Detecting Deviation in User Activity Using Supervised Learning
摘要
Cyberattacks continue to pose a serious threat to organizational and national security, with recent years showing a dramatic rise in the number and complexity of these attacks. In 2025 alone, ransomware attacks increased by 126%, averaging nearly 2,000 incidents per week worldwide [2]. Many of these attacks involve advanced techniques such as phishing, credential theft, and AI-driven exploitation, which make it harder for traditional security systems to detect threats. To address these evolving risks, it is critical to explore new methods that can detect malicious activity even when attackers appear as legitimate users. In this research, we developed a behavior-based anomaly detection system that uses supervised machine learning to identify abnormal login activity. The tool analyzes user behavior patterns such as login time, location, IP address, and device type, and flags suspicious deviations that may indicate account compromise or insider threats. We implemented and evaluated three machine learning models Random Forest, Logistic Regression, and Neural Networks to determine which approach is the best fitting in detecting anomalous user activity. This system will help organizations enhance their cybersecurity posture by proactively identifying unusual behavior patterns, offering earlier warnings of potential attacks, and ultimately reducing the impact of cyber intrusions.