Abstract
As illustrated by recent high-profile cases such as WikiLeaks and Snowden, information exfiltration is one of the key motivations for cyber-attacks. In this paper, we describe our approach to detect misuse of authorizations by insiders based on detection of anomalous user activity. Our system is based on novel machine learning algorithms to build multidimensional user profiles, which are then used to alert administrators upon detection of significant deviation in a user's behavior. Key.components to our profiling are generative models of user activity, which are intended to produce the best probabilistic model to explain observed activity. We have deployed these models on a range of applications such as monitoring access to source code repositories, security subsystem activity in mainframe systems, web application logs, and other proprietary applications. Extensive testing of our system with more than six years of user activity, and multiple red-teaming exercises have enabled us to tune our analytics to produce accurate results with very low false positive rates. Our analytic models are currently in use today to monitor a number of sensitive assets within IBM.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
