Statistical Approach For Cloud Security: Microsoft Office 365 audit logs case study

Detecting abnormal user interaction with a computer system is paramount to prevent unauthorized access. With the growth in the use of cloud services, both from a personal and business perspective, cloud service accounts are a profitable target for cyber attacks. This work is a practical attempt to improve SaaS security through accessible and adaptable solutions. We used kernel density estimation in order to classify events from Microsoft audit logs. We were able to model the active hours of each user within an organization and then detect when an action was made outside of these hours.