Title :
IP2User -- Identifying the Username of an IP Address in Network-Related Events
Author :
Shabtai, Asaf ; Morad, Idan ; Kolman, Eyal ; Eran, Ereli ; Vaystikh, Alex ; Gruss, Eyal ; Rokach, L. ; Elovici, Yuval
Author_Institution :
Dept. of Inf. Syst. Eng., Ben-Gurion Univ. of the Negev, Beer-Sheva, Israel
fDate :
June 27 2013-July 2 2013
Abstract :
Network devices deployed in organizations (Firewall, IDS, routers, antivirus, servers, etc.) logs users´ activity as events. Based on these events users´ behavioral profiles can be derived in order to detect anomalies, indicating potential attacks. The identifier of a user in most cases is the user´s organizational username. While events are always logged with the source IP address they are not always logged with the relevant username and therefore, many of the collected events are not directly linked with the appropriate user. In this paper we describe a method for associating an IP address with an actual username based on a set of logged events. This is crucial precondition for generating an accurate user´s profile. The proposed method was evaluated using real large datasets (logs) and showed 88% accuracy in the identification of usernames.
Keywords :
computer network security; user interfaces; IP address username; IP2User; anomaly detection; organizational username; user behavioral profile; Accuracy; Computers; Couplings; IP networks; Object recognition; Organizations; Servers; anomaly detection; security and event management; user profiling;
Conference_Titel :
Big Data (BigData Congress), 2013 IEEE International Congress on
Conference_Location :
Santa Clara, CA
Print_ISBN :
978-0-7695-5006-0
DOI :
10.1109/BigData.Congress.2013.73
