Publications

BibTex format

@inbook{Turcotte:2016:10.1142/9781786340757_0003,
author = {Turcotte, MJM and Heard, NA and Kent, AD},
booktitle = {Dynamic Networks and Cyber-Security},
doi = {10.1142/9781786340757_0003},
pages = {67--87},
title = {Modelling user behaviour in a network using computer event logs},
url = {http://dx.doi.org/10.1142/9781786340757_0003},
year = {2016}
}

Download

RIS format (EndNote, RefMan)

TY  - CHAP
AB  - Computer event logs are a potentially valuable resource in detecting cyber security threats on a computer network. One important research problem associated with these logs is user credential theft or misuse, either by a malicious insider or an external adversary. Once compromised, a user credential can be used by an adversary to advance through the network and further their goals. Little attention is currently given to looking at computer event logs as an aggregated multivariate data stream. The aim of the work in this chapter is to model user credential patterns on the network by considering independently the time series of events generated by each user credential. Simple Bayesian models are fit to the event data for each user credential, providing a flexible global framework for monitoring credentials on an enterprise network and identifying potentially compromised credentials.
AU  - Turcotte,MJM
AU  - Heard,NA
AU  - Kent,AD
DO  - 10.1142/9781786340757_0003
EP  - 87
PY  - 2016///
SN  - 9781786340740
SP  - 67
TI  - Modelling user behaviour in a network using computer event logs
T1  - Dynamic Networks and Cyber-Security
UR  - http://dx.doi.org/10.1142/9781786340757_0003
ER  -

Download

Professor Nick Heard

Contact

Location

Summary

Citation

BibTex format

RIS format (EndNote, RefMan)