Machine Learning and Event-Based User and Entity Behavior Analysis
| dc.contributor.author | Önal, Vedat | |
| dc.contributor.author | Arslan, Halil | |
| dc.contributor.author | Görmez, Yasin | |
| dc.date.accessioned | 2024-10-26T17:51:08Z | |
| dc.date.available | 2024-10-26T17:51:08Z | |
| dc.date.issued | 2024 | |
| dc.department | Sivas Cumhuriyet Üniversitesi | |
| dc.description | Berdan Civata B.C.; et al.; Figes; Koluman; Loodos; Tarsus University | |
| dc.description | 32nd IEEE Conference on Signal Processing and Communications Applications, SIU 2024 -- 15 May 2024 through 18 May 2024 -- Mersin -- 201235 | |
| dc.description.abstract | With the widespread use of technology, the concept of cybersecurity frequently occupies the agenda of companies. The resistance of institutions against external attacks such as malware, denial of service, and zero-day vulnerabilities is increasing day by day, but the defense of institutions against internal threats carried out by malicious or unconscious employees has not reached the desired levels. User and entity behavior analysis, proposed to solve this problem, aims to find abnormal behavior by analyzing the daily behavior of employees. In this study, a user and entity behavior analysis model that can work in harmony with companies' security information and event management systems is proposed. In this context, firstly, the activities performed by the employees while using Windows operating systems were collected using the Wazuh application. The dataset created with the sliding window method was trained with nine different classification algorithms, and the accuracy, F1-score, sensitivity, and false-negative rate values of the models were calculated. As a result of the analysis, it was observed that the most successful results were obtained with Random Forest, k-nearest neighbor, and Bagging Methods. © 2024 IEEE. | |
| dc.identifier.doi | 10.1109/SIU61531.2024.10600861 | |
| dc.identifier.isbn | 979-835038896-1 | |
| dc.identifier.scopus | 2-s2.0-85200830227 | |
| dc.identifier.uri | https://doi.org/10.1109/SIU61531.2024.10600861 | |
| dc.identifier.uri | https://hdl.handle.net/20.500.12418/26045 | |
| dc.identifier.wos | WOS:001297894700118 | |
| dc.indekslendigikaynak | Scopus | |
| dc.language.iso | tr | |
| dc.publisher | Institute of Electrical and Electronics Engineers Inc. | |
| dc.relation.ispartof | 32nd IEEE Conference on Signal Processing and Communications Applications, SIU 2024 - Proceedings | |
| dc.relation.publicationcategory | Konferans Öğesi - Uluslararası - Kurum Öğretim Elemanı | |
| dc.rights | info:eu-repo/semantics/closedAccess | |
| dc.subject | cyber security; event management; machine learning; user and entity behavior analysis | |
| dc.title | Machine Learning and Event-Based User and Entity Behavior Analysis | |
| dc.title.alternative | Makine Öğrenmesi ve Olay Tabanlı Kullanıcı ve Varlık Davranış Analizi | |
| dc.type | Conference Object |
