Behavioural analysis is the practice of using machine learning, artificial intelligence, big data and analytics to identify the regular, and conversely irregular, patterns of behaviour. This can be both system behaviour and user interaction behaviour. Malicious attacks can generally be identified because they differ from normal behaviour within a system or network. Abnormal user behaviour includes the downloading of big amounts of data or access requests to files or services that are never used or at odd times or places.
Setting up a framework to conduct this type of analysis can thus significantly contribute to IT security by flagging possible attacks. Some examples of factors on which behavioural analytics can be applied are the type of applications used in a network, geographical locations of logins and the way data flows on a network. A downside to setting up a framework for behavioural analysis is that it can be resource intensive, it relies on a list of ‘good’ and ‘bad’ activities and can be privacy unfriendly. However, it is not dependant of a list of known malware or file traits that is common in signature-based technology. It is an important way of identifying threats posed by trusted insiders and can add to the insider risk management.
Related Keywords: pattern recognition, behaviour modelling, remote login, detection, protection, prevention, human factor