UEBA 2018: IEEE Intelligence and Security Informatics 2018, Workshop on User and Entity Behavior Analytics Florida International University Miami, FL, United States, November 9-11, 2018 |
Conference website | https://sites.google.com/view/isi18-ws-ueba/home |
Submission link | https://easychair.org/conferences/?conf=ueba2018 |
Abstract registration deadline | August 17, 2018 |
Submission deadline | August 17, 2018 |
Organizations have vast amount of security data that they already gather, whether via SIEM, system logs, or other custom tools. The rich and heterogenous data sets collected range in depth from the application-level events (ex. VPN, cloud apps) to network-level logs (ex. netflow); as well as in breadth from conventional security logs (ex. AD, badging) to custom logs (ex. internal bank activity transactions). In addition, available are environment context data (ex. human resource records, CMDB) and more. Organizations recently have recognized the potential value of leveraging the data to address both internal and external threats. User and entity behavior analytics (UEBA), an industry-recognized term, monitors users and network entities and applying machine learning methods to find actionable behavior anomalies and insights. Common UEBA applications include detection of malicious insider threat, privilege misuse, and compromised account.
The opportunities for advanced research are matched by several challenges:
-
- Labels on collected traffic data are either few or nonexistent. This is particular so for insider threats.
- Single data sources tend to be analyzed individually in publications. Strategies to address heterogeneity of data sources is little explored.
- Volume and veracity of security data must be addressed for operational systems.
- Security data logs from legacy security products are hard to interprete. Data pre-processing and normalization require domain experts input.
- Contextual information from the IT environment may not be available or not always accurate.
- Constraints in ML choices given that the outputs must be explainable for usability.
The target audience of this workshop are industry professionals, researchers, or technologists who will benefit of a single forum where they can discuss and share the state-of-the-art of the development and applications related to UEBA, present their ideas and contributions, and set future directions in research.
Submission Guidelines
This workshop aims to promote new advances and research directions to address UEBA. Topics of interest include all aspects of analytics for data that organizations already have or are capable of collecting, at least with the followings:
-
- Automated data parsing and transformation
- Automated IT environment understanding for contextual data prediction or classification
- Metrics or methods for evaluation
- Methods for ground truth synthesis or simulation
- Alert data presentation and visualization methods
- Methods for alert triage and incident response playbook automation
- Modeling of novel data sources pertinent to UEBA
- System or architecture to analytically process and score heterogenous data
- Novel use cases in new ways of combining data for interesting applications
Committees
Program Committee
- (to be updated. It will be folks from both academia and industry)
Contact
All questions about submissions should be emailed to Derek Lin, derek@exabeam.com