Machine Learning and Event-Based User and Entity Behavior Analysis

With the widespread use of technology, the concept of cybersecurity frequently occupies the agenda of companies. The resistance of institutions against external attacks such as malware, denial of service, and zero-day vulnerabilities is increasing day by day, but the defense of institutions against internal threats carried out by malicious or unconscious employees has not reached the desired levels. User and entity behavior analysis, proposed to solve this problem, aims to find abnormal behavior by analyzing the daily behavior of employees. In this study, a user and entity behavior analysis model that can work in harmony with companies' security information and event management systems is proposed. In this context, firstly, the activities performed by the employees while using Windows operating systems were collected using the Wazuh application. The dataset created with the sliding window method was trained with nine different classification algorithms, and the accuracy, F1-score, sensitivity, and false-negative rate values of the models were calculated. As a result of the analysis, it was observed that the most successful results were obtained with Random Forest, k-nearest neighbor, and Bagging Methods. © 2024 IEEE.