Scalable Data Processing Approach and Anomaly Detection Method for User and Entity Behavior Analytics Platform

机译：可扩展数据处理方法和异常检测方法，用于用户和实体行为分析平台

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

User and entity behavior analytics (UEBA) is a popular and modern way of finding security threats in corporate infrastructure. Anomaly detection in data allows detecting incidents which cannot be detected by other methods including rules in classical SIEM systems. But there are several problems requiring the development of scalable software and analytical methods which can handle thousands of events per second. The paper describes approaches for processing semi-structured data from different sources for further analytics using anomaly detection methods. The new method of building features from hybrid data streams from different SIEM sources has been introduced. The paper also contains a study of efficiency and scalability of the developed approach.

机译：用户和实体行为分析（UEBA）是在企业基础设施中寻找安全威胁的流行和现代的方式。数据中的异常检测允许检测不能被其他方法检测的事件，包括在古典暹粒系统中的规则。但是有几个问题需要开发可扩展的软件和分析方法，可以处理每秒数千个事件。本文介绍了使用异常检测方法处理来自不同来源的半结构化数据的方法，用于使用异常检测方法进一步分析。介绍了来自不同SIEM源的混合数据流的新方法。本文还载有开发方法的效率和可扩展性研究。

著录项

来源
《International Symposium on Intelligent Distributed Computing》|2020年|xxv 555 pages :|共6页
会议地点
作者
Alexey Lukashin; Mikhail Popov; Anatoliy Bolshakov; Yuri Nikolashin;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类 TP302.1-532;
关键词
UEBA; SIEM; Anomaly detection; Machine learning; CEF; Isolation Forest; Feature engineering; Security;

机译：UEBA;暹粒;异常检测;机器学习;CEF;隔离林;特征工程;安全;

相似文献

外文文献
中文文献
专利

1. Adaptive Anomaly Detection in the Behavior of Computer Systems Users on the Basis of Markov Chains of Variable Order. Part Ⅱ. Anomaly Detection Methods and Experimental Results [J] . N.N. KUSSUL, A.M. SOKOLOV Journal of automation and information sciences . 2003,第5a8期

机译：基于变阶马尔可夫链的计算机系统用户行为中的自适应异常检测。第二部分。异常检测方法和实验结果
2. Big Data Analytics for User-Activity Analysis and User-Anomaly Detection in Mobile Wireless Network [J] . Md Salik Parwez, Danda B. Rawat, Moses Garuba IEEE transactions on industrial informatics . 2017,第4期

机译：大数据分析，用于移动无线网络中的用户活动分析和用户异常检测
3. A Large-Scale Hidden Semi-Markov Model for Anomaly Detection on User Browsing Behaviors [J] . Xie Y., Yu S.-Z. Networking, IEEE/ACM Transactions on . 2009,第1期

机译：用于用户浏览行为异常检测的大规模隐藏半马尔可夫模型
4. Scalable Data Processing Approach and Anomaly Detection Method for User and Entity Behavior Analytics Platform [C] . Alexey Lukashin, Mikhail Popov, Anatoliy Bolshakov, International Symposium on Intelligent Distributed Computing . 2020

机译：可扩展数据处理方法和异常检测方法，用于用户和实体行为分析平台
5. Advanced Data Analytics Methodologies for Anomaly Detection in Multivariate Time Series Vehicle Operating Data [D] . Alizadeh, Morteza. 2021

机译：多元时间序列车辆操作数据中异常检测的高级数据分析方法
6. A Novel Sensor Data Pre-Processing Methodology for the Internet of Things Using Anomaly Detection and Transfer-By-Subspace-Similarity Transformation [O] . Yan Zhong, Simon Fong, Shimin Hu, 2019

机译：使用异常检测和子空间相似转换的物联网新型传感器数据预处理方法
7. Assessment of Logistics Platform Efficiency Using an Integrated Delphi Analytic Hierarchy Process-data Envelopment Analysis Approach: A Novel Methodological Approach Including a Case Study in Slovenia [O] . Patricija Bajec, Monika Kontelj, Aleš Groznik 2020

机译：使用综合的Delphi分析层次过程 - 数据包络分析方法评估物流平台效率：一种新的方法论方法，包括斯洛文尼亚的案例研究

Scalable Data Processing Approach and Anomaly Detection Method for User and Entity Behavior Analytics Platform

摘要

著录项

相似文献

相关主题

期刊订阅