Authors - Khedkar Aboli Audumbar, Uday Pandit Khot, Balaji G. Hogade Abstract - Malicious or compromised internal users can act like normal users with valid login credentials and thus become difficult to detect. As a result of their similarity to normal users, traditional methods of detecting intrusions, have difficulty identifying the subtle and changing behaviors of malicious insiders. This paper introduces a comprehensive User and Entity Behavior Analytics (UEBA) framework to help detect malicious insiders. It works by analyzing activity logs generated by the enterprise. Further it performs data cleaning and feature engineering; creating behavioral profiles for each user based upon the attributes of time, environment, and behavior. These profiles are used to model normal interaction patterns and with the DBLOF algorithm, an outlier score for each profile is created. The outlier score indicates whether or not a given user’s behavior has deviated from normal. In order to make the proposed system adaptable to changing environments over time, it utilizes deep learning algorithms to detect changes in behavior and to increase the accuracy of anomalous behavior detection. The proposed system also enables the ingestion of real-time data, the evaluation of risk, and the display of alerts in a visual format. Thus, providing the scalability and operational performance required to support large-scale organizations. Overall, the proposed system represents a reliable, modular, and understandable UEBA framework. It is capable of accurately detecting malicious insider threats and representing an efficient method for proactively mitigating risks through security operations within enterprises.
Open Zoom