Enhancing Identity and Access Management Systems with Behavioral Analytics: A Novel Approach to Detecting Anomalous Activities

Abstract

The detection of malicious user conduct that does not result in an alert for an access violation or a data breach may prove to be a difficult task by itself. With the stolen login credentials, the intruder who is conducting espionage will initially make an effort to acquire data from the company network that he is authorised to access in a stealthy manner while attempting to avoid being discovered. This article presents a description of the User Behaviour Analytics Platform, which was designed to collect logs, extract features, and detect atypical users who may include possible insider threats. The platform was developed at the beginning of this article. A multi-algorithm ensemble that incorporates OCSVM, RNN, and Isolation Forest is also described. This is in addition to the previous point. Under the conditions of the experiment, it was proved that the system, which is made up of a collection of unsupervised anomaly detection algorithms, is able to recognise unusual patterns of user behaviour. The suggested study makes an effort to identify behaviours that are considered to be insider threats and to keep an eye out for any behaviour that is deemed to be unexpected or suspicious by the model. This behaviour is considered to be anomalies because it results in a high level of reconstruction error inside the model. During the training phase of the model, feature vectors that have been derived from user log activities are implemented within a predetermined time frame of each day. This strategy makes use of an autoencoder that is based on Gated Recurrent Units (GRU) in order to model user behaviour on a daily basis and identify abnormal insider threat spots. Errors generated by normal data are negligible since the model has been overfitted with normal data. However, when it comes to the malevolent category of aberrant data, the autoencoder produces a massive mistake. Computer Emergency Response Team (CERT) r4.2 is the name of the dataset used in this study. The feature vectors used are computed from the daily occurrences of a specific action by the users. GRU autoencoder is utilised for the purpose of behaviour learning