An ensemble-based framework for user behaviour anomaly detection and classification for cybersecurity

被引：0

作者：

Gianluigi Folino

Carla Otranto Godano

Francesco Sergio Pisani

机构：

[1] Department ICAR-CNR,

[2] HFactor Security,undefined

来源：

The Journal of Supercomputing | 2023年 / 79卷

关键词：

Cybersecurity; Ensemble learning; Anomaly detection; Behavior analytics;

D O I：

暂无

中图分类号：

学科分类号：

摘要：

Nowadays, the speed of the user and application logs is so quick that it is almost impossible to analyse them in real time without using high-performance systems and platforms. In cybersecurity, human behaviour is responsible directly or indirectly for the most common attacks (i.e. ransomware and phishing). To monitor user behaviour, it is necessary to process fast user logs coming from different and heterogeneous sources, having part of the data or some entire sources missing. A framework based on the elastic stack (ELK) to process and store log data in real time from different users and applications is proposed for this aim. This system generates an ensemble of models to classify user behaviour and detect anomalies in real time, exploiting the advantages of the ELK-based software architecture and of the Kubernetes platform. In addition, a distributed evolutionary algorithm is used to classify the users by exploiting their digital footprints derived from many data sources. Experiments conducted on two real-life data sets verify the approach’s goodness in detecting anomalies in user behaviour, coping with missing data and lowering the number of false alarms.

引用

页码：11660 / 11683

页数：23

共 39 条

[1] Folino G(2016)Ensemble based collaborative and distributed intrusion detection systems: a survey J Netw Comput Appl 66 1-16
[2] Sabatino P(2019)Exploiting fractal dimension and a distributed evolutionary approach to classify data streams with concept drifts Appl Soft Comput 75 284-297
[3] Folino G(1996)Bagging predictors Mach Learn 24 123-140
[4] Guarascio M(2016)A survey of network anomaly detection techniques J Netw Comp Appl 60 19-31
[5] Papuzzo G(2018)The wolf of SUTD (TWOS): a dataset of malicious insider threat behavior based on a gamified competition J Wirel Mob Netw Ubiquitous Comput Depend Appl 9 54-85
[6] Breiman L(2019)Insider threat detection based on user behavior modeling and anomaly detection algorithms Appl Sci 9 4018-38
[7] Ahmed M(2000)Detecting masquerades in intrusion detection based on unpopular commands Inf Process Lett 76 33-867
[8] Mahmood AN(2012)Creating evolving user behavior profiles automatically IEEE Trans Knowl Data Eng 24 854-190
[9] Hu J(2016)Evolving meta-ensemble of classifiers for handling incomplete and unbalanced datasets in the cyber security domain Appl Soft Comput 47 179-53
[10] Harilal A(2022)Contextual security awareness: a context-based approach for assessing the security awareness of users Knowl Based Syst 46 108709-undefined

← 1 2 3 4 →