A User and Entity Behavior Analysis for SIEM Systems: Preprocessing of The Computer Emergency and Response Team Dataset

Authors : Yasin GÖRMEZ, Halil ARSLAN, Yunus Emre IŞIK, İbrahim Ethem DADAŞ

Pages : 1-6

Doi:10.55195/jscai.1213782

View : 47 | Download : 38

Publication Date : 2023-06-25

Article Type : Other Papers

Abstract :A lot of work has been done to prevent attacks from external sources and a great deal of success has been achieved. However, studies to detect internal attacks aren’t sufficient today. One of the most important studies for the detection of insider attacks is User and Entity Behavior Analysis insert ignore into journalissuearticles values(UEBA);. In this letter, UEBA studies in the literature were reviewed and The Computer Emergency and Response Team Dataset was analyzed insert ignore into journalissuearticles values(CERT);. For this purpose, preprocessing and feature extraction steps were applied on CERT datasets. Several log files combined with respect to user and for each user the number of activities in the specified time interval were obtained. The python code of these preprocessing and feature extraction steps were shared as open source in GitHub platform. In the final phase, future analysis was described and UEBA system planned to be designed was explained.
Keywords : User and Entity Behavior Analysis Preprocessing Classification CERT Security Information and Event Management, Preprocessing, Classification, CERT, Security Information and Event Management