Cybersecurity threat detection based on a UEBA framework using Deep Autoencoders
Jose Fuentes, Ines Ortega-Fernandez, Nora M. Villanueva, Marta Sestelo
TL;DR
This paper presents an explainable UEBA framework using Deep Autoencoders and Doc2Vec for anomaly detection, demonstrating effective detection of real and synthetic security threats with interpretability.
Contribution
It introduces the first explainable UEBA-based anomaly detection framework combining Deep Autoencoders with Doc2Vec and provides a novel proof of neural network equivalence.
Findings
Effective detection of real and synthetic anomalies
Models provide explainable results and origin reconstruction
Framework can be integrated into enterprise security systems
Abstract
User and Entity Behaviour Analytics (UEBA) is a broad branch of data analytics that attempts to build a normal behavioural profile in order to detect anomalous events. Among the techniques used to detect anomalies, Deep Autoencoders constitute one of the most promising deep learning models on UEBA tasks, allowing explainable detection of security incidents that could lead to the leak of personal data, hijacking of systems, or access to sensitive business information. In this study, we introduce the first implementation of an explainable UEBA-based anomaly detection framework that leverages Deep Autoencoders in combination with Doc2Vec to process both numerical and textual features. Additionally, based on the theoretical foundations of neural networks, we offer a novel proof demonstrating the equivalence of two widely used definitions for fully-connected neural networks. The experimental…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.