We extend pyStan, the python interface for the probabilistic programming language STAN, with the Highest Density Interval (HDI) function; and we show an application to generate evidence to help detect malware.
Stan is a state-of-the-art probabilistic programming language implemented in C++. There are available R (RStan) and python (PyStan) interfaces. The latter, lack some important functionalities. In particular, we are contributing to the community with the computation of the Highest Density Interval (HDI), which is commonly used to compute the confidence for a Bayesian inference model.
An example of its application is shown in the context of cyber-security. We present an innovative statistical generative model to characterize strings being used in attacks. Examples of these strings include executable paths and executable names of malware, as well as domain names being used for command and control.