IP2User -- Identifying the Username of an IP Address in Network-Related Events

Author

Shabtai, Asaf ; Morad, Idan ; Kolman, Eyal ; Eran, Ereli ; Vaystikh, Alex ; Gruss, Eyal ; Rokach, L. ; Elovici, Yuval

Author_Institution

Dept. of Inf. Syst. Eng., Ben-Gurion Univ. of the Negev, Beer-Sheva, Israel

fYear

2013

fDate

June 27 2013-July 2 2013

Firstpage

435

Lastpage

436

Abstract

Network devices deployed in organizations (Firewall, IDS, routers, antivirus, servers, etc.) logs users´ activity as events. Based on these events users´ behavioral profiles can be derived in order to detect anomalies, indicating potential attacks. The identifier of a user in most cases is the user´s organizational username. While events are always logged with the source IP address they are not always logged with the relevant username and therefore, many of the collected events are not directly linked with the appropriate user. In this paper we describe a method for associating an IP address with an actual username based on a set of logged events. This is crucial precondition for generating an accurate user´s profile. The proposed method was evaluated using real large datasets (logs) and showed 88% accuracy in the identification of usernames.

Keywords

computer network security; user interfaces; IP address username; IP2User; anomaly detection; organizational username; user behavioral profile; Accuracy; Computers; Couplings; IP networks; Object recognition; Organizations; Servers; anomaly detection; security and event management; user profiling;

fLanguage

English

Publisher

ieee

Conference_Titel

Big Data (BigData Congress), 2013 IEEE International Congress on

Conference_Location

Santa Clara, CA

Print_ISBN

978-0-7695-5006-0

Type

conf

DOI

10.1109/BigData.Congress.2013.73

Filename

6597177