A User and Entity Behavior Analytics Log Data Set for Anomaly Detection in Cloud Computing

Max Landauer; Florian Skopik; Georg Höld; Markus Wurzenberger

doi:10.1109/bigdata55660.2022.10020672

A User and Entity Behavior Analytics Log Data Set for Anomaly Detection in Cloud Computing

Max Landauer (Speaker)
, Florian Skopik
, Georg Höld
, Markus Wurzenberger

Research output: Chapter in Book or Conference Proceedings › Book chapter › peer-review

Abstract

Cyber criminals utilize compromised user accounts to gain access into otherwise protected systems without the need for technical exploits. User and Entity Behavior Analytics (UEBA) leverages anomaly detection techniques to recognize such intrusions by comparing user behavior patterns against profiles derived from historical log data. Unfortunately, hardly any real log data sets suitable for UEBA are publicly available, which prevents objective comparison and reproducibility of approaches. Synthetic data sets are only able to alleviate this problem to some extent, because simulations are unable to adequately induce the dynamic and unstable nature of real user behavior in generated log data. We therefore present a real system log data set from a cloud computing platform involving more than 5000 users and spanning over more than five years. To evaluate our data set for the scenario of account hijacking, we outline a method for attack injection and subsequently disclose the resulting manifestations with an adaptive anomaly detection mechanism.

Original language	German
Title of host publication	Proceedings of the 2022 IEEE International Conference on Big Data - 6th International Workshop on Big Data Analytics for Cyber Intelligence and Defense (BDA4CID 2022)
Pages	4285-4294
Number of pages	10
DOIs	https://doi.org/10.1109/bigdata55660.2022.10020672
Publication status	Published - 2023
Event	6th International Workshop on Big Data Analytics for Cyber Intelligence and Defense (BDA4CID 2022) - Osaka, Japan Duration: 17 Dec 2022 → 20 Dec 2022

Publication series

Name	2022 IEEE International Conference on Big Data (Big Data)

Conference

Conference	6th International Workshop on Big Data Analytics for Cyber Intelligence and Defense (BDA4CID 2022)
Country/Territory	Japan
City	Osaka
Period	17/12/22 → 20/12/22

Research Field

Cyber Security

Access to Document

10.1109/bigdata55660.2022.10020672

Cite this

Landauer, M., Skopik, F., Höld, G., & Wurzenberger, M. (2023). A User and Entity Behavior Analytics Log Data Set for Anomaly Detection in Cloud Computing. In Proceedings of the 2022 IEEE International Conference on Big Data - 6th International Workshop on Big Data Analytics for Cyber Intelligence and Defense (BDA4CID 2022) (pp. 4285-4294). (2022 IEEE International Conference on Big Data (Big Data)). https://doi.org/10.1109/bigdata55660.2022.10020672

Landauer, Max ; Skopik, Florian ; Höld, Georg et al. / A User and Entity Behavior Analytics Log Data Set for Anomaly Detection in Cloud Computing. Proceedings of the 2022 IEEE International Conference on Big Data - 6th International Workshop on Big Data Analytics for Cyber Intelligence and Defense (BDA4CID 2022). 2023. pp. 4285-4294 (2022 IEEE International Conference on Big Data (Big Data)).

@inbook{37bdf3c992e746609d04c9b2d4a4ebd1,

title = "A User and Entity Behavior Analytics Log Data Set for Anomaly Detection in Cloud Computing",

abstract = "Cyber criminals utilize compromised user accounts to gain access into otherwise protected systems without the need for technical exploits. User and Entity Behavior Analytics (UEBA) leverages anomaly detection techniques to recognize such intrusions by comparing user behavior patterns against profiles derived from historical log data. Unfortunately, hardly any real log data sets suitable for UEBA are publicly available, which prevents objective comparison and reproducibility of approaches. Synthetic data sets are only able to alleviate this problem to some extent, because simulations are unable to adequately induce the dynamic and unstable nature of real user behavior in generated log data. We therefore present a real system log data set from a cloud computing platform involving more than 5000 users and spanning over more than five years. To evaluate our data set for the scenario of account hijacking, we outline a method for attack injection and subsequently disclose the resulting manifestations with an adaptive anomaly detection mechanism.",

author = "Max Landauer and Florian Skopik and Georg H{\"o}ld and Markus Wurzenberger",

year = "2023",

doi = "10.1109/bigdata55660.2022.10020672",

language = "Deutsch",

isbn = "9781665480451",

series = "2022 IEEE International Conference on Big Data (Big Data)",

pages = "4285--4294",

booktitle = "Proceedings of the 2022 IEEE International Conference on Big Data - 6th International Workshop on Big Data Analytics for Cyber Intelligence and Defense (BDA4CID 2022)",

note = "6th International Workshop on Big Data Analytics for Cyber Intelligence and Defense (BDA4CID 2022) ; Conference date: 17-12-2022 Through 20-12-2022",

}

Landauer, M , Skopik, F, Höld, G & Wurzenberger, M 2023, A User and Entity Behavior Analytics Log Data Set for Anomaly Detection in Cloud Computing. in Proceedings of the 2022 IEEE International Conference on Big Data - 6th International Workshop on Big Data Analytics for Cyber Intelligence and Defense (BDA4CID 2022). 2022 IEEE International Conference on Big Data (Big Data), pp. 4285-4294, 6th International Workshop on Big Data Analytics for Cyber Intelligence and Defense (BDA4CID 2022), Osaka, Japan, 17/12/22. https://doi.org/10.1109/bigdata55660.2022.10020672

A User and Entity Behavior Analytics Log Data Set for Anomaly Detection in Cloud Computing. / Landauer, Max (Speaker); Skopik, Florian; Höld, Georg et al.
Proceedings of the 2022 IEEE International Conference on Big Data - 6th International Workshop on Big Data Analytics for Cyber Intelligence and Defense (BDA4CID 2022). 2023. p. 4285-4294 (2022 IEEE International Conference on Big Data (Big Data)).

Research output: Chapter in Book or Conference Proceedings › Book chapter › peer-review

TY - CHAP

T1 - A User and Entity Behavior Analytics Log Data Set for Anomaly Detection in Cloud Computing

AU - Skopik, Florian

AU - Höld, Georg

AU - Wurzenberger, Markus

A2 - Landauer, Max

PY - 2023

Y1 - 2023

N2 - Cyber criminals utilize compromised user accounts to gain access into otherwise protected systems without the need for technical exploits. User and Entity Behavior Analytics (UEBA) leverages anomaly detection techniques to recognize such intrusions by comparing user behavior patterns against profiles derived from historical log data. Unfortunately, hardly any real log data sets suitable for UEBA are publicly available, which prevents objective comparison and reproducibility of approaches. Synthetic data sets are only able to alleviate this problem to some extent, because simulations are unable to adequately induce the dynamic and unstable nature of real user behavior in generated log data. We therefore present a real system log data set from a cloud computing platform involving more than 5000 users and spanning over more than five years. To evaluate our data set for the scenario of account hijacking, we outline a method for attack injection and subsequently disclose the resulting manifestations with an adaptive anomaly detection mechanism.

AB - Cyber criminals utilize compromised user accounts to gain access into otherwise protected systems without the need for technical exploits. User and Entity Behavior Analytics (UEBA) leverages anomaly detection techniques to recognize such intrusions by comparing user behavior patterns against profiles derived from historical log data. Unfortunately, hardly any real log data sets suitable for UEBA are publicly available, which prevents objective comparison and reproducibility of approaches. Synthetic data sets are only able to alleviate this problem to some extent, because simulations are unable to adequately induce the dynamic and unstable nature of real user behavior in generated log data. We therefore present a real system log data set from a cloud computing platform involving more than 5000 users and spanning over more than five years. To evaluate our data set for the scenario of account hijacking, we outline a method for attack injection and subsequently disclose the resulting manifestations with an adaptive anomaly detection mechanism.

UR - https://www.mendeley.com/catalogue/cc180f43-ac2f-33b2-94a1-ca1b13a80355/

U2 - 10.1109/bigdata55660.2022.10020672

DO - 10.1109/bigdata55660.2022.10020672

M3 - Buchkapitel

SN - 9781665480451

T3 - 2022 IEEE International Conference on Big Data (Big Data)

SP - 4285

EP - 4294

BT - Proceedings of the 2022 IEEE International Conference on Big Data - 6th International Workshop on Big Data Analytics for Cyber Intelligence and Defense (BDA4CID 2022)

T2 - 6th International Workshop on Big Data Analytics for Cyber Intelligence and Defense (BDA4CID 2022)

Y2 - 17 December 2022 through 20 December 2022

ER -

Landauer M , Skopik F, Höld G, Wurzenberger M. A User and Entity Behavior Analytics Log Data Set for Anomaly Detection in Cloud Computing. In Proceedings of the 2022 IEEE International Conference on Big Data - 6th International Workshop on Big Data Analytics for Cyber Intelligence and Defense (BDA4CID 2022). 2023. p. 4285-4294. (2022 IEEE International Conference on Big Data (Big Data)). doi: 10.1109/bigdata55660.2022.10020672

A User and Entity Behavior Analytics Log Data Set for Anomaly Detection in Cloud Computing

Abstract

Publication series

Conference

Research Field

Access to Document

Other files and links

Cite this