[Publication] Cybersecurity Threat Detection Based on a Ueba Framework Using Deep Autoencoders
José Fuentes and Inés Ortega-Fernández from PRESERVE partner Gradiant are co-authors of the recent scientific article “Cybersecurity threat detection based on a UEBA framework using Deep Autoencoders” published in AIMS Mathematics 2025, Volume 10, Issue 10.
Abstract
The increasing sophistication of cyberattacks, especially insider and process-related anomalies, poses a major challenge to enterprises, as traditional rule-based or shallow anomaly detection systems often fail to capture complex behavioral patterns. User and Entity Behavior Analytics (UEBA) is a broad branch of data analytics that attempts to build a normal behavioral profile in order to detect anomalous events. Among the techniques used to detect anomalies, deep autoencoders constituted one of the most promising deep learning models on UEBA tasks, allowing explainable detection of security incidents that could lead to the leak of personal data, hijacking of systems, or access to sensitive business information. In this study, we introduced the first implementation of an explainable UEBA-based anomaly detection framework that leveraged deep autoencoders in combination with Doc2Vec, a neural network-based approach that learns the distributed representation of documents, to process both numerical and textual features. Additionally, based on the theoretical foundations of neural networks, we offered a novel proof demonstrating the equivalence of two widely used definitions for fully-connected neural networks. The experimental results demonstrated the proposed framework’s capability to detect real and synthetic anomalies effectively generated from real attack data, showing that the models provided not only correct identification of anomalies but also explainable results that enabled the reconstruction of the possible origin of the anomaly. Compared to existing UEBA and anomaly detection approaches, the novelty of our framework lied in combining explainable multimodal feature processing with formal mathematical guarantees. Our findings suggested that the proposed UEBA framework can be seamlessly integrated into enterprise environments.
Published in: AIMS Mathematics
2025, Volume 10, Issue 10: 23496-23517
Published: 16 October 2025
doi: 10.3934/math.20251043
