[{“box”:0,”content”:”n[if 992 equals=”Open Access”]n
n
Open Access
nn
n
n[/if 992]n
n
n
n
n
n
Garima Sharma, Ambika Thakur, Chetna Tiwari
n
- n t
n
n
n[/foreach]
n
n[if 2099 not_equal=”Yes”]n
- [foreach 286] [if 1175 not_equal=””]n t
- Assistant Professor, Student, Student Department of Computer Science and Engineering, The NorthCap University, Department of Computer Science and Engineering, The NorthCap University, Department of Computer Science and Engineering, The NorthCap University Haryana, Haryana, Haryana India, India, India
n[/if 1175][/foreach]
n[/if 2099][if 2099 equals=”Yes”][/if 2099]n
Abstract
nUser and Entity Behavior Analytics (UEBA) has emerged as a crucial approach in modern cybersecurity for detecting and mitigating insider threats, compromised accounts, and other malicious activities within organizational networks. However, existing UEBA frameworks often face challenges in scalability, detection accuracy, and response effectiveness. This research paper proposes a novel framework for UEBA that aims to address these limitations and enhance threat detection and response capabilities. The framework integrates advanced machine learning algorithms, behavioral analytics techniques, and threat intelligence to establish baseline behaviors, detect anomalies, and prioritize response actions. Key components of the framework include user and entity profiling, behavioral analytics, risk scoring, and incident detection and response mechanisms. In user and entity profiling, comprehensive profiles are created for both users and entities (e.g., devices, applications) within the network, capturing relevant attributes and historical behaviors. Behavioral analytics leverages these profiles to identify deviations from normal behavior patterns, signaling potential security incidents. Risk scoring assigns severity levels to detected anomalies based on their potential impact and likelihood, enabling prioritization of response efforts. Overall, this research contributes to advancing the field of UEBA by providing a comprehensive framework that addresses scalability, accuracy, and effectiveness challenges. It lays the groundwork for developing more robust and adaptive cybersecurity solutions to combat evolving threats effectively, ensuring the security and integrity of organizational networks in an increasingly complex threat landscape.
n
Keywords: UEBA, Cybersecurity, Threat detection, Security Framework, Security Analysis, Behavioral Analytics, Threat Intelligence.
n[if 424 equals=”Regular Issue”][This article belongs to Journal of Communication Engineering & Systems(joces)]
n
n
n
n
n
nn[if 992 equals=”Open Access”] Full Text PDF Download[/if 992] n
nn[if 379 not_equal=””]n
Browse Figures
n
n[/if 379]n
References
n[if 1104 equals=””]n
[1] Khaliq S, Tariq ZU, Masood A. Role of user and entity behavior analytics in detecting insider attacks. In 2020 International Conference on Cyber Warfare and Security (ICCWS) 2020 Oct 20 (pp. 1-6). IEEE.
[2] Khan MZ, Khan MM, Arshad J. Anomaly detection and enterprise security using user and entity behavior analytics (UEBA). In2022 3rd International Conference on Innovations in Computer Science & Software Engineering (ICONICS) 2022 Dec 14 (pp. 1-9). IEEE.
[3] Rengarajan R, Babu S. Anomaly detection using user entity behavior analytics and data visualization. In2021 8th International Conference on Computing for Sustainable Global Development (INDIACom) 2021 Mar 17 (pp. 842-847). IEEE.
[4] G. Martín A, Fernández-Isabel A, Martín de Diego I, Beltrán M. A survey for user behavior analysis based on machine learning techniques: current models and applications. Applied Intelligence. 2021 Aug;51(8):6029-55.
[5] What Is UEBA and Why It Should Be an Essential Part of Your Incident Response. Exabeam. 2023. Available from: https://www.exabeam.com/explainers/ueba/what-is-ueba-and-why-it-should-be-an-essential-part-of-your-incident-response/
[6] UEBA Trends – What’s New & What’s Next. Logsign. 2023. Available from: https://www.logsign.com/blog/ueba-trends-whats-new-whats-next/
[7] Martín AG, Beltrán M, Fernández-Isabel A, de Diego IM. An approach to detect user behaviour anomalies within identity federations. computers & security. 2021 Sep 1;108:102356.
[8] UEBA Tools: Key Capabilities and 7 Tools You Should Know. Exabeam. 2023. Available from: https://www.exabeam.com/explainers/ueba/ueba-tools-key-capabilities-and-7-tools-you-should-know/
[9] Ranjan R, Kumar SS. User behaviour analysis using data analytics and machine learning to predict malicious user versus legitimate user. High-Confidence Computing. 2022 Mar 1;2(1):100034.
[10] Admin. ABCs of UEBA: M is for Machine Learning | Gurucul UEBA. Gurucul. 2019. Available from: https://gurucul.com/blog/abcs-of-ueba-m-is-for-machine-learning/
[11] Salitin MA, Zolait AH. The role of User Entity Behavior Analytics to detect network attacks in real time. In2018 international conference on innovation and intelligence for informatics, computing, and technologies (3ICT) 2018 Nov 18 (pp. 1-5). IEEE.
[12] What Is UEBA (User and Entity Behavior Analytics)?. Exabeam. 2024. Available from: https://www.exabeam.com/explainers/ueba/what-ueba-stands-for-and-a-5-minute-ueba-primer/
[13] Descriptive Statistics: Definition, Overview, Types, and Example. Investopedia. 2024. Available from: https://www.investopedia.com/terms/d/descriptive_statistics.asp
[14] Splunk User Behavior Analytics (UBA) | Splunk. 2024. Available from: https://www.splunk.com/en_us/products/user-behavior-analytics.html
[15] Securonix: Delivering Security Analytics at Cloud Scale. Securonix. 2022. Available from: https://www.securonix.com/resources/securonix-delivering-security-analytics-at-cloud-scale/
[16] Yousef R, Jazzar M. Measuring the effectiveness of user and entity behavior analytics for the prevention of insider threats. J. Xi’an Univ. Arch. & Technol. 2021;8:175-81.
nn[/if 1104][if 1104 not_equal=””]n
- [foreach 1102]n t
- [if 1106 equals=””], [/if 1106][if 1106 not_equal=””],[/if 1106]
n[/foreach]
n[/if 1104]
nn
nn[if 1114 equals=”Yes”]n
n[/if 1114]
n
n
n
n
n
n
n
| Volume | 14 | |
| [if 424 equals=”Regular Issue”]Issue[/if 424][if 424 equals=”Special Issue”]Special Issue[/if 424] [if 424 equals=”Conference”][/if 424] | 02 | |
| Received | April 9, 2024 | |
| Accepted | April 26, 2024 | |
| Published | June 29, 2024 |
n
n
n
n
n
n function myFunction2() {n var x = document.getElementById(“browsefigure”);n if (x.style.display === “block”) {n x.style.display = “none”;n }n else { x.style.display = “Block”; }n }n document.querySelector(“.prevBtn”).addEventListener(“click”, () => {n changeSlides(-1);n });n document.querySelector(“.nextBtn”).addEventListener(“click”, () => {n changeSlides(1);n });n var slideIndex = 1;n showSlides(slideIndex);n function changeSlides(n) {n showSlides((slideIndex += n));n }n function currentSlide(n) {n showSlides((slideIndex = n));n }n function showSlides(n) {n var i;n var slides = document.getElementsByClassName(“Slide”);n var dots = document.getElementsByClassName(“Navdot”);n if (n > slides.length) { slideIndex = 1; }n if (n (item.style.display = “none”));n Array.from(dots).forEach(n item => (item.className = item.className.replace(” selected”, “”))n );n slides[slideIndex – 1].style.display = “block”;n dots[slideIndex – 1].className += ” selected”;n }nn”}]