Cyberattacks continue to pose a serious threat to organizational and national security, with recent years showing a dramatic rise in the number and complexity of these attacks. In 2025 alone, ransomware attacks increased by 126%, averaging nearly 2,000 incidents per week worldwide [2]. Many of these attacks involve advanced techniques such as phishing, credential theft, and AI-driven exploitation, which make it harder for traditional security systems to detect threats. To address these evolving risks, it is critical to explore new methods that can detect malicious activity even when attackers appear as legitimate users. In this research, we developed a behavior-based anomaly detection system that uses supervised machine learning to identify abnormal login activity. The tool analyzes user behavior patterns such as login time, location, IP address, and device type, and flags suspicious deviations that may indicate account compromise or insider threats. We implemented and evaluated three machine learning models Random Forest, Logistic Regression, and Neural Networks to determine which approach is the best fitting in detecting anomalous user activity. This system will help organizations enhance their cybersecurity posture by proactively identifying unusual behavior patterns, offering earlier warnings of potential attacks, and ultimately reducing the impact of cyber intrusions.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Detecting Deviation in User Activity Using Supervised Learning

  • Ciera Miller,
  • Kemon Bynum,
  • Cheryl Hinds

摘要

Cyberattacks continue to pose a serious threat to organizational and national security, with recent years showing a dramatic rise in the number and complexity of these attacks. In 2025 alone, ransomware attacks increased by 126%, averaging nearly 2,000 incidents per week worldwide [2]. Many of these attacks involve advanced techniques such as phishing, credential theft, and AI-driven exploitation, which make it harder for traditional security systems to detect threats. To address these evolving risks, it is critical to explore new methods that can detect malicious activity even when attackers appear as legitimate users. In this research, we developed a behavior-based anomaly detection system that uses supervised machine learning to identify abnormal login activity. The tool analyzes user behavior patterns such as login time, location, IP address, and device type, and flags suspicious deviations that may indicate account compromise or insider threats. We implemented and evaluated three machine learning models Random Forest, Logistic Regression, and Neural Networks to determine which approach is the best fitting in detecting anomalous user activity. This system will help organizations enhance their cybersecurity posture by proactively identifying unusual behavior patterns, offering earlier warnings of potential attacks, and ultimately reducing the impact of cyber intrusions.