Contact
  • E-ISSN:

    2454-9584

    P-ISSN

    2454-8111

    Impact Factor 2024

    6.713

    Impact Factor 2023

    6.464

  • E-ISSN:

    2454-9584

    P-ISSN

    2454-8111

    Impact Factor 2024

    6.713

    Impact Factor 2023

    6.464

  • E-ISSN:

    2454-9584

    P-ISSN

    2454-8111

    Impact Factor 2024

    6.713

    Impact Factor 2023

    6.464

INTERNATIONAL JOURNAL OF INVENTIONS IN ENGINEERING & SCIENCE TECHNOLOGY

International Peer Reviewed (Refereed), Open Access Research Journal
(By Aryavart International University, India)

Paper Details

Threat Eye: Machine-Learning-Based Behaviour Analytics for Cloud Threat Detection and Anomaly Classification

Shourya Gupta

University of Bath, United Kingdon

17 - 26 Vol. 10, Issue 1, Jan-Dec, 2024
Receiving Date: 2024-02-02;    Acceptance Date: 2024-03-15;    Publication Date: 2024-04-11
Download PDF

Abstract

Cloud environments generate massive, heterogeneous telemetry: identity sign-ins, API calls, network flows, container events, and application logs. Many real attacks in the cloud do not rely on exploiting a software vulnerability. Instead, adversaries abuse valid credentials, cloud-native APIs, and “living-off-the-land” actions that look legitimate in isolation. This makes behaviour analytics (often grouped under User and Entity Behavior Analytics, UEBA) a practical detection layer: it models who/what normally does what and flags meaningful deviations. Building behaviour analytics for the cloud, however, is difficult due to high-cardinality entities, concept drift (deployments change behaviour), sparse labels, and the cost of false positives at scale.

Keywords: Threat Eye; Anomaly; APIs; entities

    References

  1. Calvo, A., Martín, A. G., Beltrán, M., Fernández-Isabel, A., & Martín de Diego, I. (2025). RBD24: A labelled dataset with risk activities using log data. Computers & Security, 144, 104290. https://doi.org/10.1016/j.cose.2024.104290
  2. Campello, R. J. G. B., Moulavi, D., Zimek, A., & Sander, J. (2015). Hierarchical density estimates for data clustering, visualization, and outlier detection. ACM Transactions on Knowledge Discovery from Data, 10(1), 1– 51. https://doi.org/10.1145/2733381
  3. Chen, S., Wang, H., Li, Z., & Liu, W. (2022). BERT-Log: Anomaly detection for system logs based on BERT. Applied Artificial Intelligence, 36(1), 2145642. https://doi.org/10.1080/08839514.2022.2145642
  4. Deepa, S., Venkatesan, R., & Thangavel, M. (2024). Deep belief network-based user and entity behavior analytics (UEBA) for web applications. International Journal of Cooperative Information Systems, 33(1), 2350016. https://doi.org/10.1142/S0218843023500168
  5. Du, M., Li, F., Zheng, G., & Srikumar, V. (2017). DeepLog: Anomaly detection and diagnosis from system logs through deep learning. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 1285–1298). https://doi.org/10.1145/3133956.3134015
  6. Jiang, J., Zhang, Y., Wang, Z., & Liu, Z. (2019). Anomaly detection with graph convolutional networks for insider threat and fraud detection. 2019 IEEE Military Communications Conference (MILCOM) (pp. 1– 6). https://doi.org/10.1109/MILCOM47813.2019.9020760
  7. Landauer, M., Onder, S., Skopik, F., & Wurzenberger, M. (2023). Deep learning for anomaly detection in log data: A survey. Machine Learning with Applications, 12, 100470. https://doi.org/10.1016/j.mlwa.2023.100470
  8. Landauer, M., Skopik, F., Hold, G., & Wurzenberger, M. (2022). A user and entity behavior analytics log data set for anomaly detection in cloud computing. 2022 IEEE International Conference on Big Data (Big Data) (pp. 6078– 6085). https://doi.org/10.1109/BigData55660.2022.10020672
  9. Lee, Y., Kim, J., & Kang, P. (2023). LAnoBERT: System log anomaly detection based on BERT masked language model. Applied Soft Computing, 148, 110689. https://doi.org/10.1016/j.asoc.2023.110689
  10. Liu, W., Chen, Y., & Zhang, H. (2022). Robust log anomaly detection based on contrastive learning and multi-scale masked sequence to sequence. The Journal of Supercomputing, 78(15), 16937– 16960. https://doi.org/10.1007/s11227-022-04508-1
  11. Martín, A. G., Beltrán, M., Fernández-Isabel, A., & Martín de Diego, I. (2021). An approach to detect user behaviour anomalies within identity federations. Computers & Security, 106, 102356. https://doi.org/10.1016/j.cose.2021.102356
  12. McInnes, L., Healy, J., & Astels, S. (2017). hdbscan: Hierarchical density based clustering. Journal of Open Source Software, 2(11), 205. https://doi.org/10.21105/joss.00205
  13. Shashanka, M., Shen, M.-Y., & Wang, J. (2016). User and entity behavior analytics for enterprise security. 2016 IEEE International Conference on Big Data (Big Data) (pp. 1867–1874). https://doi.org/10.1109/BigData.2016.7840805
  14. Yuan, S., & Wu, X. (2021). Deep learning for insider threat detection: Review, challenges and opportunities. Computers & Security, 104, 102221. https://doi.org/10.1016/j.cose.2021.102221
Back

Disclaimer: Indexing of published papers is subject to the evaluation and acceptance criteria of the respective indexing agencies. While we strive to maintain high academic and editorial standards, International Journal of Inventions in Engineering & Science Technology does not guarantee the indexing of any published paper. Acceptance and inclusion in indexing databases are determined by the quality, originality, and relevance of the paper, and are at the sole discretion of the indexing bodies.