TY - CHAP
T1 - A User and Entity Behavior Analytics Log Data Set for Anomaly Detection in Cloud Computing
AU - Skopik, Florian
AU - Höld, Georg
AU - Wurzenberger, Markus
A2 - Landauer, Max
PY - 2023
Y1 - 2023
N2 - Cyber criminals utilize compromised user accounts to gain access into otherwise protected systems without the need for technical exploits. User and Entity Behavior Analytics (UEBA) leverages anomaly detection techniques to recognize such intrusions by comparing user behavior patterns against profiles derived from historical log data. Unfortunately, hardly any real log data sets suitable for UEBA are publicly available, which prevents objective comparison and reproducibility of approaches. Synthetic data sets are only able to alleviate this problem to some extent, because simulations are unable to adequately induce the dynamic and unstable nature of real user behavior in generated log data. We therefore present a real system log data set from a cloud computing platform involving more than 5000 users and spanning over more than five years. To evaluate our data set for the scenario of account hijacking, we outline a method for attack injection and subsequently disclose the resulting manifestations with an adaptive anomaly detection mechanism.
AB - Cyber criminals utilize compromised user accounts to gain access into otherwise protected systems without the need for technical exploits. User and Entity Behavior Analytics (UEBA) leverages anomaly detection techniques to recognize such intrusions by comparing user behavior patterns against profiles derived from historical log data. Unfortunately, hardly any real log data sets suitable for UEBA are publicly available, which prevents objective comparison and reproducibility of approaches. Synthetic data sets are only able to alleviate this problem to some extent, because simulations are unable to adequately induce the dynamic and unstable nature of real user behavior in generated log data. We therefore present a real system log data set from a cloud computing platform involving more than 5000 users and spanning over more than five years. To evaluate our data set for the scenario of account hijacking, we outline a method for attack injection and subsequently disclose the resulting manifestations with an adaptive anomaly detection mechanism.
UR - https://www.mendeley.com/catalogue/cc180f43-ac2f-33b2-94a1-ca1b13a80355/
U2 - 10.1109/bigdata55660.2022.10020672
DO - 10.1109/bigdata55660.2022.10020672
M3 - Buchkapitel
SN - 9781665480451
T3 - 2022 IEEE International Conference on Big Data (Big Data)
SP - 4285
EP - 4294
BT - Proceedings of the 2022 IEEE International Conference on Big Data - 6th International Workshop on Big Data Analytics for Cyber Intelligence and Defense (BDA4CID 2022)
T2 - 6th International Workshop on Big Data Analytics for Cyber Intelligence and Defense (BDA4CID 2022)
Y2 - 17 December 2022 through 20 December 2022
ER -