Anomaly Detection and Enterprise Security using User and Entity Behavior Analytics (UEBA)

2022 3rd International Conference on Innovations in Computer Science & Software Engineering (ICONICS) Pub Date : 2022-12-14 DOI:10.1109/ICONICS56716.2022.10100596

Muhammad Zunair Ahmed Khan, Muhammad Mubashir Khan, J. Arshad

{"title":"Anomaly Detection and Enterprise Security using User and Entity Behavior Analytics (UEBA)","authors":"Muhammad Zunair Ahmed Khan, Muhammad Mubashir Khan, J. Arshad","doi":"10.1109/ICONICS56716.2022.10100596","DOIUrl":null,"url":null,"abstract":"Digital frauds are made possible by a lack of transparency and other security flaws in a system. Consequently, it has grown to be the most pervasive problem in the world. When these frauds emerge from within businesses, they are referred to as insider threats and may lead to severe consequences. There have been various frameworks proposed to lessen this problem, however, transparency still remains a challenge. Conventionally, storing data in chronological order to prevent data manipulation is one technique to ensure traceability and security. In this paper, we present a framework based on User Entity and Behavioral Analysis (UEBA) approach to study user profiles over time and classify them as normal or aberrant. The proposed framework utilises additional information including IP addresses, location data, and the users’ organizations etc. We focus on applying data science and analytical methods to create data visualizations for analysis and anomaly identification.","PeriodicalId":308731,"journal":{"name":"2022 3rd International Conference on Innovations in Computer Science & Software Engineering (ICONICS)","volume":"91 13 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 3rd International Conference on Innovations in Computer Science & Software Engineering (ICONICS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICONICS56716.2022.10100596","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Digital frauds are made possible by a lack of transparency and other security flaws in a system. Consequently, it has grown to be the most pervasive problem in the world. When these frauds emerge from within businesses, they are referred to as insider threats and may lead to severe consequences. There have been various frameworks proposed to lessen this problem, however, transparency still remains a challenge. Conventionally, storing data in chronological order to prevent data manipulation is one technique to ensure traceability and security. In this paper, we present a framework based on User Entity and Behavioral Analysis (UEBA) approach to study user profiles over time and classify them as normal or aberrant. The proposed framework utilises additional information including IP addresses, location data, and the users’ organizations etc. We focus on applying data science and analytical methods to create data visualizations for analysis and anomaly identification.

查看原文本刊更多论文

使用用户和实体行为分析(UEBA)的异常检测和企业安全

由于系统缺乏透明度和其他安全漏洞，数字欺诈成为可能。因此，它已成为世界上最普遍的问题。当这些欺诈行为出现在企业内部时，它们被称为内部威胁，并可能导致严重的后果。已经提出了各种框架来减少这一问题，但是，透明度仍然是一个挑战。通常，按时间顺序存储数据以防止数据操作是确保可跟踪性和安全性的一种技术。在本文中，我们提出了一个基于用户实体和行为分析(UEBA)方法的框架来研究用户的配置文件，并将其分类为正常或异常。提议的框架利用了额外的信息，包括IP地址、位置数据和用户组织等。我们专注于应用数据科学和分析方法来创建用于分析和异常识别的数据可视化。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 3rd International Conference on Innovations in Computer Science & Software Engineering (ICONICS)

自引率

0.00%

发文量