An Expectation Maximization Approach to Detecting Compromised Remote Access Accounts

Abstract

We present a method for detecting when a user’s remote access account has been compromised in such a way that an attacker model can be learned during operations. A Naive Bayes model is built for each user that stores the likelihood for each remote session based on a variety of features available in the access logs. During operation, we leverage Expectation… (More)

Topics

2 Figures and Tables

Slides referencing similar topics