Anomalous User Activity Detection in Enterprise Multi-source Logs | IEEE Conference Publication | IEEE Xplore

Anomalous User Activity Detection in Enterprise Multi-source Logs


Abstract:

Security is one of the top concerns of any enterprise. Most security practitioners in enterprises rely on correlation rules to detect potential threats. While the rules a...Show More

Abstract:

Security is one of the top concerns of any enterprise. Most security practitioners in enterprises rely on correlation rules to detect potential threats. While the rules are intuitive to design, each rule is independently defined per log source, unable to collectively address heterogeneity of data from a myriad of enterprise networking and security logs. Furthermore, correlation rules do not look for data events beyond a short time range. To complement the conventional correlation rules-based system, we propose a user activity anomaly detection method. The method first addresses data heterogeneity of multi-source logs by designing a meta data extraction step for event normalization. It then builds user-specific models to flag alerts for users whose currently observed event patterns are sufficiently different from their own patterns in the past.
Date of Conference: 18-21 November 2017
Date Added to IEEE Xplore: 18 December 2017
ISBN Information:
Electronic ISSN: 2375-9259
Conference Location: New Orleans, LA, USA

References

References is not available for this document.