A comprehensive investigation of clustering algorithms for User and Entity Behavior Analytics

被引:2
|
作者
Artioli, Pierpaolo [1 ]
Maci, Antonio [1 ]
Magri, Alessio [1 ]
机构
[1] BV TECH SpA, Cybersecur Lab, Milan, Italy
来源
FRONTIERS IN BIG DATA | 2024年 / 7卷
关键词
clustering; data analytics; machine learning; UEBA; unsupervised learning; BIG DATA;
D O I
10.3389/fdata.2024.1375818
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Introduction Government agencies are now encouraging industries to enhance their security systems to detect and respond proactively to cybersecurity incidents. Consequently, equipping with a security operation center that combines the analytical capabilities of human experts with systems based on Machine Learning (ML) plays a critical role. In this setting, Security Information and Event Management (SIEM) platforms can effectively handle network-related events to trigger cybersecurity alerts. Furthermore, a SIEM may include a User and Entity Behavior Analytics (UEBA) engine that examines the behavior of both users and devices, or entities, within a corporate network.Methods In recent literature, several contributions have employed ML algorithms for UEBA, especially those based on the unsupervised learning paradigm, because anomalous behaviors are usually not known in advance. However, to shorten the gap between research advances and practice, it is necessary to comprehensively analyze the effectiveness of these methodologies. This paper proposes a thorough investigation of traditional and emerging clustering algorithms for UEBA, considering multiple application contexts, i.e., different user-entity interaction scenarios.Results and discussion Our study involves three datasets sourced from the existing literature and fifteen clustering algorithms. Among the compared techniques, HDBSCAN and DenMune showed promising performance on the state-of-the-art CERT behavior-related dataset, producing groups with a density very close to the number of users.
引用
收藏
页数:25
相关论文
共 50 条
  • [31] User behavior recognition based on clustering for the smart home
    Chung, Wooyong
    Lee, Jaehun
    Yun, Sukhyun
    Kim, Soohan
    Kim, Euntai
    CHALLENGES IN REMOTE SENSING: PROCEEDINGS OF THE 3RD WSEAS INTERNATIONAL CONFERENCE ON REMOTE SENSING (REMOTE '07), 2007, : 52 - +
  • [32] Scalable machine-learning algorithms for big data analytics: a comprehensive review
    Gupta, Preeti
    Sharma, Arun
    Jindal, Rajni
    WILEY INTERDISCIPLINARY REVIEWS-DATA MINING AND KNOWLEDGE DISCOVERY, 2016, 6 (06) : 194 - 214
  • [33] An Investigation of Speaker Clustering Algorithms in Adverse Acoustic Environments
    Li, Meng-Zhen
    Zhang, Xiao-Lei
    2018 ASIA-PACIFIC SIGNAL AND INFORMATION PROCESSING ASSOCIATION ANNUAL SUMMIT AND CONFERENCE (APSIPA ASC), 2018, : 1462 - 1466
  • [34] Investigation on unsupervised clustering algorithms for video shot categorization
    Peng Wang
    Zhi-Qiang Liu
    Shi-Qiang Yang
    Soft Computing, 2007, 11 : 355 - 360
  • [35] AN INVESTIGATION OF CLUSTERING ALGORITHMS IN THE IDENTIFICATION OF SIMILAR WEB PAGES
    De Lucia, Andrea
    Risi, Michele
    Scanniello, Giuseppe
    Tortora, Genoveffa
    JOURNAL OF WEB ENGINEERING, 2009, 8 (04): : 346 - 370
  • [36] Investigation on unsupervised clustering algorithms for video shot categorization
    Wang, Peng
    Liu, Zhi-Qiang
    Yang, Shi-Qiang
    SOFT COMPUTING, 2007, 11 (04) : 355 - 360
  • [37] A comprehensive investigation of user privacy leakage to Android applications
    Ge, Yuming
    Deng, Bo
    Sun, Yi
    Tang, Libo
    Sheng, Dajiang
    Zhao, Yantao
    Xie, Gaogang
    Salamatian, Kave
    2016 25TH INTERNATIONAL CONFERENCE ON COMPUTER COMMUNICATIONS AND NETWORKS (ICCCN), 2016,
  • [38] A comprehensive empirical investigation on failure clustering in parallel debugging
    Song, Yi
    Xie, Xiaoyuan
    Liu, Quanming
    Zhang, Xihao
    Wu, Xi
    JOURNAL OF SYSTEMS AND SOFTWARE, 2022, 193
  • [39] Sales Prediction and Product Recommendation Model Through User Behavior Analytics
    Zhao, Xian
    Keikhosrokiani, Pantea
    CMC-COMPUTERS MATERIALS & CONTINUA, 2022, 70 (02): : 3855 - 3874
  • [40] DeepGuard: Deep Generative User-behavior Analytics for Ransomware Detection
    Ganfure, Gaddisa Olani
    Wu, Chun-Feng
    Chang, Yuan-Hao
    Shih, Wei-Kuan
    2020 IEEE INTERNATIONAL CONFERENCE ON INTELLIGENCE AND SECURITY INFORMATICS (ISI), 2020, : 199 - 204