10th Annual International Conference on Industrial Engineering and Operations Management

Detecting Anomalies in Users - An UEBA Approach

Raguvir S & Shekar Babu
Publisher: IEOM Society International
0 Paper Citations
1 Views
1 Downloads
Track: Cyber Security
Abstract

Large computer systems organizations across the globe are using advanced security solutions to protect and
watch the users information. Even with such advanced solutions these companies are not able to protect or
attacks. In addition to attacks one of the key aspects is users behaviour and detecting anomalies when the
users are utilizing the systems on the network as well the patterns in their behaviour. Lack of proper
monitoring and controls implementation and data breaches are seen. The security professionals within the
organizations as well as outside are grappling to solve these issues. One of the new approaches to
information security is User Entity Behaviour Analytics (UEBA). One of the biggest challenges with
incident response is the large amount of data that the system environment has generated and how to
accommodate and analyse the data. Analytics within the area of information security is a new area.
Analytics professionals are working on creating rules and correlation aspects, in addition to trends and
behaviour patterns with respect to the users behaviour and their approach. One of the key focus areas of
UEBA is on users actions and behaviours. Behaviours, users access as well as their usage anomalies are
popular and interpretation of these anomalies or malicious activities is very critical. UEBA approach is a
viable approach in the area of security to detect anomalies of user behaviours by statistical analysis and
machine learning. The paper aims to show how analytics and specifically UEBA can help in users patterns
and any anomalies within these patterns. With the focus on user behaviours and the analytics related to user
behaviours the authors look at the insights, benefits and the utilization of resources in the area of security.
The various parameters analysed for the users are user name, IP Address, time of usage, date of usage. The
data was analysed over a period of 3 months. The researchers developed patterns using a visualization
dashboard and used mining, script and processing of raw data before developing visual analytics. The
various anomalies were highlighted from the different patterns.

Published in: 10th Annual International Conference on Industrial Engineering and Operations Management, Dubai, United Arab Emirates

Publisher: IEOM Society International
Date of Conference: March 10-12, 2020

ISBN: 978-1-5323-5952-1
ISSN/E-ISSN: 2169-8767