Proposed Method for Threat Detection Using User Behavior Analysis
Viplav Pandhurnekar, Anish Iyyappan, Dnyandeep Dhok, Vaishnav Khante, Sampada Wazalwar
Abstract
The development of a unique Web-Based platform to identify malicious user activity is the motivation of this research. Paper has applied analytics to the application-layer logs and proposed a Random Forest Algorithm-based model to certain metrics to identify malicious users. The paper shows collected IP addresses and device IDs from web application logs and has then applied the random forest algorithm to establish the behavior of users based on their browsing patterns. In this paper, the identification of the behavior is based on the number of requests made by the user, the time spent on the web application, and the frequency of requests. The patterns with the highest number of requests, the longest time spent, and the highest frequency of requests is the most probable cases of malicious user behavior. have created a Password manager web application and introduced vulnerabilities in training data intentionally for this purpose. The paper shows hosted setup on the LAMP stack based on the AWS EC2 cloud. These patterns would be used to sort incoming traffic and flag any IP addresses that would be the most probable cases of unauthorized login attempts.