A User and Entity Behavior Analysis for SIEM Systems: Preprocessing of The Computer Emergency and Response Team Dataset
Abstract
A lot of work has been done to prevent attacks from external sources and a great deal of success has been achieved. However, studies to detect internal attacks aren’t sufficient today. One of the most important studies for the detection of insider attacks is User and Entity Behavior Analysis (UEBA). In this letter, UEBA studies in the literature were reviewed and The Computer Emergency and Response Team Dataset was analyzed (CERT). For this purpose, preprocessing and feature extraction steps were applied on CERT datasets. Several log files combined with respect to user and for each user the number of activities in the specified time interval were obtained. The python code of these preprocessing and feature extraction steps were shared as open source in GitHub platform. In the final phase, future analysis was described and UEBA system planned to be designed was explained.
Keywords
User and Entity Behavior Analysis Preprocessing Classification CERT Security Information and Event Management Preprocessing Classification CERT Security Information and Event Management
Supporting Institution
Detaysoft
Thanks
This study is an output of studies conducted in Detaysoft research and development center. We appreciate their support
Abstract
Details
| Primary Language | English |
|---|---|
| Subjects | Artificial Intelligence, Computer Software |
| Journal Section | Research Articles |
| Authors | |
| Early Pub Date | June 30, 2023 |
| Publication Date | June 25, 2023 |
| Submission Date | December 2, 2022 |
| Published in Issue | Year 2023 Volume: 4 Issue: 1 |
Cite
Cited By
This work is licensed under a Creative Commons Attribution 4.0 International License.