User behavior analytics: Difference between revisions

This article contains promotional content. Please help improve it by removing promotional language and inappropriate external links, and by adding encyclopedic text written from a neutral point of view. (April 2021) (Learn how and when to remove this message)

User behavior analytics (UBA) is a cybersecurity process about detection of insider threats, targeted attacks, and financial fraud that tracks a system's users. UBA looks at patterns of human behavior, and then analyzes them to detect anomalies that indicate potential threats.^[1][2] Big data platforms like Apache Hadoop are increasing UBA functionality by allowing them to analyze petabytes worth of data to detect insider threats and advanced persistent threats.^[3][4]

UBA's purpose, according to Johna Till Johnson of Nemertes Research, is that "Security systems provide so much information that it's tough to uncover information that truly indicates a potential for real attack. Analytics tools help make sense of the vast amount of data that SIEM, IDS/IPS, system logs, and other tools gather. UBA tools use a specialized type of security analytics that focuses on the behavior of systems and the people using them. UBA technology first evolved in the field of marketing, to help companies understand and predict consumer-buying patterns. But as it turns out, UBA can be extraordinarily useful in the security context too."^[5]

The current state of the art^[6] encodes user behavior as color image encodings designed to compare against baseline behavior, using pre-trained computer vision architectures to identify anomalous behavior with malicious intent rather than detecting particular attack patterns. This approach outperforms alternatives while also mitigating many of the concerns mentioned in the previous section.

• Behavioral analytics
• Network behavior anomaly detection

• ABC's Of UBA