Machine Learning-Based Risky User Behavior Detection to Mitigate Ransomware Attacks on Higher Education Institutions
Saved in:
| Title: | Machine Learning-Based Risky User Behavior Detection to Mitigate Ransomware Attacks on Higher Education Institutions |
|---|---|
| Language: | English |
| Authors: | Godfrey F. Mendes |
| Source: | ProQuest LLC. 2024D.Engr. Dissertation, The George Washington University. |
| Availability: | ProQuest LLC. 789 East Eisenhower Parkway, P.O. Box 1346, Ann Arbor, MI 48106. Tel: 800-521-0600; Web site: http://www.proquest.com/en-US/products/dissertations/individuals.shtml |
| Peer Reviewed: | N |
| Page Count: | 126 |
| Publication Date: | 2024 |
| Document Type: | Dissertations/Theses - Doctoral Dissertations |
| Education Level: | Higher Education Postsecondary Education |
| Descriptors: | Colleges, Artificial Intelligence, Users (Information), Risk Assessment, Risk Management, Risk, Computer Security, Crime Prevention, Information Security, Computer Software Evaluation, Computer Software Selection, Praxis, Man Machine Systems |
| ISBN: | 979-83-8363-811-8 |
| Abstract: | This Praxis develops a machine learning (ML) model to address ransomware threats in higher education institutions (HEIs). HEIs are vulnerable to cyberattacks due to their open-access environments, diverse user bases, and decentralized IT systems. These vulnerabilities are compounded by limited budgets, heightened risks from increased digital operations, and a lack of security awareness among its users. The research focuses on the critical role of user behavior in cybersecurity strategies and utilizes ML to proactively detect risky user behaviors that could lead to ransomware attacks. Utilizing the CERT r4.2 Insider Threat dataset, this Praxis evaluates five ML models: Random Forest, Gradient Boosting, XGBoost, Support Vector Classifier, and Convolutional Neural Networks, to analyze user behaviors across email, HTTP, file access, device use, and logon activities. The research employs a dual-layer method. It initially identifies malicious activities in Layer 1, and then aggregates these activities to determine user risk levels in Layer 2. It utilizes K-means clustering to categorize users into various risk categories and utilizes Explainable Artificial Intelligence techniques such as SHapley Additive exPlanations to enhance transparency and interpretability. Key outcomes indicate that behaviors linked to device usage and HTTP actions are significant predictors of risky behaviors. While email content is impactful, it does not play as central a role as device and HTTP activities. The Random Forest ML model is effective in detecting these behaviors. [The dissertation citations contained here are published with the permission of ProQuest LLC. Further reproduction is prohibited without permission. Copies of dissertations may be obtained by Telephone (800) 1-800-521-0600. Web page: http://www.proquest.com/en-US/products/dissertations/individuals.shtml.] |
| Abstractor: | As Provided |
| Entry Date: | 2024 |
| Access URL: | https://gateway.proquest.com/openurl?url_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:dissertation&res_dat=xri:pqm&rft_dat=xri:pqdiss:31487475 |
| Accession Number: | ED659986 |
| Database: | ERIC |
| FullText | Text: Availability: 0 |
|---|---|
| Header | DbId: eric DbLabel: ERIC An: ED659986 AccessLevel: 3 PubType: Dissertation/ Thesis PubTypeId: dissertation PreciseRelevancyScore: 0 |
| IllustrationInfo | |
| Items | – Name: Title Label: Title Group: Ti Data: Machine Learning-Based Risky User Behavior Detection to Mitigate Ransomware Attacks on Higher Education Institutions – Name: Language Label: Language Group: Lang Data: English – Name: Author Label: Authors Group: Au Data: <searchLink fieldCode="AR" term="%22Godfrey+F%2E+Mendes%22">Godfrey F. Mendes</searchLink> – Name: TitleSource Label: Source Group: Src Data: <searchLink fieldCode="SO" term="%22ProQuest+LLC%22"><i>ProQuest LLC</i></searchLink>. 2024D.Engr. Dissertation, The George Washington University. – Name: Avail Label: Availability Group: Avail Data: ProQuest LLC. 789 East Eisenhower Parkway, P.O. Box 1346, Ann Arbor, MI 48106. Tel: 800-521-0600; Web site: http://www.proquest.com/en-US/products/dissertations/individuals.shtml – Name: PeerReviewed Label: Peer Reviewed Group: SrcInfo Data: N – Name: Pages Label: Page Count Group: Src Data: 126 – Name: DatePubCY Label: Publication Date Group: Date Data: 2024 – Name: TypeDocument Label: Document Type Group: TypDoc Data: Dissertations/Theses - Doctoral Dissertations – Name: Audience Label: Education Level Group: Audnce Data: <searchLink fieldCode="EL" term="%22Higher+Education%22">Higher Education</searchLink><br /><searchLink fieldCode="EL" term="%22Postsecondary+Education%22">Postsecondary Education</searchLink> – Name: Subject Label: Descriptors Group: Su Data: <searchLink fieldCode="DE" term="%22Colleges%22">Colleges</searchLink><br /><searchLink fieldCode="DE" term="%22Artificial+Intelligence%22">Artificial Intelligence</searchLink><br /><searchLink fieldCode="DE" term="%22Users+%28Information%29%22">Users (Information)</searchLink><br /><searchLink fieldCode="DE" term="%22Risk+Assessment%22">Risk Assessment</searchLink><br /><searchLink fieldCode="DE" term="%22Risk+Management%22">Risk Management</searchLink><br /><searchLink fieldCode="DE" term="%22Risk%22">Risk</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+Security%22">Computer Security</searchLink><br /><searchLink fieldCode="DE" term="%22Crime+Prevention%22">Crime Prevention</searchLink><br /><searchLink fieldCode="DE" term="%22Information+Security%22">Information Security</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+Software+Evaluation%22">Computer Software Evaluation</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+Software+Selection%22">Computer Software Selection</searchLink><br /><searchLink fieldCode="DE" term="%22Praxis%22">Praxis</searchLink><br /><searchLink fieldCode="DE" term="%22Man+Machine+Systems%22">Man Machine Systems</searchLink> – Name: ISBN Label: ISBN Group: ISBN Data: 979-83-8363-811-8 – Name: Abstract Label: Abstract Group: Ab Data: This Praxis develops a machine learning (ML) model to address ransomware threats in higher education institutions (HEIs). HEIs are vulnerable to cyberattacks due to their open-access environments, diverse user bases, and decentralized IT systems. These vulnerabilities are compounded by limited budgets, heightened risks from increased digital operations, and a lack of security awareness among its users. The research focuses on the critical role of user behavior in cybersecurity strategies and utilizes ML to proactively detect risky user behaviors that could lead to ransomware attacks. Utilizing the CERT r4.2 Insider Threat dataset, this Praxis evaluates five ML models: Random Forest, Gradient Boosting, XGBoost, Support Vector Classifier, and Convolutional Neural Networks, to analyze user behaviors across email, HTTP, file access, device use, and logon activities. The research employs a dual-layer method. It initially identifies malicious activities in Layer 1, and then aggregates these activities to determine user risk levels in Layer 2. It utilizes K-means clustering to categorize users into various risk categories and utilizes Explainable Artificial Intelligence techniques such as SHapley Additive exPlanations to enhance transparency and interpretability. Key outcomes indicate that behaviors linked to device usage and HTTP actions are significant predictors of risky behaviors. While email content is impactful, it does not play as central a role as device and HTTP activities. The Random Forest ML model is effective in detecting these behaviors. [The dissertation citations contained here are published with the permission of ProQuest LLC. Further reproduction is prohibited without permission. Copies of dissertations may be obtained by Telephone (800) 1-800-521-0600. Web page: http://www.proquest.com/en-US/products/dissertations/individuals.shtml.] – Name: AbstractInfo Label: Abstractor Group: Ab Data: As Provided – Name: DateEntry Label: Entry Date Group: Date Data: 2024 – Name: URL Label: Access URL Group: URL Data: <link linkTarget="URL" linkTerm="https://gateway.proquest.com/openurl?url_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:dissertation&res_dat=xri:pqm&rft_dat=xri:pqdiss:31487475" linkWindow="_blank">https://gateway.proquest.com/openurl?url_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:dissertation&res_dat=xri:pqm&rft_dat=xri:pqdiss:31487475</link> – Name: AN Label: Accession Number Group: ID Data: ED659986 |
| PLink | https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=eric&AN=ED659986 |
| RecordInfo | BibRecord: BibEntity: Languages: – Text: English PhysicalDescription: Pagination: PageCount: 126 Subjects: – SubjectFull: Colleges Type: general – SubjectFull: Artificial Intelligence Type: general – SubjectFull: Users (Information) Type: general – SubjectFull: Risk Assessment Type: general – SubjectFull: Risk Management Type: general – SubjectFull: Risk Type: general – SubjectFull: Computer Security Type: general – SubjectFull: Crime Prevention Type: general – SubjectFull: Information Security Type: general – SubjectFull: Computer Software Evaluation Type: general – SubjectFull: Computer Software Selection Type: general – SubjectFull: Praxis Type: general – SubjectFull: Man Machine Systems Type: general Titles: – TitleFull: Machine Learning-Based Risky User Behavior Detection to Mitigate Ransomware Attacks on Higher Education Institutions Type: main BibRelationships: HasContributorRelationships: – PersonEntity: Name: NameFull: Godfrey F. Mendes IsPartOfRelationships: – BibEntity: Dates: – D: 01 M: 01 Type: published Y: 2024 Identifiers: – Type: isbn-print Value: 979-83-8363-811-8 Titles: – TitleFull: ProQuest LLC Type: main |
| ResultId | 1 |
