Abstract | ||
---|---|---|
An intruder of a company's network may use stolen login credentials to silently collect sensitive data. Such malicious user behavior is difficult to detect as long as it does not trigger access violation or data leak alert. In this paper, we propose to use an ensemble of three unsupervised anomaly detection algorithms, namely OCSVM, RNN and Isolation Forest, to detect abnormal user behavior patterns. Besides, an User Behavior Analytics (UBA) Platform is proposed to collect logs, extract features and conduct experiments. The experiment results indicate that our algorithm outperforms each individual algorithm with recall of 96.55% and precision of 91.24% on average, while both OCSVM and RNN suffer from anomalies in the training set, and iForest produces more false positives and false negatives in prediction. |
Year | DOI | Venue |
---|---|---|
2018 | 10.1142/S0218194018400211 | INTERNATIONAL JOURNAL OF SOFTWARE ENGINEERING AND KNOWLEDGE ENGINEERING |
Keywords | Field | DocType |
Anomaly detection, insider threat, user behavior, unsupervised learning, ensemble | Data mining,Anomaly detection,Computer science,Computer security,Login,Insider threat,Unsupervised learning | Journal |
Volume | Issue | ISSN |
28 | 11-12 | 0218-1940 |
Citations | PageRank | References |
0 | 0.34 | 7 |
Authors | ||
7 |
Name | Order | Citations | PageRank |
---|---|---|---|
Xiangyu Xi | 1 | 1 | 3.39 |
Tong Zhang | 2 | 172 | 18.87 |
Wei Ye | 3 | 8 | 6.49 |
Wen Zhao | 4 | 0 | 0.68 |
Shikun Zhang | 5 | 55 | 21.40 |
Dongdong Du | 6 | 2 | 1.70 |
Qing Gao | 7 | 0 | 0.34 |