User Behavior Analysis
Analysis of user behavior and patterns for the purpose of detecting unauthorized user activity.Synonyms: Credential Monitoring , and UBA .
Some techniques monitor patterns of human behavior and then apply algorithms and statistical analysis to detect meaningful anomalies from those patterns—anomalies that indicate potential threats, such as repeated login attempts from a single IP address or large file downloads.
Other techniques may have explicit or rigid definitions of "bad behavior" which are then matched against instances in a computer network environment.
There are 9 countermeasure techniques in this category, User Behavior Analysis.
|User Behavior Analysis||D3-UBA||Analysis of user behavior and patterns for the purpose of detecting unauthorized user activity.||Credential Monitoring , and UBA|
|- Authentication Event Thresholding||D3-ANET||Collecting authentication events, creating a baseline user profile, and determining whether authentication events are consistent with the baseline profile.|
|- Authorization Event Thresholding||D3-AZET||Collecting authorization events, creating a baseline user profile, and determining whether authorization events are consistent with the baseline profile.|
|- Job Function Access Pattern Analysis||D3-JFAPA||Detecting anomalies in user access patterns by comparing user access activity to behavioral profiles that categorize users by role such as job title, function, department.|
|- Resource Access Pattern Analysis||D3-RAPA||Analyzing the resources accessed by a user to identify unauthorized activity.|
|- User Data Transfer Analysis||D3-UDTA||Analyzing the amount of data transferred by a user.|
|- User Geolocation Logon Pattern Analysis||D3-UGLPA||Monitoring geolocation data of user logon attempts and comparing it to a baseline user behavior profile to identify anomalies in logon location.|
|- Web Session Activity Analysis||D3-WSAA||Monitoring changes in user web session behavior by comparing current web session activity to a baseline behavior profile or a catalog of predetermined malicious behavior.|
|- Session Duration Analysis||D3-SDA||Analyzing the duration of user sessions in order to detect unauthorized activity.|