Carla Otranto Godano scite author profile

Nowadays, the speed of the user and application logs is so quick that it is almost impossible to analyse them in real time without using high-performance systems and platforms. In cybersecurity, human behaviour is responsible directly or indirectly for the most common attacks (i.e. ransomware and phishing). To monitor user behaviour, it is necessary to process fast user logs coming from different and heterogeneous sources, having part of the data or some entire sources missing. A framework based on the elastic stack (ELK) to process and store log data in real time from different users and applications is proposed for this aim. This system generates an ensemble of models to classify user behaviour and detect anomalies in real time, exploiting the advantages of the ELK-based software architecture and of the Kubernetes platform. In addition, a distributed evolutionary algorithm is used to classify the users by exploiting their digital footprints derived from many data sources. Experiments conducted on two real-life data sets verify the approach’s goodness in detecting anomalies in user behaviour, coping with missing data and lowering the number of false alarms.

show abstract

A Scalable Cybersecurity Framework for Anomaly Detection in User Behaviour

Folino¹,

Godano²,

Pisani³

2022

Preprint

View full text Add to dashboard Cite

Nowadays, the speed of the user and application logs is so quick that it is almost impossible to analyse them in real-time without using scalable systems and platforms. In cybersecurity, human behaviour is responsible directly or indirectly for the most common attacks (i.e., ransomware and phishing). To monitor user behaviour, it is necessary to process fast user logs coming from different and heterogeneous sources, having part of the data or some entire sources missing. A scalable framework based on the Elastic Stack (ELK) to process and store log data from different users and applications is proposed for this aim. This system generates an ensemble of models to classify user behaviour and detect anomalies in real-time. The scalability of the system is guaranteed by the ELK-based software architecture, running on top of a Kubernetes platform. In addition, a distributed evolutionary algorithm is used to classify the users by exploiting their digital footprints derived from many data sources. Experiments conducted on two real-life datasets verify the approach's goodness in detecting anomalies in the user behaviour, coping with missing data and lowering the number of false alarms.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Carla Otranto Godano

A Scalable Architecture Exploiting Elastic Stack and Meta Ensemble of Classifiers for Profiling User Behaviour

An ensemble-based framework for user behaviour anomaly detection and classification for cybersecurity

A Scalable Cybersecurity Framework for Anomaly Detection in User Behaviour

Contact Info

Product

Resources

About