A Scalable Cybersecurity Framework for Anomaly Detection in User Behaviour

Abstract: Nowadays, the speed of the user and application logs is so quick that it is almost impossible to analyse them in real-time without using scalable systems and platforms. In cybersecurity, human behaviour is responsible directly or indirectly for the most common attacks (i.e., ransomware and phishing). To monitor user behaviour, it is necessary to process fast user logs coming from different and heterogeneous sources, having part of the data or some entire sources missing. A scalable framework based on the Elast… Show more

“…The Anomalies and Events objective uses the success factors declared in NIST SP 800-92, NIST SP 800-94 and NIST SP 800-137 and the maturity-oriented model in forensic analysis [121] to propose the capabilities: 91 ) Specialized information system on threats and vulnerabilities; 92) Prioritization and Impact of Events; 93) Monitoring of anomalies [122] Each capacity will present requirements that will gain in completeness and complexity depending on the level of maturity that is intended to be obtained. The levels to be used were those previously explained.…”

Aeronautic maturity cybersecurity: a framework

“…The Anomalies and Events objective uses the success factors declared in NIST SP 800-92, NIST SP 800-94 and NIST SP 800-137 and the maturity-oriented model in forensic analysis [121] to propose the capabilities: 91 ) Specialized information system on threats and vulnerabilities; 92) Prioritization and Impact of Events; 93) Monitoring of anomalies [122] Each capacity will present requirements that will gain in completeness and complexity depending on the level of maturity that is intended to be obtained. The levels to be used were those previously explained.…”

Aeronautic maturity cybersecurity: a framework