TY - CHAP AB - Computer event logs are a potentially valuable resource in detecting cyber security threats on a computer network. One important research problem associated with these logs is user credential theft or misuse, either by a malicious insider or an external adversary. Once compromised, a user credential can be used by an adversary to advance through the network and further their goals. Little attention is currently given to looking at computer event logs as an aggregated multivariate data stream. The aim of the work in this chapter is to model user credential patterns on the network by considering independently the time series of events generated by each user credential. Simple Bayesian models are fit to the event data for each user credential, providing a flexible global framework for monitoring credentials on an enterprise network and identifying potentially compromised credentials. AU - Turcotte,MJM AU - Heard,NA AU - Kent,AD DO - 10.1142/9781786340757_0003 EP - 87 PY - 2016/// SN - 9781786340740 SP - 67 TI - Modelling user behaviour in a network using computer event logs T1 - Dynamic Networks and Cyber-Security UR - http://dx.doi.org/10.1142/9781786340757_0003 ER -