Anomaly detection through User Behaviour Analysis

The rise in cyber-attacks and cyber-crime is causing more and more organizations and individuals to consider the correct implementation of their security systems. The consequences of a security breach can be devastating, ranging from loss of public confidence to bankruptcy. Traditional techniques fo...

Descripción completa

Detalles Bibliográficos
Autor: Dumitrasc, Valentina
Tipo de recurso: tesis de maestría
Fecha de publicación:2023
País:España
Institución:Universitat Politècnica de Catalunya (UPC)
Repositorio:UPCommons. Portal del coneixement obert de la UPC
Idioma:inglés
OAI Identifier:oai:upcommons.upc.edu:2117/394877
Acceso en línea:https://hdl.handle.net/2117/394877
Access Level:acceso abierto
Palabra clave:Computer security
Malware (Computer software)
Machine learning
cybersecurity
malware
machine learning
antivirus
Seguretat informàtica
Aprenentatge automàtic
Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica
Descripción
Sumario:The rise in cyber-attacks and cyber-crime is causing more and more organizations and individuals to consider the correct implementation of their security systems. The consequences of a security breach can be devastating, ranging from loss of public confidence to bankruptcy. Traditional techniques for detecting and stopping malware rely on building a database of known signatures using known samples of malware. However, these techniques are not very effective at detecting zero-day exploits because there are no samples in their malware signature databases. The limitation of not being able to detect zero-day exploits leaves organisations vulnerable to new and evolving malware threats. To address this challenge, this thesis proposes a novel approach to malware detection using machine learning techniques. The proposed approach creates a user profile that trains a machine learning model using only normal user behaviour data, and detects malware by identifying deviations from this profile. In this way, the proposed approach can detect zero-day malware and other previously unknown threats without having a specific database of malware signatures. The proposed approach is evaluated using real-world datasets, and different machine learning algorithms are compared to evaluate their performance in detecting unknown threats. The results show that the proposed approach is effective in detecting malware, achieving high accuracy and low false positive rates. This thesis contributes to the field of malware detection by providing a new perspective and approach that complements existing methods, and has the potential to improve the overall security of organisations and individuals in the face of evolving cybersecurity threats.