Detecting Supply Chain Attacks with Unsupervised Learning

Abstract

The number of documented supply chain attacks has increased over six times nowadays, and the types of supply chain attacks have diversified. Organizations grant suppliers privileged user accounts to perform their tasks which hold the keys to unlocking internal networks. Privilege escalation is a key step for attackers to penetrate a target system network, which makes privileged user accounts attractive to adversaries. This study employs unsupervised machine learning techniques to profile privileged users’ normal behaviors and develops a risk score function to identify their anomalies. The proposed solution has been evaluated with real data, and the experimental results demonstrate that it could discover the anomalies efficiently.