全部 标题 作者
关键词 摘要

OALib Journal期刊
ISSN: 2333-9721
费用:99美元

查看量下载量

相关文章

更多...

Cybersecurity Risk Management through Behavior-Based Contextual Analysis of Online Logs

DOI: 10.4236/jsea.2024.176027, PP. 487-507

Keywords: Cyber Risk, UEBA, CVSS

Full-Text   Cite this paper   Add to My Lib

Abstract:

This paper studies cyber risk management by integrating contextual log analysis with User and Entity Behavior Analytics (UEBA). Leveraging Python scripting and PostgreSQL database management, the solution enriches log data with contextual and behavioral information from Linux system logs and semantic datasets. By incorporating Common Vulnerability Scoring System (CVSS) metrics and customized risk scoring algorithms, the system calculates Insider Threat scores to identify potential security breaches. The integration of contextual log analysis and UEBA [1] offers a proactive defense against insider threats, reducing false positives and prioritizing high-risk alerts.

References

[1]  Exabeam (2023) What Is UEBA and Why It Should Be an Essential Part of Your Incident Response.
https://www.exabeam.com/explainers/ueba/what-is-ueba-and-why-it-should-be-an-essential-part-of-your-incident-response/
[2]  Crawford, M. and Peterson, G. (2013) Insider Threat Detection Using Virtual Machine Introspection. 2013 46th Hawaii International Conference on System Sciences, Wailea, HI, 7-10 January 2013, 1821-1830.
https://doi.org/10.1109/HICSS.2013.278
https://ieeexplore.ieee.org/abstract/document/6480061
[3]  Findley, S., Singh, G., Shaffer, A., et al. (2019) A Statistical Analysis Framework for Detecting Insider Threat Activities on Cyber Systems. 2019 International Conference on Computational Science and Computational Intelligence (CSCI), Las Vegas, NV, 5-7 December 2019, 1-6.
https://doi.org/10.1109/CSCI49370.2019.00008
https://ieeexplore.ieee.org/abstract/document/9071044
[4]  Jiang, J., Chen, J., Gu, T., et al. (2019) Warder: Online Insider Threat Detection System Using Multi-Feature Modeling and Graph-Based Correlation. 2019 IEEE Military Communications Conference (MILCOM), Norfolk, VA, 12-14 November 2019, 1-6.
https://doi.org/10.1109/MILCOM47813.2019.9020931
https://www.researchgate.net/publication/339760983
[5]  GitHub Link to Linux Logs, GitHub Repository.
https://github.com/logpai/loghub?tab=readme-ov-file
[6]  Software Engineering Institute (2022) Common Sense Guide to Mitigating Insider Threats, Seventh Edition.
https://insights.sei.cmu.edu/library/common-sense-guide-to-mitigating-insider-threats-seventh-edition/
[7]  National Vulnerability Database.
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator
[8]  BeyondTrust (2022) Insider Threat Indicators: How to Identify & Mitigate Insider Attacks.
https://www.beyondtrust.com/blog/entry/insider-threat-indicators-how-to-identify-mitigate-insider-attacks
[9]  Insider Threat Guide (2024) Insider Threat: The Ultimate Guide.
https://www.nextdlp.com/resources/blog/insider-threat-ultimate-guide
[10]  (2022) ISO/IEC 27001:2022: Information Security, Cybersecurity and Privacy Protection—Information Security Management Systems—Requirements.
https://www.iso.org/standard/27001
[11]  Ekran System (2021) Portrait of Malicious Insiders: Types, Characteristics, and Indicators.
https://www.ekransystem.com/en/blog/portrait-malicious-insiders
[12]  Axelsson, S. (2000) The Base-Rate Fallacy and the Difficulty of Intrusion Detection, ACM Transactions on Information and Systems Security, 3, 186-205.
https://doi.org/10.1145/357830.357849
[13]  Cappelli, D.M., Moore, A.P. and Trzeciak, R.F. (2012) The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes, Addison-Wesley Professional, 2012.
[14]  Medium (2021) How to Use Grafana for Data Visualization.
https://medium.com/nightingale/how-to-use-grafana-fordata-visualization-39d62276fcf9
[15]  National Institute of Standards and Technology (NIST) (2015) Specifications, Tolerances, and Other Technical Requirements for Weighing and Measuring Devices.
https://www.nist.gov/system/files/documents/2017/04/28/hb44-15-web-final.pdf
[16]  Raut, M., Dhavale, S., Singh, A. and Mehra, A. (2020) Insider Threat Detection Using Deep Learning: A Review. 2020 3rd International Conference on Intelligent Sustainable Systems (ICISS), Thoothukudi, 3-5 December 2020, 856-863.
https://doi.org/10.1109/ICISS49785.2020.9315932
https://ieeexplore.ieee.org/abstract/document/9315932
[17]  Macak, M., Vanát, I., Merjavý, M., Jevočin, T. and Buhnova, B. (2020) Towards Process Mining Utilization in Insider Threat Detection from Audit Logs. 2020 Seventh International Conference on Social Networks Analysis, Management and Security (SNAMS), Paris, 14-16 December 2020, 1-6.
https://doi.org/10.1109/SNAMS52053.2020.9336573
https://ieeexplore.ieee.org/abstract/document/9336573
[18]  Vasudevan, P. (2021) Detect Insider Threats with User Behavior Analytics.
https://www.ibm.com/blogs/digital-transformation/in-en/blog/detect-insider-threats-with-user-behavior-analytics/

Full-Text

Contact Us

service@oalib.com

QQ:3279437679

WhatsApp +8615387084133