Talk:User behavior analytics

Untitled
BerkeleyScrub Bibliography of sources to add

1. Singh, Karanpreet, Paramvir Singh, and Krishan Kumar. 2018. "User Behavior Analytics-Based Classification Of Application Layer HTTP-GET Flood Attacks." Journal of Network and Computer Applications 112:97-114.

2. Lukashin, Alexey, Mikhail Popov, Anatoliy Bolshakov, and Yuri Nikolashin. 2019. "Scalable Data Processing Approach And Anomaly Detection Method For User And Entity Behavior Analytics Platform." Intelligent Distributed Computing XIII 344-349. https://web-a-ebscohost-com.libproxy.berkeley.edu/ehost/pdfviewer/pdfviewer?vid=4&sid=22bb0893-5cab-430a-a9bf-96bb33212750%40sessionmgr4008

3. Bhuyan, Monowar H., D. K. Bhattacharyya, and J. K. Kalita. 2014. "Network Anomaly Detection: Methods, Systems And Tools." IEEE Communications Surveys & Tutorials 16(1):303-336.

4.Akoglu, Leman, Hanghang Tong, and Danai Koutra. 2014. "Graph Based Anomaly Detection And Description: A Survey." Data Mining and Knowledge Discovery 29(3):626-688. https://arxiv.org/pdf/1404.4679.pdf

5. Patcha, Animesh, and Jung-Min Park. 2007. "An Overview Of Anomaly Detection Techniques: Existing Solutions And Latest Technological Trends." Computer Networks 51(12):3448-3470.

6. Wu, Shelly Xiaonan, and Wolfgang Banzhaf. 2010. "The Use Of Computational Intelligence In Intrusion Detection Systems: A Review." Applied Soft Computing 10(1):1-35.

7. Kent, Alexander D., Lorie M. Liebrock, and Joshua C. Neil. 2015. "Authentication Graphs: Analyzing User Behavior Within An Enterprise Network." Computers & Security 48:150-166.

8. Guo, Ken H., Yufei Yuan, Norman P. Archer, and Catherine E. Connelly. 2011. "Understanding Nonmalicious Security Violations In The Workplace: A Composite Behavior Model." Journal of Management Information Systems 28(2):203-236.

9. Briggs, P., D. Jeske, and L. Coventry. 2017. "Behavior Change Interventions For Cybersecurity." Behavior Change Research and Theory 115-136. https://reader.elsevier.com/reader/sd/pii/B9780128026908000049?token=51024652A140FF144AA4F75443CDE5350B6E97EC323A6C07FA54146FE45A5D18435AD82645EEE5EBBAC4214612BBC3E7

10. Addae, Joyce H., Xu Sun, Dave Towey, and Milena Radenkovic. 2019. "Exploring User Behavioral Data For Adaptive Cybersecurity." User Modeling and User-Adapted Interaction 29(3):701-750.

11. Patel, Ahmed, Mona Taghavi, Kaveh Bakhtiyari, and Joaquim Celestino Júnior. 2013. "An Intrusion Detection And Prevention System In Cloud Computing: A Systematic Review." Journal of Network and Computer Applications 36(1):25-41.

12. Ullah, Faheem, and Muhammad Ali Babar. 2019. "Architectural Tactics For Big Data Cybersecurity Analytics Systems: A Review." Journal of Systems and Software 151:81-118.

This article published in Journal of Systems and Software is entitled "Architectural Tactics For Big Data Cybersecurity Analytics Systems: A Review”. The article has sections on research methodology, demographic information, quality attributes, and architectural tactics. It also includes an introduction system for those unfamiliar with cybersecurity architecture methods.

The purpose of this article is to identify the main attributes used by cybersecurity professionals to develop Big Data Cybersecurity Analytics.

Big Data Cybersecurity Analytics (BDCA) systems utilize big data technologies to analyze cybersecurity events data to prevent cyberattacks from hurting organizational networks, computers, and data. When developing BDCA systems, professionals are most concerned with performance, accuracy, and stability, and describe data analytics as the most important component. In addition, the study finds that although interoperability, modifiability, adaptability, generality, stealthiness, and privacy assurance are quality attributes desired by cybersecurity professionals, they are lacking in architectural support by developers.

The study notes that tangible impacts of certain quality attributes need to be quantified and potential trade offs between implementing certain quality attributes also need to be determined.

Overall, this article is a great read for anyone who wants to better understand what cybersecurity professionals are looking for in BDCA systems and what needs to be improved. This article has great readability for the most part, especially considering the concepts they discuss can be very technical. The information in this article is very reliable because it is sourcing information from over 70 different studies and articles on topics related to BDCA. People who will find this article especially useful are those in the IT space, security professionals, and cybersecurity software developers.

Reading this article gave me a solid understanding of what cybersecurity professionals consider when developing BDCA systems for their own organizations and what is needed to make those systems better for everyone.

13. Sarker, Iqbal H. et al. 2020. "Cybersecurity Data Science: An Overview From Machine Learning Perspective." Journal of Big Data 7(1).

This is an article published in the Journal of Big Data titled “Cybersecurity Data Science: An Overview From Machine Learning Perspective." The article has sections on cybersecurity data science, machine learning tasks in cybersecurity, research issues and future directions, and a multi-layered framework for smart cybersecurity services. It also includes a background section for readers unfamiliar with the topic.

The purpose of this article is to discuss cybersecurity data science, relevant methods, and the applicability of data-driven intelligent decision making for preventing cyber attacks.

Essentially, cybersecurity data science is a set of methods used to make the computing process for identifying and addressing cybersecurity threats more actionable and intelligent than before. This involves extrapolating security incident patterns and insights from preexisting cybersecurity data and building relevant data-driven models.

Some further research that needs to be done and challenges that need to be addressed on this topic includes: cybersecurity datasets, Handling quality problems in cybersecurity datasets, Security policy rule generation, Protecting the valuable security information, and Feature engineering in cybersecurity.

Overall, this article is a great read for anyone who wants to better understand how data science can be used to improve cybersecurity. This article has great readability, especially since it is talking about topics that can get quite technical. The information is very reliable because it is sourcing information from many different studies and articles. People who will find this article especially useful are those in the IT space, technology enthusiasts, or those in the government and security spaces.

This article has given me a great introduction to how cybersecurity can be improved by data science methods. I definitely have a more holistic view of how cybersecurity can be improved through these means.

14. Lalouani, Wassila, and Mohamed Younis. 2020. "Multi-Observable Reputation Scoring System For Flagging Suspicious User Sessions." Computer Networks 182:107474.

15. Gratian, Margaret, Darshan Bhansali, Michel Cukier, and Josiah Dykstra. 2019. "Identifying Infected Users Via Network Traffic." Computers & Security 80:306-316.

16. Chowdhury, Noman H., Marc T. P. Adam, and Geoffrey Skinner. 2019. "The Impact Of Time Pressure On Cybersecurity Behaviour: A Systematic Literature Review." Behaviour & Information Technology 38(12):1290-1308.

This article published in Behaviour & Information Technology is entitled “The Impact Of Time Pressure On Cybersecurity Behaviour: A Systematic Literature Review”. This article includes sections on Fundamentals of time pressure and human cybersecurity behaviour, An integrative theoretical framework, Knowledge gaps and directions for future research. It also includes a background section for those unfamiliar in the topic.

The purpose of this study is to propose a theoretical framework for time pressures in human cybersecurity.

It is generally recognized that because of time pressures in certain occupations, many in the workforce will not take proper precautions when dealing with highly sensitive data. This can lead to adverse consequences for themselves, their organization, and their clients. The four main driving factors in determining how individuals view cybersecurity with given time pressures are: time pressure and cyber security contexts, psychological constructs, consequences, and moderating factors.

Some further areas of study the authors propose are: measuring actual behavior, applying neurophysiological methods, controlling time pressure in measuring behavior, understanding the role of interruptions and channels, and understanding other stakeholders.

Overall, this article is a great read for anyone who wants to better understand how the pressure of time can negatively affect individuals’ propensity to pay heed to certain cybersecurity norms.. This article has great readability for the most part, but some of the science explained to back up the study’s claims can be a bit hard to understand sometimes. The information in this article is very reliable because it is sourcing information from over 20 different studies and articles on various topics. People who will find this article especially useful are those in the IT space, security professionals, and human resources.

This article has given me great insight into how individuals can be more prone to making mistakes in regard to cybersecurity when a pressure of time is added to their work. This will be interesting when talking about user behavior analytics specifically.

17. Li, Yi, Kaiqi Xiong, and Xiangyang Li. 2019. "Applying Machine Learning Techniques To Understand User Behaviors When Phishing Attacks Occur." ICST Transactions on Security and Safety 6(21):162809. https://eudl.eu/pdf/10.4108/eai.13-7-2018.162809

This article published in ICST Transactions on Security and Safety is entitled "Applying Machine Learning Techniques To Understand User Behaviors When Phishing Attacks Occur." It includes sections on types of phishing attacks and how the study was set up, including methodology, study design, and participant selection. The article also includes an introduction to help readers understand the topic if they happen to not be familiar with phishing.

The purpose of this study is to understand how users behave differently when they read emails, some of which include those with characteristics that resemble real life phishing scenarios.

The researchers concluded using both an online and on-site research study that participants which received intervention and were offered a monetary incentive performed better in identifying phishing compared to participants in the control group. Some ways this study could improve is having a more diverse participant group, using more types of phishing beyond email, and having breaks. It seems like fatigue negatively affected participants’ ability to correctly determine phishing in emails.

Overall, this article is a great read for anyone who wants to better understand how users who use email frequently can determine phishing in a real life setting. This article has great readability for the most part since it is essentially synthesizing survey information. The information in this article is somewhat reliable because the methods used to study participant behavior were well constructed, although more studies need to be done to arrive at a stronger conclusion.. People who will find this article especially useful are those in the IT space, security professionals, and human resources.

This article reaffirmed my preconceived notions about email phishing. I was already aware that factors like fatigue, incentives, and interventions affect individuals’ ability to determine phishing. Having survey results to back that up is good, though.

18. Mills, Jennifer, Jason Dever, and Steven Stuban. 2018. "Using Regression To Predict Potential Insider Threats." Defense Acquisition Research Journal 25(02):122-157. https://eds-b-ebscohost-com.libproxy.berkeley.edu/eds/pdfviewer/pdfviewer?vid=0&sid=989aafc0-4411-4ce0-88f4-0859ba22ea18%40pdc-v-sessmgr03

19. Allodi, Luca, and Fabio Massacci. 2017. "Security Events And Vulnerability Data For Cybersecurity Risk Estimation." Risk Analysis 37(8):1606-1627. https://eds-b-ebscohost-com.libproxy.berkeley.edu/eds/pdfviewer/pdfviewer?vid=12&sid=0ece8af2-e552-4ad3-a4ef-e8842813168a%40sdc-v-sessmgr03

This article published in Risk Analysis is entitled "Security Events And Vulnerability Data For Cybersecurity Risk Estimation." This article includes sections on types of cyber risks, risk assessment in a financial institution, limitations of current risk assessment methodologies, and a quantitative model to determine likelihood of cyberattacks. It also includes a section for those unfamiliar with cybersecurity risk estimation.

The purpose of this article is to present a model and methodology based on data available from an organization’s security operation to estimate the probability of a cyberattack attack using quantitative means. This model specifically attempts to examine the role of untargeted attacks which make up the vast majority of cyber threats today.

The model measures the “power” of the attacker as the scale of exploitable vulnerabilities in an organization which can be adjusted to correlate with an organization’s risk appetite. This model is a great step forward in terms of building cybersecurity models to tackle potential attacks, since most models are developed based on qualitative factors rather than quantitative ones.

The researchers don’t propose any areas where the model should be further developed, but in general there should be more examples given of the model being applied in real-life scenarios to give it more credibility.

Overall, this article is very unique since it attempts to solve an issue that has been affecting cybersecurity operations for quite a while now. Professionals and developers need a quantitative model to determine cybersecurity risk to more accurately understand organizational needs for cybersecurity defenses. Since the article is based on a mathematical model to understand cybersecurity threats, it is very technical and hard to understand but the authors do a good job explaining the methodology and results. Cybersecurity professionals, developers, and hackers would be a good audience for this article.

I learned from this article that it is much better to develop cybersecurity models using quantitative factors rather than qualitative ones since it will allow for an organization to better address cyber threats.

20. Sarker, Iqbal H., and A.S.M. Kayes. 2020. "ABC-Ruleminer: User Behavioral Rule-Based Machine Learning Method For Context-Aware Intelligent Services." Journal of Network and Computer Applications 168:102762.

— Preceding unsigned comment added by BerkeleyScrub (talk • contribs) 07:43, 18 October 2020 (UTC)

Wiki Education Foundation-supported course assignment
This article was the subject of a Wiki Education Foundation-supported course assignment, between 19 September 2020 and 19 December 2020. Further details are available on the course page. Student editor(s): BerkeleyScrub.

Above undated message substituted from Template:Dashboard.wikiedu.org assignment by PrimeBOT (talk) 04:37, 18 January 2022 (UTC)

Did I mess up?
In your opinion, has this article been improved or worsened by my removal of the section on market developments?  'Ridge (  Converse,  Create , &  Fascinate  ) 21:08, 12 July 2021 (UTC)