A User and Entity Behavior Analysis for SIEM Systems: Preprocessing of The Computer Emergency and Response Team Dataset

Yıl 2023, Cilt: 4 Sayı: 1, 1 - 6, 25.06.2023

Yasin Görmez , Halil Arslan , Yunus Emre Işık , İbrahim Ethem Dadaş

https://doi.org/10.55195/jscai.1213782

Cited By: 1

Öz

A lot of work has been done to prevent attacks from external sources and a great deal of success has been achieved. However, studies to detect internal attacks aren’t sufficient today. One of the most important studies for the detection of insider attacks is User and Entity Behavior Analysis (UEBA). In this letter, UEBA studies in the literature were reviewed and The Computer Emergency and Response Team Dataset was analyzed (CERT). For this purpose, preprocessing and feature extraction steps were applied on CERT datasets. Several log files combined with respect to user and for each user the number of activities in the specified time interval were obtained. The python code of these preprocessing and feature extraction steps were shared as open source in GitHub platform. In the final phase, future analysis was described and UEBA system planned to be designed was explained.

Anahtar Kelimeler

User and Entity Behavior Analysis Preprocessing Classification CERT Security Information and Event Management, Preprocessing, Classification, CERT, Security Information and Event Management

Destekleyen Kurum

Detaysoft

Teşekkür

This study is an output of studies conducted in Detaysoft research and development center. We appreciate their support