Letter to Editor
BibTex RIS Cite

Year 2023, Volume: 4 Issue: 1, 1 - 6, 25.06.2023

Yasin Görmez , Halil Arslan , Yunus Emre Işık , İbrahim Ethem Dadaş

https://doi.org/10.55195/jscai.1213782
https://izlik.org/JA55PE82UX

Abstract

A User and Entity Behavior Analysis for SIEM Systems: Preprocessing of The Computer Emergency and Response Team Dataset

Year 2023, Volume: 4 Issue: 1, 1 - 6, 25.06.2023

Yasin Görmez , Halil Arslan , Yunus Emre Işık , İbrahim Ethem Dadaş

https://doi.org/10.55195/jscai.1213782
https://izlik.org/JA55PE82UX

Abstract

A lot of work has been done to prevent attacks from external sources and a great deal of success has been achieved. However, studies to detect internal attacks aren’t sufficient today. One of the most important studies for the detection of insider attacks is User and Entity Behavior Analysis (UEBA). In this letter, UEBA studies in the literature were reviewed and The Computer Emergency and Response Team Dataset was analyzed (CERT). For this purpose, preprocessing and feature extraction steps were applied on CERT datasets. Several log files combined with respect to user and for each user the number of activities in the specified time interval were obtained. The python code of these preprocessing and feature extraction steps were shared as open source in GitHub platform. In the final phase, future analysis was described and UEBA system planned to be designed was explained.

Keywords

User and Entity Behavior Analysis Preprocessing Classification CERT Security Information and Event Management Preprocessing Classification CERT Security Information and Event Management

Supporting Institution

Detaysoft

Thanks

This study is an output of studies conducted in Detaysoft research and development center. We appreciate their support

There are 0 citations in total.

Details

Primary Language English
Subjects Artificial Intelligence, Computer Software
Journal Section Letter to Editor
Authors

Yasin Görmez 0000-0001-8276-2030

Halil Arslan 0000-0003-3286-5159

Yunus Emre Işık 0000-0001-6176-7545

İbrahim Ethem Dadaş 0000-0003-3745-7015

Submission Date December 2, 2022
Early Pub Date June 30, 2023
Publication Date June 25, 2023
DOI https://doi.org/10.55195/jscai.1213782
IZ https://izlik.org/JA55PE82UX
Published in Issue Year 2023 Volume: 4 Issue: 1

Cite

APA Görmez, Y., Arslan, H., Işık, Y. E., & Dadaş, İ. E. (2023). A User and Entity Behavior Analysis for SIEM Systems: Preprocessing of The Computer Emergency and Response Team Dataset. Journal of Soft Computing and Artificial Intelligence, 4(1), 1-6. https://doi.org/10.55195/jscai.1213782
AMA 1.Görmez Y, Arslan H, Işık YE, Dadaş İE. A User and Entity Behavior Analysis for SIEM Systems: Preprocessing of The Computer Emergency and Response Team Dataset. JSCAI. 2023;4(1):1-6. doi:10.55195/jscai.1213782
Chicago Görmez, Yasin, Halil Arslan, Yunus Emre Işık, and İbrahim Ethem Dadaş. 2023. “A User and Entity Behavior Analysis for SIEM Systems: Preprocessing of The Computer Emergency and Response Team Dataset”. Journal of Soft Computing and Artificial Intelligence 4 (1): 1-6. https://doi.org/10.55195/jscai.1213782.
EndNote Görmez Y, Arslan H, Işık YE, Dadaş İE (June 1, 2023) A User and Entity Behavior Analysis for SIEM Systems: Preprocessing of The Computer Emergency and Response Team Dataset. Journal of Soft Computing and Artificial Intelligence 4 1 1–6.
IEEE [1]Y. Görmez, H. Arslan, Y. E. Işık, and İ. E. Dadaş, “A User and Entity Behavior Analysis for SIEM Systems: Preprocessing of The Computer Emergency and Response Team Dataset”, JSCAI, vol. 4, no. 1, pp. 1–6, June 2023, doi: 10.55195/jscai.1213782.
ISNAD Görmez, Yasin - Arslan, Halil - Işık, Yunus Emre - Dadaş, İbrahim Ethem. “A User and Entity Behavior Analysis for SIEM Systems: Preprocessing of The Computer Emergency and Response Team Dataset”. Journal of Soft Computing and Artificial Intelligence 4/1 (June 1, 2023): 1-6. https://doi.org/10.55195/jscai.1213782.
JAMA 1.Görmez Y, Arslan H, Işık YE, Dadaş İE. A User and Entity Behavior Analysis for SIEM Systems: Preprocessing of The Computer Emergency and Response Team Dataset. JSCAI. 2023;4:1–6.
MLA Görmez, Yasin, et al. “A User and Entity Behavior Analysis for SIEM Systems: Preprocessing of The Computer Emergency and Response Team Dataset”. Journal of Soft Computing and Artificial Intelligence, vol. 4, no. 1, June 2023, pp. 1-6, doi:10.55195/jscai.1213782.
Vancouver 1.Yasin Görmez, Halil Arslan, Yunus Emre Işık, İbrahim Ethem Dadaş. A User and Entity Behavior Analysis for SIEM Systems: Preprocessing of The Computer Emergency and Response Team Dataset. JSCAI. 2023 Jun. 1;4(1):1-6. doi:10.55195/jscai.1213782

Cited By

Developing Novel Deep Learning Models to Detect Insider Threats and Comparing the Models from Different Perspectives
Bilişim Teknolojileri Dergisi
https://doi.org/10.17671/gazibtd.1386734
ZenGuard a machine learning based zero trust framework for context aware threat mitigation using SIEM SOAR and UEBA
Scientific Reports
https://doi.org/10.1038/s41598-025-20998-4

COPE Logo
 
Crossref Logo
 
DergiPark Logo
 
Creative Commons Logo
 

                                                                                                                                                     2025 Journal of Soft Computing and Artificial Intelligence 

                                                                                                                                                       ISSN: 2717-8226 | Published Biannually (June & December)

                                                                                                                                                                                      Licensed under 
                                                                                                                                                                                        CC BY-NC 4.0