Imperial College London

Professor Nick Heard

Faculty of Natural SciencesDepartment of Mathematics

Chair in Statistics



+44 (0)20 7594 1490n.heard Website




543Huxley BuildingSouth Kensington Campus






BibTex format

author = {Turcotte, MJM and Heard, NA and Kent, AD},
booktitle = {Dynamic Networks and Cyber-Security},
doi = {10.1142/9781786340757_0003},
pages = {67--87},
title = {Modelling user behaviour in a network using computer event logs},
url = {},
year = {2016}

RIS format (EndNote, RefMan)

AB - © 2016 by World Scientific Publishing Europe Ltd. All rights reserved. Computer event logs are a potentially valuable resource in detecting cyber security threats on a computer network. One important research problem associated with these logs is user credential theft or misuse, either by a malicious insider or an external adversary. Once compromised, a user credential can be used by an adversary to advance through the network and further their goals. Little attention is currently given to looking at computer event logs as an aggregated multivariate data stream. The aim of the work in this chapter is to model user credential patterns on the network by considering independently the time series of events generated by each user credential. Simple Bayesian models are fit to the event data for each user credential, providing a flexible global framework for monitoring credentials on an enterprise network and identifying potentially compromised credentials.
AU - Turcotte,MJM
AU - Heard,NA
AU - Kent,AD
DO - 10.1142/9781786340757_0003
EP - 87
PY - 2016///
SN - 9781786340740
SP - 67
TI - Modelling user behaviour in a network using computer event logs
T1 - Dynamic Networks and Cyber-Security
UR -
ER -