Visible to the public Modeling User Communities for Identifying Security Risks in an Organization

TitleModeling User Communities for Identifying Security Risks in an Organization
Publication TypeConference Paper
Year of Publication2017
AuthorsDas, A., Shen, M. Y., Wang, J.
Conference Name2017 IEEE International Conference on Big Data (Big Data)
Date Publisheddec
ISBN Number978-1-5386-2715-0
Keywordscommunity detection, Companies, entity behavior analytics, feature-based weight assignments, Human Behavior, human factors, insider threat, Louvain method, Louvain modularity, Measurement, Metrics, network traffic, Niara's data, Optimization, peer group creation, Peer grouping, peer grouping employees, peer to peer security, Peer-to-peer computing, Personnel, production environment, pubcrawl, resilience, Resiliency, Scalability, security, security of data, security risks, team working, Tools, UEBA, User and Entity Behavior Analytics, user communities, user feedback
Abstract

In this paper, we address the problem of peer grouping employees in an organization for identifying security risks. Our motivation for studying peer grouping is its importance for a clear understanding of user and entity behavior analytics (UEBA) that is the primary tool for identifying insider threat through detecting anomalies in network traffic. We show that using Louvain method of community detection it is possible to automate peer group creation with feature-based weight assignments. Depending on the number of employees and their features we show that it is also possible to give each group a meaningful description. We present three new algorithms: one that allows an addition of new employees to already generated peer groups, another that allows for incorporating user feedback, and lastly one that provides the user with recommended nodes to be reassigned. We use Niara's data to validate our claims. The novelty of our method is its robustness, simplicity, scalability, and ease of deployment in a production environment.

URLhttp://ieeexplore.ieee.org/document/8258488/
DOI10.1109/BigData.2017.8258488
Citation Keydas_modeling_2017