Malicious Network Flow Detection based on Behavioral Characteristics of Users

Please enable javascript in your browser.

Zargar, Abolfazl | 2016

323 Viewed

Type of Document: M.Sc. Thesis
Language: Farsi
Document No: 48748 (19)
University: Sharif University of Technology
Department: Computer Engineering
Advisor(s): Jalili, Rasoul
Abstract:
Insider threat is a significant security risk for organizations and hard to detect. Most of introduced detection methods need contextual data entries about users, or preprocessed user activity logs to detect insider threats while it is costly and time-consuming. In this thesis, we introduce a behavior analysis method that learns its context and detects multiple types of insider threats from raw logs and network traffic in real-time. This method, named XABA, learns user roles and exclusive behaviors, through analyzing raw logs related to each network session of the user. Then it checks for some abnormal patterns, and if so, triggers the appropriate alert. XABA is implemented on the big-stream platform to operate on high rates of network sessions. To evaluate XABA, a real traitor scenario is designed and detected with low false positive. XABA can detect diverse types of scenarios in many contexts without any predefined information or preprocessed activity logs
Keywords:
Inside Threat ; User Behavior Profiling ; Security Maturity

No TOC