Hyppää sisältöön
    • Suomeksi
    • På svenska
    • In English
  • Suomi
  • Svenska
  • English
  • Kirjaudu
Hakuohjeet
JavaScript is disabled for your browser. Some features of this site may not work without it.
Näytä viite 
  •   Ammattikorkeakoulut
  • Jyväskylän ammattikorkeakoulu
  • Opinnäytetyöt (Avoin kokoelma)
  • Näytä viite
  •   Ammattikorkeakoulut
  • Jyväskylän ammattikorkeakoulu
  • Opinnäytetyöt (Avoin kokoelma)
  • Näytä viite

Detecting Insider Threats Using User and Entity Behavior Analytics

Hakonen, Petri (2022)

 
Avaa tiedosto
Thesis_Hakonen_Petri_YTC21S1.pdf (9.899Mt)
Lataukset: 


Hakonen, Petri
2022
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Näytä kaikki kuvailutiedot
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2022120226009
Tiivistelmä
Information technology advancements made during the past decade have made detecting adversaries extremely hard and almost impossible, so detection mechanisms have also evolved from old signature-based systems to look at the behavior of users, entities, and software.

The purpose of this master’s thesis is to research and gather the basic knowledge of insider threat taxonomy, what are the common indicators in human behavior, how those indicators could be potentially detected via technical logs (machine data) with user and entity behavior analytics tools and what are the prioritized use cases. In my master’s thesis process I utilized a mixed method approach of research. Background information was gathered through literature review, interview and familiarizing myself with the use cases of User and Entity Behavior analytics tool developed by Splunk Inc.

The findings of my research indicate that traditional security methods relying on rules and known patterns are not going to disappear, but they will remain as a key part of the layered defense. The effectiveness of these solutions will be multiplied by adapting AI driven user behavior analytics on top of them. User behavior analytics tools are providing a different approach to anomaly detection and relying on a range of analytical approaches. These are usually a combination of basic analytics methods and advanced analytics. Basic analytics means simple statistics, signatures, and pattern matching. Advanced analytics are relying in AI capabilities, and this allows the tool to learn and adapt faster to changes and does not require a similar level of human intervention. The changes are seen as anomalies from usual behavior, whether it is based on learning from individual behavior over times or from predefined role-based baselines.
Kokoelmat
  • Opinnäytetyöt (Avoin kokoelma)
Ammattikorkeakoulujen opinnäytetyöt ja julkaisut
Yhteydenotto | Tietoa käyttöoikeuksista | Tietosuojailmoitus | Saavutettavuusseloste
 

Selaa kokoelmaa

NimekkeetTekijätJulkaisuajatKoulutusalatAsiasanatUusimmatKokoelmat

Henkilökunnalle

Ammattikorkeakoulujen opinnäytetyöt ja julkaisut
Yhteydenotto | Tietoa käyttöoikeuksista | Tietosuojailmoitus | Saavutettavuusseloste