Unveiling Hidden Threats with ML-Powered User and Entity Behavior Analytics (UEBA)

Article Sidebar

PDF
Published: Jan 11, 2024
DOI: https://doi.org/10.61841/turcomat.v15i1.14394
Keywords:
User and Entity Behavior Analytics (UEBA), Cybersecurity, Machine Learning, Threat Detection, Anomaly Detection, Data Analytics

Main Article Content

Avinash Gupta Desetty
Senior Splunk Engineer Sony Corporation of America

Abstract

The ever-growing cost of cybercrime has created the need for proactive solutions for organizations seeking to protect their digital assets. While traditional security systems struggle to detect anomalies buried within vast datasets, new solutions like User and Entity Behavior Analytics (UEBA) emerge as a game-changer. By leveraging the power of machine learning, UEBA analyzes diverse data sources like user logins, file accesses, event logs, business context, external
threat intelligence, and network activity, to unveil hidden threats most traditional methods could miss. The ability to analyze multiple data sources enables UEBA solutions to effectively detect malicious insiders, compromised users, Advanced Persistent Threats (APTs), and zero-day attacks. By using various analytics techniques like supervised learning, unsupervised learning, and statistical modeling, UEBA solutions can detect subtle anomalies that deviate from
established behavior baselines. Despite the many benefits, UEBA solutions still have limitations like data quality concerns, high implementation costs, and the need for model maintenance. Integration with System Information and Event Management (SIEM) systems helps mitigate some of these challenges to further enhance UEBA's capabilities and provide a unified platform for threat identification and response. This paper provides a detailed insight into the capabilities of
UEBA, its three pillars, significance, and limitations.

Downloads

Download data is not yet available.

Metrics

Metrics Loading ...

Article Details

How to Cite
Desetty, A. G. . (2024). Unveiling Hidden Threats with ML-Powered User and Entity Behavior Analytics (UEBA). Turkish Journal of Computer and Mathematics Education (TURCOMAT), 15(1), 44–50. https://doi.org/10.61841/turcomat.v15i1.14394
Issue
Vol. 15 No. 1 (2024): Volume 15 Issue 1
Section
Articles
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Licensing 

TURCOMAT publishes articles under the Creative Commons Attribution 4.0 International License (CC BY 4.0). This licensing allows for any use of the work, provided the original author(s) and source are credited, thereby facilitating the free exchange and use of research for the advancement of knowledge. 

Detailed Licensing Terms 

Attribution (BY): Users must give appropriate credit, provide a link to the license, and indicate if changes were made. Users may do so in any reasonable manner, but not in any way that suggests the licensor endorses them or their use. 

No Additional Restrictions: Users may not apply legal terms or technological measures that legally restrict others from doing anything the license permits. 

Crossref
Scopus
Google Scholar
Europe PMC

References

Statista, “Estimated cost of cybercrime worldwide 2017-2028.’ Available online:

https://www.statista.com/forecasts/1280009/cost-cybercrime-worldwide

Wade W., Barbara F., “The Expanding Role of Data Analytics in Threat Detection,” October 2015.

Michael R., “What is the difference between signature-based and behavior-based intrusion detection systems?”

December 2020. Available online: https://accedian.com/blog/what-is-the-difference-between-signature-based-andbehavior-based-ids/

Timothy J., Shimeall, Jonathan M., Spring, “Introduction to Information Security,” 2014. Available online:

https://www.sciencedirect.com/book/9781597499699/introduction-to-information-security

IBM, “What is UEBA (user and entity behavior analytics)?” Available Online:

https://www.ibm.com/topics/ueba

Gartner, “Market Guide for User and Entity Behavior Analytics,” May 2019. Available online:

https://www.gartner.com/en/documents/3917096

Jason C., Jay B., “UEBA: Canary in a Coal Mine,” April 2017. Available online:

https://securityintelligence.com/ueba-canary-in-a-coal-mine/

Splunk, “4 Reasons to Add UBA to Your SIEM.” Available online: https://www.splunk.com/en_us/form/4-

reasons-to-add-uba-to-your-siem.html

GateWatcher, “ Benefits of a UEBA Approach.” Available online:

https://www.gatewatcher.com/en/lab/benefits-of-a-ueba-approach/

Aujas, “How to Mitigate Insider Threats with SIEM & UEBA,” July 2020. Available online:

https://blog.aujas.com/how-to-mitigate-insider-threats-with-siem-ueba

Oskar C., | Daniel N., “User and Entity Behavior Anomaly Detection using Network Traffic,” 2017. Available

online: https://www.diva-portal.org/smash/get/diva2:1113229/FULLTEXT02

Derek L., “Applying data science to user and entity behavior analytics,” 2016. Available online:

https://dataanalytics.report/Resources/Whitepapers/a93a20c4-fc03-4692-9247-d662092726ed_wd2.PDF

Exabeam, “What Is UEBA (User and Entity Behavior Analytics)?” Available online:

https://www.exabeam.com/explainers/ueba/what-ueba-stands-for-and-a-5-minute-ueba-primer/

Linan H., Quanyan Z., “A dynamic games approach to proactive defense strategies against Advanced

Persistent Threats in cyber-physical systems,” 2020. Available online:

https://www.sciencedirect.com/science/article/abs/pii/S0167404819302020?via%3Dihub