Detecting Anomalous User Behavior Using an Extended Isolation Forest Algorithm: An Enterprise Case Study
نویسندگان
چکیده
Anomalous user behavior detection is the core component of many information security systems, such as intrusion detection, insider threat detection and authentication systems. Anomalous behavior will raise an alarm to the system administrator and can be further combined with other information to determine whether it constitutes an unauthorised or malicious use of a resource. This paper presents an anomalous user behaviour detection framework that applies an extended version of Isolation Forest algorithm. Our method is fast and scalable and does not require example anomalies in the training data set. We apply our method to an enterprise dataset. The experimental results show that the system is able to isolate anomalous instances from the baseline user model using a single feature or combined features.
منابع مشابه
Improving the performance of recommender systems in the face of the cold start problem by analyzing user behavior on social network
The goal of recommender system is to provide desired items for users. One of the main challenges affecting the performance of recommendation systems is the cold-start problem that is occurred as a result of lack of information about a user/item. In this article, first we will present an approach, uses social streams such as Twitter to create a behavioral profile, then user profiles are clusteri...
متن کاملAn Integrated System for Insider Threat Detection
This paper describes a proof-of-concept system for detecting insider threats. The system measures insider behavior by observing a user’s processes and threads, information about user mode and kernel mode time, network interface statistics, etc. The system is built using Microsoft’s Windows Management Instrumentation (WMI) implementation of the Web Based Enterprise Management (WBEM) standards. I...
متن کاملDetecting the Abnormal : Machine
Two problems of importance in computer security are to 1) detect the presence of an intruder masquerading as the valid user and 2) detect the perpetration of abusive actions on the part of an otherwise innocuous user. In this paper we present a machine learning approach to anomaly detection, designed to handle these two problems. Our system learns a user pro le for each user account and subsequ...
متن کاملDetecting frauds using customer behavior trend analysis and known scenarios
In this paper a fraud detection method is proposed which user behaviors are modeled using two main components namely the un-normal trend analysis component and scenario based component. The extent of deviation of a transaction from his/her normal behavior is estimated using fuzzy membership functions. The results of applying all membership functions on a transaction will then be infused and a f...
متن کاملOnline Fault Detection and Isolation Method Based on Belief Rule Base for Industrial Gas Turbines
Real time and accurate fault detection has attracted an increasing attention with a growing demand for higher operational efficiency and safety of industrial gas turbines as complex engineering systems. Current methods based on condition monitoring data have drawbacks in using both expert knowledge and quantitative information for detecting faults. On account of this reason, this paper proposes...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1609.06676 شماره
صفحات -
تاریخ انتشار 2016