This paper studies cyber risk management by integrating contextual log analysis with User and Entity Behavior Analytics (UEBA). Leveraging Python scripting and PostgreSQL database management, the solution enriches log data with contextual and behavioral information from Linux system logs and semantic datasets. By incorporating Common Vulnerability Scoring System (CVSS) metrics and customized risk scoring algorithms, the system calculates Insider Threat scores to identify potential security breaches. The integration of contextual log analysis and UEBA [1] offers a proactive defense against insider threats, reducing false positives and prioritizing high-risk alerts.
References
[1]
Exabeam (2023) What Is UEBA and Why It Should Be an Essential Part of Your Incident Response. https://www.exabeam.com/explainers/ueba/what-is-ueba-and-why-it-should-be-an-essential-part-of-your-incident-response/
[2]
Crawford, M. and Peterson, G. (2013) Insider Threat Detection Using Virtual Machine Introspection. 2013 46th Hawaii International Conference on System Sciences, Wailea, HI, 7-10 January 2013, 1821-1830. https://doi.org/10.1109/HICSS.2013.278 https://ieeexplore.ieee.org/abstract/document/6480061
[3]
Findley, S., Singh, G., Shaffer, A., et al. (2019) A Statistical Analysis Framework for Detecting Insider Threat Activities on Cyber Systems. 2019 International Conference on Computational Science and Computational Intelligence (CSCI), Las Vegas, NV, 5-7 December 2019, 1-6. https://doi.org/10.1109/CSCI49370.2019.00008 https://ieeexplore.ieee.org/abstract/document/9071044
[4]
Jiang, J., Chen, J., Gu, T., et al. (2019) Warder: Online Insider Threat Detection System Using Multi-Feature Modeling and Graph-Based Correlation. 2019 IEEE Military Communications Conference (MILCOM), Norfolk, VA, 12-14 November 2019, 1-6. https://doi.org/10.1109/MILCOM47813.2019.9020931 https://www.researchgate.net/publication/339760983
[5]
GitHub Link to Linux Logs, GitHub Repository. https://github.com/logpai/loghub?tab=readme-ov-file
[6]
Software Engineering Institute (2022) Common Sense Guide to Mitigating Insider Threats, Seventh Edition. https://insights.sei.cmu.edu/library/common-sense-guide-to-mitigating-insider-threats-seventh-edition/
[7]
National Vulnerability Database. https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator
[8]
BeyondTrust (2022) Insider Threat Indicators: How to Identify & Mitigate Insider Attacks. https://www.beyondtrust.com/blog/entry/insider-threat-indicators-how-to-identify-mitigate-insider-attacks
[9]
Insider Threat Guide (2024) Insider Threat: The Ultimate Guide. https://www.nextdlp.com/resources/blog/insider-threat-ultimate-guide
[10]
(2022) ISO/IEC 27001:2022: Information Security, Cybersecurity and Privacy Protection—Information Security Management Systems—Requirements. https://www.iso.org/standard/27001
[11]
Ekran System (2021) Portrait of Malicious Insiders: Types, Characteristics, and Indicators. https://www.ekransystem.com/en/blog/portrait-malicious-insiders
[12]
Axelsson, S. (2000) The Base-Rate Fallacy and the Difficulty of Intrusion Detection, ACM Transactions on Information and Systems Security, 3, 186-205. https://doi.org/10.1145/357830.357849
[13]
Cappelli, D.M., Moore, A.P. and Trzeciak, R.F. (2012) The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes, Addison-Wesley Professional, 2012.
[14]
Medium (2021) How to Use Grafana for Data Visualization. https://medium.com/nightingale/how-to-use-grafana-fordata-visualization-39d62276fcf9
[15]
National Institute of Standards and Technology (NIST) (2015) Specifications, Tolerances, and Other Technical Requirements for Weighing and Measuring Devices. https://www.nist.gov/system/files/documents/2017/04/28/hb44-15-web-final.pdf
[16]
Raut, M., Dhavale, S., Singh, A. and Mehra, A. (2020) Insider Threat Detection Using Deep Learning: A Review. 2020 3rd International Conference on Intelligent Sustainable Systems (ICISS), Thoothukudi, 3-5 December 2020, 856-863. https://doi.org/10.1109/ICISS49785.2020.9315932 https://ieeexplore.ieee.org/abstract/document/9315932
[17]
Macak, M., Vanát, I., Merjavý, M., Jevočin, T. and Buhnova, B. (2020) Towards Process Mining Utilization in Insider Threat Detection from Audit Logs. 2020 Seventh International Conference on Social Networks Analysis, Management and Security (SNAMS), Paris, 14-16 December 2020, 1-6. https://doi.org/10.1109/SNAMS52053.2020.9336573 https://ieeexplore.ieee.org/abstract/document/9336573
[18]
Vasudevan, P. (2021) Detect Insider Threats with User Behavior Analytics. https://www.ibm.com/blogs/digital-transformation/in-en/blog/detect-insider-threats-with-user-behavior-analytics/
