Abstract
Organizations currently deploy various security solutions to protect their information resources. These tools like firewalls, network gateways, and other intrusion prevention tools have become obsolete as hackers can now break into firewalls, send emails with malicious and infected attachments or even bribe employees to gain access to an organization's firewalls. A new approach to cybersecurity is by using user and entity behavior analytics (UEBA). The focus of this paper is to demonstrate how UEBA and deep learning algorithms can be used to detect suspicious and anomalous behaviors within a system. Based on historically profiled user action sequences in a network, Long Short-Term Memory (LSTM) neural network will be used to predict the next state of user action and flag an action as suspicious when the action sequence deviates from the predicted sequence.
Keywords: Cybersecurity; User and Entity Behavior Analytics (UEBA); Deep learning, Long Short- Term Memory (LSTM)
Table of Contents
CHAPTER ONE
INTRODUCTION
1.1 Background of the study 5
1.2 Statement of the Problem 6
1.3 Research Objectives 7
1.4 SIGNIFICANCE OF THE RESEARCH 7
CHAPTER TWO
LITERATURE REVIEW
2.1 Introduction 8
2.2 Security orchestration, Automation and Response 11
2.3 User and Entity Behavior Analytics 11
2.4 Deep Learning Algorithms 12
2.4.1 Why Deep Learning for Insider Threat Detection 13
2.4.2 Long Short-Term Memory (LSTM) 14
2.5 Related Work 15
2.6 Research Gap 16
CHAPTER THREE
METHODOLOGY
3.1 Introduction 17
1. Data Sources and Preparation 17
2. Feature Extraction 17
3. Behavior Profiling 19
4. Anomaly detection Using Deep Learning 19
LSTM 19
3.2 System Development Methodology 23
3.3 Project Timelines 25
CHAPTER FOUR
RESULTS, FINDINGS AND DISCUSSION
4.1 CERT DATASET 26
4.2 EVALUATION AND RESULTS 27
4.2.1 Results 28
4.3 DISCUSSION 31
CHAPTER FIVE
CONCLUSION
5.1 LIMITATIONS 32
5.2 FUTURE RESEARCH 32
6 References 34
LIST OF FIGURES
Figure 1 . Unfolded LSTM network 15
Figure 2 .LSTM Architecture with a single memory block 20
Figure 3.1 General Architecture of UEBA 22
Figure 4 UEBA data sources 22
Figure 5. prototyping model phases 24
Figure 6 : LSTM Details 28
Figure 7:Training with only user Activity data 29
Figure 8 : Training with Mixed Data : User Activities/features and action sequence 29
Figure 9 :WDD loss 30
CHAPTER ONE
INTRODUCTION
1.1 Background of the study
Individuals, enterprises, governments, and society as a whole have become more technologically reliant than ever before. The majority of digital devices, such as computers, smartphones, and tablets, are now capable of connecting to the internet. As a result, sensitive information, such as the specifics of bank accounts, national identification and voter registration, credit card details, as well as other sensitive details, are now stored on cloud storage servers. The storing of this kind of information in the cloud makes it susceptible to data leaks and breaches, both of which could have negative effects on the individuals involved.
Cybercriminals have recently become more sophisticated, changing what they target and using different techniques to attack different security systems. Until recently, firewalls, web gateways, and intrusion detection tools were enough to provide security. These tools have become obsolete since currently skilled hackers and cybercriminals are now capable of bypassing this kind of perimeter defense. These attackers can now infiltrate into secure firewalls, send emails with malicious and infected attachments or even bribe employees to gain access to the organization's firewalls.
An Accenture Security study (2019) estimated that the average cost of cybercrime had climbed by $1.4 million over one year, with the average number of data breaches increasing by 11 percent to 145.
Malicious people are no longer only outsiders but also insiders who could be disgruntled employees, contractors, and consultants who have access to your premises, and therefore, these preventive measures are no longer sufficient. Firewalls and traditional intrusion detection tools are not going to be purely foolproof, and hackers and attackers will get into an organization's system at one point or another. Detection is therefore very important: when these attackers manage to get into the organization’s system, the organization should be able to detect quickly to minimize the damage.
1.2 Statement of the Problem:
Malicious people are no longer outsiders but insiders who could be disgruntled employees, contractors, or consultants who have access to the company's premises. The ability to rapidly identify compromised user accounts and insiders with harmful intent is a key challenge in enterprise security. Detecting compromises have become so complicated nowadays that simple rules alone are not enough hence the need to use machine learning to analyze these data.
Workspaces have huge data, almost every system is nowadays logging so much data that nobody can sit down and analyze them. The current platforms that are used to monitor and identify potential security threats cannot automatically analyze and identify threats from insiders.
Therefore, this study suggests analyzing network data produced by users and entities using machine learning methods in order to identify fraudulent or suspicious behavior within an organizational system
1.3 Research Objectives
These study goals were established::
1. To investigate how machine learning can be applied to logs generated by users and network entities to enhance cybersecurity
2. To implement a prototype in demonstrating the application of deep learning in cybersecurity
3. To assess the effectiveness of the proposed prototype at spotting dangers and unusual activity in a network
1.4 SIGNIFICANCE OF THE RESEARCH
Organizations can safeguard their data from the inside out with the help of User and Entity Behavior Analytics by creating a database of acceptable user behavior patterns and then comparing the actions of remote users to those patterns to determine whether or not they are secure and normal.
Furthermore, a tool based on data science and machine learning can help organizations detect malicious activity faster and act according to prevent damage.
Buyers has the right to create
dispute within seven (7) days of purchase for 100% refund request when
you experience issue with the file received.
Dispute can only be created when
you receive a corrupt file, a wrong file or irregularities in the table of
contents and content of the file you received.
ProjectShelve.com shall either
provide the appropriate file within 48hrs or
send refund excluding your bank transaction charges. Term and
Conditions are applied.
Buyers are expected to confirm
that the material you are paying for is available on our website
ProjectShelve.com and you have selected the right material, you have also gone
through the preliminary pages and it interests you before payment. DO NOT MAKE
BANK PAYMENT IF YOUR TOPIC IS NOT ON THE WEBSITE.
In case of payment for a
material not available on ProjectShelve.com, the management of
ProjectShelve.com has the right to keep your money until you send a topic that
is available on our website within 48 hours.
You cannot change topic after
receiving material of the topic you ordered and paid for.
Login To Comment