Skip to Main content Skip to Navigation
Preprints, Working Papers, ...

A novel embedding-based framework improving the User and Entity Behav- ior Analysis

Abstract : Over the last few years, the number and the variety of cyber-attacks have been constantly growing. The landscape of cyber-attacks has become extremely large (DoS, DDoS, phish-ing, C&C, botnets, malwares, ransomwares, etc.). Today, UEBA (User and Entity Behavior Analysis 1) is the best solution that companies need to use to adapt to these changes. Using UEBA, companies do not track security events or monitor devices; instead they track all the users and entities in the system. They use machine learning algorithms and statistical analyses to know when there is a deviation from established patterns. This paper offers a novel embedding-based framework that facilitate UEBA by projecting sparse and unstructured log data into a new mathematical space in which numerous behavior trends and changes can be analyzed in a simpler and more visual way than using typical deep learning algorithms. We show that in this space, advanced cyber-attacks can be detected through a variation analysis of the fitted 2D-kernel density. The last part of the paper deals with the validation and the explanation of prediction obtained by black box Machine Learning methods. Indeed, the operational benefit of using Machine Learning methods is recognized but is hampered by the lack of understanding of their mechanisms, at the origin of operational, legal and ethical operational problems. This is largely dependent on the ability of engineers, decision-makers and users to understand the meaning and the properties of the results produced by these tools.
Complete list of metadata

Cited literature [10 references]  Display  Hide  Download

https://hal.sorbonne-universite.fr/hal-02316303
Contributor : Christophe Denis <>
Submitted on : Tuesday, October 15, 2019 - 11:13:35 AM
Last modification on : Tuesday, March 23, 2021 - 9:28:02 AM
Long-term archiving on: : Friday, January 17, 2020 - 10:51:09 AM

File

article_TAN_CDE_TBE.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-02316303, version 1

Citation

Thomas Anglade, Christophe Denis, Thierry Berthier. A novel embedding-based framework improving the User and Entity Behav- ior Analysis. 2019. ⟨hal-02316303⟩

Share

Metrics

Record views

122

Files downloads

315