jscai Journal of Soft Computing and Artificial Intelligence 2717-8226 Mahmut DİRİK 10.55195/jscai.1213782 Artificial Intelligence Computer Software Yapay Zeka Bilgisayar Yazılımı A User and Entity Behavior Analysis for SIEM Systems: Preprocessing of The Computer Emergency and Response Team Dataset https://orcid.org/0000-0001-8276-2030 Görmez Yasin SİVAS CUMHURİYET ÜNİVERSİTESİ https://orcid.org/0000-0003-3286-5159 Arslan Halil SİVAS CUMHURİYET ÜNİVERSİTESİ https://orcid.org/0000-0001-6176-7545 Işık Yunus Emre SİVAS CUMHURİYET ÜNİVERSİTESİ https://orcid.org/0000-0003-3745-7015 Dadaş İbrahim Ethem Detaysoft 06 25 2023 4 1 1 6 12 02 2022 03 08 2023 Copyright © 2020, Journal of Soft Computing and Artificial Intelligence 2020 Journal of Soft Computing and Artificial Intelligence

A lot of work has been done to prevent attacks from external sources and a great deal of success has been achieved. However, studies to detect internal attacks aren’t sufficient today. One of the most important studies for the detection of insider attacks is User and Entity Behavior Analysis (UEBA). In this letter, UEBA studies in the literature were reviewed and The Computer Emergency and Response Team Dataset was analyzed (CERT). For this purpose, preprocessing and feature extraction steps were applied on CERT datasets. Several log files combined with respect to user and for each user the number of activities in the specified time interval were obtained. The python code of these preprocessing and feature extraction steps were shared as open source in GitHub platform. In the final phase, future analysis was described and UEBA system planned to be designed was explained.

 User and Entity Behavior Analysis Preprocessing Classification CERT Security Information and Event Management Preprocessing Classification CERT Security Information and Event Management Detaysoft