Background:
A key problem in an enterprise is to safeguard its user’s accounts against potentially bad actors (or rogue users). The Verizon Data Breach Investigations Report 2021 (DBIR-2021) reported 79,635 incidents and 5,258 breaches involving millions of sensitive records in 2021. Data incidents and breaches are a fact of life and companies need to spend as much effort on planning how to prevent them efficiently as they do on other services.
As it’s evident from the given figure 5. & 6., Social Engineering, System Intrusion and Basic Web application attacks make for the largest proportion of attacks among both the categories & the interesting fact about these attacks is in them being having a property of behaviours over a session or time frame.
Also, it’s evident from fig 7. that 85% of breaches involved the human elements that again indicates the behaviour of an organic entity behind those breaches. Finally, fig 8. sums up the colossal monetary loss that could have been avoided had there been a robust mechanism or platform to avoid or mitigate the breaches & incidents. With tremendous monetary losses, the need for a preventive solution can’t be uncalled for.
User behavioural profiling & Its need:
With the aforementioned discussion, the need for a preventive solution is implied but the traditional solutions, which are rule-based, often goes rogue with the ever new incidents or breaches due to being usually endowed with variable characteristics of environments across websites that make the problem of detecting bad users using a rule-based system very complex & unscalable. However, presuming the actions of a compromised & rogue user are inherently different from its usual behaviour makes this problem somewhat simpler to tackle if the user profile based on its behaviour is maintained. If each of the user’s actions is monitored over time and against actions of similar users, one can bring about a baseline profile of the user’s behaviour, then any deviations from this behaviour can be flagged as potential anomalies that call for further investigation.
Moreover, with the maintenance of users profile of their behaviour, proactive defences come into vogue contrary to traditional reactive defences. Traditional reactive defences operate only when security incidents take place, or immediately thereafter whereas a proactive solution proactively protects users devices and networks. By observing user behaviour, it can predict whether they will be exposed to malicious content on the web seconds before the moment of exposure, thus opening a window of opportunity for proactive defences.
What is a User Behaviour?
The behaviour of an actor is simply a pattern of actions performed by the actor in order to achieve certain goals. Sometimes, according to the problem or objective concerned, its behaviour may also include environments through which the actor has been performing actions. As an instance, time, place, environment, a chronology of page visits, etc. of a user can make for a behaviour.
As shown in the below figure, a machine learning algorithm generally requires a sophisticated & refined user behaviour that is derived or refined from raw information about a particular or batch of user activities.
Raw transactional data is modelled to behaviour feature-oriented space ready to be ingested by ML algorithms. The process that creates behaviour to be devoured by algorithms is called behavioural modelling. Behavioural Modelling develops modelling and representation methods to capture behaviour characteristics and dynamics of a user. Once a behaviour is modelled, it could be further devoured by an algorithm, typically an ML one, to provide us with security decisions — whether a user is rogue/bad or not?
Following is a general diagram succinctly describing the aforementioned dynamics of behaviour with its analysis & modelling to achieve behaviour-oriented decision-making as insecurity.
Graph-Based User Behaviour Modelling:
Graph-Based user behaviour modelling is a common way to model the behaviour of an actor. Although the theory & background to understand it in light of behaviour modelling extends way deeper & complex, it could be intuitively understood by a simple state machine, specifically nondeterministic finite automaton.
A state machine is a graph where nodes describe states & edges describe the transition from one state to another. The transition edges can be further modelled to describe behaviour as shown in the following figure. In the following simple illustration, user profiling has been brought about by modelling the page-visit behaviour of a user based on its past data. Nodes are the web pages & probabilities labelled on transition edges depicting the probability with which the user will move from a particular page to another.
Now, this model can be used to detect the possibility of abnormal behaviour in page visits of a particular user using a simple statistical inference.
Conclusion:
User profiling with its behaviour is a promising approach or tool through which proactive defences backed by sophisticated machine learning algorithms can be given to users to avoid & mitigate ever-alarming breaches and incidents costing colossal monetary losses. In this approach, the relevant entities make for user behaviour that becomes instrumental in isolating a rogue user with its behaviour before it breaks into the system.
To isolate a bad actor with its behaviour, its real-time behaviour is assessed against a baseline behaviour that is concluded in prior from the good actor(s) with its/their usual behaviour.
Credits:
- https://www.verizon.com/business/solutions/enterprise/ for their data.
- http://www.behaviorinformatics.org/ for their diagrams.
12 replies on “Behaviourally User Profiling For Securing Them – Authsafe”
[…] an account, cybercriminals must complete a number of steps, thus a fraud detection mechanism that continuously monitors behaviour can spot clues and trends to determine whether a consumer is being […]
[…] means looking out for changes in customer behavior, such as a sudden increase or decrease in spending or the number of orders placed. You can also […]
[…] attackers will change their tools and techniques, but by staying alert and implementing the security measures that AuthSafe offers, you can stay safe from […]
Thank you very much for sharing. Your article was very helpful for me to build a paper on gate.io. After reading your article, I think the idea is very good and the creative techniques are also very innovative. However, I have some different opinions, and I will continue to follow your reply.
I am a website designer. Recently, I am designing a website template about gate.io. The boss’s requirements are very strange, which makes me very difficult. I have consulted many websites, and later I discovered your blog, which is the style I hope to need. thank you very much. Would you allow me to use your blog style as a reference? thank you!
I am a student of BAK College. The recent paper competition gave me a lot of headaches, and I checked a lot of information. Finally, after reading your article, it suddenly dawned on me that I can still have such an idea. grateful. But I still have some questions, hope you can help me.
Thanks for shening. I read many of your blog posts, cool, your blog is very good. https://www.binance.com/en/register?ref=P9L9FQKY
I may need your help. I’ve been doing research on gate io recently, and I’ve tried a lot of different things. Later, I read your article, and I think your way of writing has given me some innovative ideas, thank you very much.
The point of view of your article has taught me a lot, and I already know how to improve the paper on gate.oi, thank you. https://www.gate.io/id/signup/XwNAU
Thanks for shening. I read many of your blog posts, cool, your blog is very good. https://accounts.binance.com/en/register-person?ref=P9L9FQKY
I may need your help. I tried many ways but couldn’t solve it, but after reading your article, I think you have a way to help me. I’m looking forward for your reply. Thanks.
I may need your help. I tried many ways but couldn’t solve it, but after reading your article, I think you have a way to help me. I’m looking forward for your reply. Thanks.