Skip to Main content Skip to Navigation
Conference papers

Protection d’un système d’information par une intelligence artificielle : une approche en trois phases basée sur l’analyse UEBA des comportements pour détecter un scénario hostile

Abstract : The analysis of the behaviour of individuals and entities (UEBA) is an area of artificial intelligence domain that detects hostile actions (e.g. attacks, fraud, influence, poisoning) due to the unusual nature of observed events. A UEBA process usually involves two phases, learning and inference. The market IDS (Intrusion Detection Systems) still suffer from biases, including over-simplification of problems, underexploitation of the AI potential, insufficient consideration of events temporality, and perfectible management of the memory cycle of behaviors. In addition, while an alert generated by a signature-based IDS can refer to the signature on which the detection is based, an IDS in the UEBA domain produces results, often associated with a simple score, whose explainable character is less obvious. Our unsupervised approach is to enrich this process by adding a third phase to correlate related events, with the benefit of a reduction of false positives and negatives. We also seek to avoid a so-called "boiled frog" bias inherent in continuous learning. Our first results are interesting because they allow a complete and explainable detection, generate few false positives, are reproducible in various contexts (e.g. in an information system and a workstation, based on flows and actions events) both from synthetic and real data, and circumvent the biases mentioned.
Complete list of metadata

Cited literature [10 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-01993027
Contributor : Jean-Philippe Fauvelle <>
Submitted on : Thursday, January 24, 2019 - 5:06:26 PM
Last modification on : Friday, September 18, 2020 - 6:48:01 PM
Long-term archiving on: : Thursday, April 25, 2019 - 3:30:39 PM

Identifiers

  • HAL Id : hal-01993027, version 1

Relations

Citation

Jean-Philippe Fauvelle, Alexandre Dey, Sylvain Navers. Protection d’un système d’information par une intelligence artificielle : une approche en trois phases basée sur l’analyse UEBA des comportements pour détecter un scénario hostile. Forum international de la Cybersécurité, Jan 2019, Lille, France. ⟨hal-01993027⟩

Share

Metrics

Record views

612

Files downloads

602