packets to establish baseline behavior patterns. The law of large numbers ensures that average packet sizes, connection frequencies, and bandwidth usage converge to true population values, making anomaly detection more reliable. Small samples might show false patterns due to random variation, but large samples reveal genuine network characteristics.

Intrusion Detection Systems: Modern IDS systems analyze thousands of connection attempts to distinguish between normal and malicious behavior. By applying the law of large numbers, these systems can accurately estimate the probability of various attack signatures occurring naturally versus being part of a coordinated attack. The larger the sample of monitored events, the more confident the system becomes in its threat assessments.

Password Strength Assessment: When evaluating password policies across an organization, cybersecurity teams sample login attempts and password characteristics. The law of large numbers helps ensure that small random samples of weak passwords don’t skew the overall security assessment. Large samples provide accurate estimates of actual password strength distributions across the user base.

Vulnerability Scanning: Security scanners collect data from numerous network scans to estimate the prevalence of specific vulnerabilities. The law of large numbers ensures that as more systems are scanned, the estimated vulnerability rates become increasingly accurate, helping organizations prioritize patching efforts based on genuine risk levels rather than sampling artifacts.

Behavioral Analytics: User behavior analysis systems monitor large volumes of user activities to establish normal patterns. The law of large numbers guarantees that with sufficient data, these systems can reliably distinguish between normal user behavior variations and potentially malicious insider threats, reducing false positives while maintaining security effectiveness.

These applications demonstrate how statistical principles provide the mathematical foundation for reliable cybersecurity decision-making in environments where uncertainty and large-scale data analysis are fundamental challenges.

Practice

HW9 - Advanced Statistical Analysis

References

  • Hogg, R. V., McKean, J. W., & Craig, A. T. (2019). Introduction to Mathematical Statistics (8th ed.). Pearson.
  • Anderson, R. (2020). Security Engineering: A Guide to Building Dependable Distributed Systems (3rd ed.). John Wiley & Sons.