USER AND

ENTITY
BEHAVIOUR
ANALYSIS
FOR ENTERPRISE SECURITY

0 8 S HAN TAN U BAD W E

5 3 N I R NAY PAT I L
 OBJECTIVES
• Anomaly Detection: Implementing advanced algorithms to identify unusual or abnormal behaviour patterns exhibited by users and
entities (such as devices, applications, or systems) within the network. This helps in the early detection of potential security breaches or
insider threats.

• Insider Threat Identification: Identifying potential insider threats by analyzing user actions, access patterns, and behavioural changes.
UEBA helps distinguish between regular user behaviour and suspicious activities that might indicate malicious intent.

• Risk Scoring and Prioritization: Assigning risk scores to users and entities based on their behaviour, highlighting high-risk individuals
or assets that require immediate attention. This allows security teams to prioritize their efforts and focus on critical threats.

• Real-time Alerts and Incident Response: Setting up a system to generate real-time alerts when suspicious behaviour is detected. These
alerts trigger timely incident response actions to mitigate potential security incidents promptly.

• Continuous Learning and Improvement: Employing machine learning techniques to learn from new data and adapt the UEBA models
continuously. Regular updates and improvements ensure the system effectively detects evolving threats and maintains accuracy over
time.
 PROBLEM
S TAT E M E N T
• The organization faces challenges in identifying and mitigating insider threats, including malicious activities performed
by employees or privileged users. Existing security measures are insufficient in detecting anomalies in user behaviour,
leading to potential data breaches and information leaks.

• The current security infrastructure struggles to distinguish between normal and abnormal behaviour patterns of users and
entities (such as devices, servers, and applications). This hampers the ability to promptly identify and respond to potential
security incidents, leading to extended exposure to cyber threats.
STATISTICS
 INPUT
1. User Behavior Dataset: A collection of user activities, helping detect anomalies and security
threats.

2. Organization Authorization Tree: Hierarchical access control structure for data security and
privacy.

3. Classification of Files and Vulnerability Factor: Categorizing files by sensitivity and assessing
their security risks.

4. Log Files Generated During Transfers: Records of data transfers, aiding in monitoring and
incident response.
 DATAS E T

• CERT/R4.2
• ftp://ftp.sei.cmu.edu/pub/cert-data
• enterprise employee behavior dataset
 ALGORITHMS USED
• Encryption Algorithms: These are essential for protecting data at rest and in transit. Common encryption algorithms include
Advanced Encryption Standard (AES), Triple DES (3DES), and RSA.
• Hashing Algorithms: To ensure data integrity, hashing algorithms like SHA-256 or MD5 are used to create fixed-size
hashes of data, enabling verification of data integrity.
• Digital Signatures: Algorithms like RSA or DSA are used to provide data authenticity and non-repudiation by creating
digital signatures that can be verified by recipients.
• Firewalls: While not an algorithm per se, firewalls use rule-based filtering to control network traffic and protect against
unauthorized access.
• Intrusion Detection and Prevention Systems (IDPS): These systems use various algorithms to analyze network traffic
patterns and detect potential security breaches or attacks.
• Machine Learning for Anomaly Detection: ML algorithms like Random Forest, Support Vector Machines, or Deep
Learning models can be employed to detect anomalous behavior in network traffic or user activity.
• Access Control Models: Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and other access
control models use various algorithms to manage user permissions and enforce security policies.
• Secure Communication Protocols: Algorithms like Transport Layer Security (TLS) or Secure Sockets Layer (SSL) are
used to encrypt data during communication between systems.Data Loss Prevention (DLP): DLP systems use pattern-
matching and rule-based algorithms to identify and prevent sensitive data from leaving the organization's network.
• Security Information and Event Management (SIEM): SIEM tools use algorithms to aggregate and analyze security event
data from various sources to identify potential threats and incidents.
• Virtual Private Networks (VPNs): VPNs use encryption algorithms to secure communication channels for remote workers
or branch offices.
• Biometric Authentication: Biometric algorithms, such as fingerprint recognition, iris scanning, or facial recognition, can be
used for more secure user authentication.
• Multi-Factor Authentication (MFA): MFA combines multiple authentication methods, such as passwords, tokens, and
biometrics, to enhance security.
• Distributed Denial of Service (DDoS) Mitigation: DDoS protection relies on various algorithms and techniques to detect
and mitigate DDoS attacks.
• Secure File Transfer Protocols: Algorithms like SFTP (SSH File Transfer Protocol) or SCP (Secure Copy Protocol) are used
for secure file transfer.
 FUTURE SCOPE
Bullet points for the given text:

- Malware has been a persistent threat to organizations, and detecting malware in a timely manner remains a
challenge.
- Malware can harm systems by executing unnecessary services, causing system overload and hindering smooth
operation.
- The current approach for malware detection is using signature-based techniques.
- Malware signatures are defined by the tasks the malware performs when activated, such as running OS services or
downloading infected files from the internet.
- The proposed algorithm for malware detection in this paper utilizes Decision Trees, XGBoost, and Support Vector
Machines.
SOFTWARE
BUG
PREDICTION
(USING MACHINE LEARNING)
 ABSTRACT
Software fault prediction and proneness has long been considered as a critical issue for the tech industry and software
professionals. In the traditional techniques, it requires previous experience of faults or a faulty module while detecting the
software faults inside an application. An automated software fault recovery models enable the software to significantly
predict and recover software faults using machine learning techniques. Such ability of the feature makes the software to
run more effectively and reduce the faults, time and cost. In this paper, we proposed a software defect predictive
development models using machine learning techniques that can enable the software to continue its projected task.
Moreover, we used different prominent evaluation benchmark to evaluate the model's performance such as ten-fold cross-
validation techniques, precision, recall, specificity, f 1 measure, and accuracy. This study reports a significant classification
performance of 98-100% using SVM on three defect datasets in terms of f1 measure. However, software practitioners and
researchers can attain independent understanding from this study while selecting automated task for their intended
application.
 DATAS E T
In this experiment, we have used 3 open source publicly available data from PROMISE Software
Engineering Database. These datasets Tim Menzies et al. have been used in their research paper.
In another study, Jureczko et al. have been assembled a software fault prediction model to predict
the software defects using machine learning algorithms. They have discussed in their paper about
8 projects (PROMISE Repository) data and by taking 19 CK metrics and McCabe metrics for
constructed a predictive model. In our study, we have used 22 attributes for building our
automated fault predict model. Table 1 shows 22 different attributes from software defect
datasets including 21 independent metrics and one is outcome information. i.e. which is faulty and
no-fault.
 OBJECTIVES
• The aim of this prediction task is to release applications without bugs. From the 1990s until now,
software defect prediction models were developed to detect faults before they are deployed to the
field, and defective modules were identified before system tests by using these prediction models

• Defect prediction help in predicting the maintenance times, which counteract quality assurance,
reliability, security richness, and reduce costs. This study evaluated and analyzed different SSL
methodologies in which the Extended Random Forest (extRF) technique is used for the defective
system prediction.
 ALGORITHMS USED

• DECISION TREES
• NAÏVE BAYES ALGORITHM
• KNN(K-NEAREST NEIGHBOUR ALGORITHM)
• LOGISTIC REGRESSION
• RANDOM FOREST
• SUPPORRT VECTOR MACHINE
 FUTURE SCOPE
1. Exploring Graph-Based Representations: Utilizing graph-based representations of code and its
dependencies can capture complex relationships among code elements, leading to more
comprehensive bug prediction models that consider interdependencies between different parts of
the codebase.

2. Continuous Monitoring and Feedback Loop: Establishing a continuous bug monitoring system with
real-time feedback to developers can help them identify and rectify potential bug-prone code
changes promptly, reducing the likelihood of bugs being introduced into the codebase.

3. Incorporating User Feedback and Bug Reports: Leveraging user feedback, bug reports, and
customer complaints can offer valuable insights into post-release bugs and assist in improving the
bug prediction model to address real-world scenarios and user concerns.