Applying hidden markov models for user and entity behavioural analytics model
Tynymbayev B.
June 2026Academic Press
Systems and Soft Computing
2026#8
Methods and means of illegal infiltration into computer systems of companies have become more intelligent and multi-layered. Consequently, since a complex password is no longer a guarantee of security, the user and entity behaviour analytics increase the security of the companys computer system. The article proposes a model based on Hidden Markov Model to investigate and formulate the behavioural profile of an attacker in order to increase the accuracy of predicting their future actions. This research assesses the effectiveness of implementing Hidden Markov Model in the entity behaviour analytics system based on the real user activity logs were collected from the SIEM platform deployed in a company with about 1000 employees over a 30 days period (1,2 million events). The logs included authentication events, process creation, registry modification, and network communication data. All events were normalized and correlated using predefined SIEM correlation rules. Hidden Markov Model is used to predict a set of hidden states based on existing observations. The results of the experiments clearly indicate the advantages of using the suggested technique to model discrete time data as it offers significantly less learning time and better performance compared to existing methods. The true positive rate (TPR) score confirms the authors hypotheses and gives it practical application to avoid missing suspicious events.
AI , Cybersecurity , Hidden Markov Model , Machine learning , Threats , UEBA
Text of the article Перейти на текст статьи
Department of Mathematical and Computer Modelling, Faculty of Mathematics, L.N. Gumilyov Eurasian National University, 2 Satpayev Str., Astana, 010008, Kazakhstan
Department of Mathematical and Computer Modelling
10 лет помогаем публиковать статьи Международный издатель
Книга Публикация научной статьи Волощук 2026 Book Publication of a scientific article 2026