10 research outputs found

    Cloud-based User Entity Behavior Analytics Log Data Set

    No full text
    <p>This respository contains the CLUE-LDS (CLoud-based User Entity behavior analytics Log Data Set). The data set contains log events from real users utilizing a cloud storage suitable for User Entity Behavior Analytics (UEBA). Events include logins, file accesses, link shares, config changes, etc. The data set contains around 50 million events generated by more than 5000 distinct users in more than five years (2017-07-07 to 2022-09-29 or 1910 days). The data set is complete except for 109 events missing on 2021-04-22, 2021-08-20, and 2021-09-05 due to database failure. The unpacked file size is around 14.5 GB. A detailed analysis of the data set is provided in [1].</p><p>The logs are provided in JSON format with the following attributes in the first level:</p><ul><li><strong>id</strong>: Unique log line identifier that starts at 1 and increases incrementally, e.g., 1.</li><li><strong>time</strong>: Time stamp of the event in ISO format, e.g., 2021-01-01T00:00:02Z.</li><li><strong>uid</strong>: Unique anonymized identifier for the user generating the event, e.g., old-pink-crane-sharedealer.</li><li><strong>uidType</strong>: Specifier for uid, which is either the user name or IP address for logged out users.</li><li><strong>type</strong>: The action carried out by the user, e.g., file_accessed.</li><li><strong>params</strong>: Additional event parameters (e.g., paths, groups) stored in a nested dictionary.</li><li><strong>isLocalIP</strong>: Optional flag for event origin, which is either internal (true) or external (false).</li><li><strong>role</strong>: Optional user role: consulting, administration, management, sales, technical, or external.</li><li><strong>location</strong>: Optional IP-based geolocation of event origin, including city, country, longitude, latitude, etc.</li></ul><p>In the following data sample, the first object depicts a successful user login (see <i>type: login_successful</i>) and the second object depicts a file access (see <i>type: file_accessed</i>) from a remote location:</p><blockquote><p>{"params": {"user": "intact-gray-marlin-trademarkagent"}, "type": "login_successful", "time": "2019-11-14T11:26:43Z", "uid": "intact-gray-marlin-trademarkagent", "id": 21567530, "uidType": "name"}</p><p> {"isLocalIP": false, "params": {"path": "/proud-copper-orangutan-artexer/doubtful-plum-ptarmigan-merchant/insufficient-amaranth-earthworm-qualitycontroller/curious-silver-galliform-tradingstandards/incredible-indigo-octopus-printfinisher/wicked-bronze-sloth-claimsmanager/frantic-aquamarine-horse-cleric"}, "type": "file_accessed", "time": "2019-11-14T11:26:51Z", "uid": "graceful-olive-spoonbill-careersofficer", "id": 21567531, "location": {"countryCode": "AT", "countryName": "Austria", "region": "4", "city": "Gmunden", "latitude": 47.915, "longitude": 13.7959, "timezone": "Europe/Vienna", "postalCode": "4810", "metroCode": null, "regionName": "Upper Austria", "isInEuropeanUnion": true, "continent": "Europe", "accuracyRadius": 50}, "uidType": "ipaddress"}</p></blockquote><p>The data set was generated at the premises of <a href="https://www.huemer-group.com/">Huemer Group</a>, a midsize IT service provider located in Vienna, Austria. Huemer Group offers a range of Infrastructure-as-a-Service solutions for enterprises, including cloud computing and storage. In particular, their cloud storage solution called <a href="https://www.huemer-group.com/hbox/">hBOX</a> enables customers to upload their data, synchronize them with multiple devices, share files with others, create versions and backups of their documents, collaborate with team members in shared data spaces, and query the stored documents using search terms. The hBOX extends the open-source project <a href="https://nextcloud.com">Nextcloud</a> with interfaces and functionalities tailored to the requirements of customers.</p><p>The data set comprises only normal user behavior, but can be used to evaluate anomaly detection approaches by simulating account hijacking. We provide an implementation for identifying similar users, switching pairs of users to simulate changes of behavior patterns, and a sample detection approach in our <a href="https://github.com/ait-aecid/clue-lds">github repo</a>.</p><p>Acknowledgements: Partially funded by the FFG project DECEPT (873980). The authors thank Walter Huemer, Oskar Kruschitz, Kevin Truckenthanner, and Christian Aigner from Huemer Group for supporting the collection of the data set.</p><p><strong>If you use the dataset, please cite the following publication:</strong></p><p>[1] M. Landauer, F. Skopik, G. Höld, and M. Wurzenberger. <a href="https://doi.org/10.1109/BigData55660.2022.10020672">"A User and Entity Behavior Analytics Log Data Set for Anomaly Detection in Cloud Computing"</a>. <a href="http://bigdataieee.org/BigData2022/"><i>2022 IEEE International Conference on Big Data - 6th International Workshop on Big Data Analytics for Cyber Intelligence and Defense (BDA4CID 2022)</i></a>, December 17-20, 2022, Osaka, Japan. IEEE. [<a href="https://www.skopik.at/ait/2022_bigdata.pdf">PDF</a>]</p>M. Landauer, F. Skopik, G. Höld, and M. Wurzenberger. "A User and Entity Behavior Analytics Log Data Set for Anomaly Detection in Cloud Computing". 2022 IEEE International Conference on Big Data - 6th International Workshop on Big Data Analytics for Cyber Intelligence and Defense (BDA4CID 2022), December 17-20, 2022, Osaka, Japan. IEEE

    Interval Construction within Partially Ordered Object Versions

    No full text
    this paper). As an abstract way to characterize system versions, we use absolute version expressions which allow for computing the ordering relation between labels. Version expressions serve for two purposes: Firstly, they label revisions within single objects. These expressions are called label expressions. And secondly, as configuration specifications, they are used to specify and select configurations: when building a system version, we have to select a set of revisions, one for each object. System versions are automatically built using a configuration specification describing an interval condition which has to be satisfied by every revision selected. When building configurations, there is not always a revision exactly matching the configuration specification. This is no restriction, instead it is useful when building modular systems, as demonstrated i

    Unser Werk : Blätter des Keren Hajessod (Jüdisches Palästinawerk) E.V. in Deutschland.

    No full text
    “Unser Werk” (“our work”) was the newsletter of the Keren Hayesod in Germany, a fundraising organization for Jewish settlement in Palestine. Its "Blätter" provided news and statistics about the organization's development efforts in Palestine.Recataloging - edited recordDescription based on: Vol. 1, no.1 (1929); caption title.Lastest issue consulted: Vol. 4, no. 6-10 (1932).CATALOGING COMPLETE 20180110. Information verified against digital surrogates.Digital imageDescription based on print version record

    BIBLIOGRAFIE

    No full text

    The surgical safety checklist and patient outcomes after surgery: a prospective observational cohort study, systematic review and meta-analysis

    Get PDF
    © 2017 British Journal of Anaesthesia Background: The surgical safety checklist is widely used to improve the quality of perioperative care. However, clinicians continue to debate the clinical effectiveness of this tool. Methods: Prospective analysis of data from the International Surgical Outcomes Study (ISOS), an international observational study of elective in-patient surgery, accompanied by a systematic review and meta-analysis of published literature. The exposure was surgical safety checklist use. The primary outcome was in-hospital mortality and the secondary outcome was postoperative complications. In the ISOS cohort, a multivariable multi-level generalized linear model was used to test associations. To further contextualise these findings, we included the results from the ISOS cohort in a meta-analysis. Results are reported as odds ratios (OR) with 95% confidence intervals. Results: We included 44 814 patients from 497 hospitals in 27 countries in the ISOS analysis. There were 40 245 (89.8%) patients exposed to the checklist, whilst 7508 (16.8%) sustained ≥1 postoperative complications and 207 (0.5%) died before hospital discharge. Checklist exposure was associated with reduced mortality [odds ratio (OR) 0.49 (0.32–0.77); P\u3c0.01], but no difference in complication rates [OR 1.02 (0.88–1.19); P=0.75]. In a systematic review, we screened 3732 records and identified 11 eligible studies of 453 292 patients including the ISOS cohort. Checklist exposure was associated with both reduced postoperative mortality [OR 0.75 (0.62–0.92); P\u3c0.01; I2=87%] and reduced complication rates [OR 0.73 (0.61–0.88); P\u3c0.01; I2=89%). Conclusions: Patients exposed to a surgical safety checklist experience better postoperative outcomes, but this could simply reflect wider quality of care in hospitals where checklist use is routine
    corecore