{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T18:10:37Z","timestamp":1772043037012,"version":"3.50.1"},"reference-count":40,"publisher":"Wiley","issue":"6","license":[{"start":{"date-parts":[[2025,10,20]],"date-time":"2025-10-20T00:00:00Z","timestamp":1760918400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/onlinelibrary.wiley.com\/termsAndConditions#vor"}],"content-domain":{"domain":["onlinelibrary.wiley.com"],"crossmark-restriction":true},"short-container-title":["Security and Privacy"],"published-print":{"date-parts":[[2025,11]]},"abstract":"<jats:title>ABSTRACT<\/jats:title>\n                  <jats:p>Insider threats remain one of the most challenging issues in cybersecurity, as malicious activities are carried out by legitimate users and are difficult to distinguish from normal behavior. The rarity of insider events further leads to highly imbalanced datasets, reducing the effectiveness of conventional rule\u2010based, machine learning, and deep learning approaches, which often suffer from low precision and high false positive rates. This work proposes an insider threat detection framework based on Extreme Gradient Boosting (XGBoost) optimized with Bayesian Optimization (BO). Class imbalance is addressed using Synthetic Minority Oversampling Technique with Edited Nearest Neighbors (SMOTEENN). The framework is further strengthened through feature engineering to capture behavioral and temporal patterns of user activity. The proposed methodology is assessed on Carnegie Mellon University's (CMU) CERTr4.2 synthetic dataset, where single\u2010day sequential activity logs are processed to obtain numerical feature vectors. The model is trained on r4.2 and subsequently evaluated not only on r4.2 but also tested for generalization on the newer r5.2 and r6.2 datasets. Performance is measured under both balanced and imbalanced configurations across different data ratios. The results consistently demonstrate that feature engineering significantly improves detection capability. In particular, when evaluated on r4.2, the model achieves 99.0% accuracy, 96.2% precision, 96.9% recall, 96.6% F1\u2010score, and a ROC\u2010AUC of 99.7%. Comparable robustness is observed on r5.2 and r6.2, confirming the reliability and transferability of the approach across datasets. These findings establish the clear advantage of the proposed framework over current baseline models.<\/jats:p>","DOI":"10.1002\/spy2.70122","type":"journal-article","created":{"date-parts":[[2025,10,20]],"date-time":"2025-10-20T14:51:01Z","timestamp":1760971861000},"update-policy":"https:\/\/doi.org\/10.1002\/crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["An Efficient Insider Threat Detection Framework Using Bayesian\u2010Optimized\n                    <scp>XGBoost<\/scp>"],"prefix":"10.1002","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0984-9890","authenticated-orcid":false,"given":"Ambairam Muthu","family":"Sivakrishna","sequence":"first","affiliation":[{"name":"Department of CSE National Institute of Technology  Tiruchirappalli India"}]},{"given":"R.","family":"Mohan","sequence":"additional","affiliation":[{"name":"Department of CSE National Institute of Technology  Tiruchirappalli India"}]},{"given":"Valaparla","family":"Rohini","sequence":"additional","affiliation":[{"name":"Department of CSE National Institute of Technology  Tiruchirappalli India"}]}],"member":"311","published-online":{"date-parts":[[2025,10,20]]},"reference":[{"key":"e_1_2_8_2_1","unstructured":"Gurucul: What is a Motivational Misuse Insider Threat? 2024 https:\/\/gurucul.com\/blog\/what\u2010is\u2010a\u2010motivational\u2010misuse\u2010insider\u2010threat\/."},{"key":"e_1_2_8_3_1","unstructured":"IBM Security Analysis Report 2024 https:\/\/www.ibm.com\/reports\/data\u2010breach."},{"key":"e_1_2_8_4_1","unstructured":"D.Cost CMU CERT Insider Threat Mitigation Research Report 2022 https:\/\/resources.sei.cmu.edu\/asset_files\/WhitePaper\/2022_019_001_886876.pdf."},{"key":"e_1_2_8_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2020.2967721"},{"key":"e_1_2_8_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3303771"},{"key":"e_1_2_8_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCSS.2014.2377811"},{"key":"e_1_2_8_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2018.2800740"},{"key":"e_1_2_8_9_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2021.107597"},{"key":"e_1_2_8_10_1","doi-asserted-by":"publisher","DOI":"10.7717\/peerj-cs.938"},{"key":"e_1_2_8_11_1","first-page":"1","article-title":"Insider Threat Detection Using Supervised Machine Learning Algorithms","volume":"87","author":"Manoharan P.","year":"2023","journal-title":"Telecommunication Systems"},{"issue":"2","key":"e_1_2_8_12_1","first-page":"48","article-title":"A Bayesian Approach to Insider Threat Detection","volume":"12","author":"Wall A.","year":"2021","journal-title":"Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications"},{"key":"e_1_2_8_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCSS.2018.2857473"},{"key":"e_1_2_8_14_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2020.10.012"},{"key":"e_1_2_8_15_1","first-page":"1","volume-title":"2024 11th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO)","author":"Singh A.","year":"2024"},{"key":"e_1_2_8_16_1","doi-asserted-by":"publisher","DOI":"10.55197\/qjoest.v6i1.202"},{"key":"e_1_2_8_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-15-0871-4_15"},{"key":"e_1_2_8_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3118297"},{"key":"e_1_2_8_19_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2021.108076"},{"key":"e_1_2_8_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3340531.3412161"},{"key":"e_1_2_8_21_1","doi-asserted-by":"publisher","DOI":"10.14569\/IJACSA.2021.0120166"},{"key":"e_1_2_8_22_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2023.103434"},{"key":"e_1_2_8_23_1","doi-asserted-by":"publisher","DOI":"10.3390\/app10144945"},{"key":"e_1_2_8_24_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2023.126588"},{"key":"e_1_2_8_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICGI.2017.37"},{"key":"e_1_2_8_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/s12652-023-04581-1"},{"key":"e_1_2_8_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2023.119925"},{"key":"e_1_2_8_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2021.3071928"},{"key":"e_1_2_8_29_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.isatra.2023.06.030"},{"issue":"1","key":"e_1_2_8_30_1","first-page":"15","article-title":"The Insider Threat Detection and Secure Data Transfer Leveraging Bidirectional Lstm With Grouped Orthogonal Initialization and Swish Activation: Threat Detection and Secure Data Transfer","volume":"1","author":"Srinivasan K.","year":"2025","journal-title":"International Journal of Digital Innovation and Discoveries"},{"key":"e_1_2_8_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/RAIT65068.2025.11089064"},{"key":"e_1_2_8_32_1","doi-asserted-by":"publisher","DOI":"10.1201\/9781003388913-36"},{"key":"e_1_2_8_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/GCCIT63234.2024.10862896"},{"key":"e_1_2_8_34_1","doi-asserted-by":"publisher","DOI":"10.2024\/jcbi.499"},{"key":"e_1_2_8_35_1","doi-asserted-by":"publisher","DOI":"10.58346\/JISIS.2023.I4.001"},{"key":"e_1_2_8_36_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.aej.2024.12.106"},{"key":"e_1_2_8_37_1","doi-asserted-by":"publisher","DOI":"10.26634\/jit.13.3.21454"},{"key":"e_1_2_8_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11042-023-16969-4"},{"key":"e_1_2_8_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11042-024-18426-2"},{"key":"e_1_2_8_40_1","doi-asserted-by":"publisher","DOI":"10.1155\/2021\/1777536"},{"key":"e_1_2_8_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11042-022-12173-y"}],"container-title":["SECURITY AND PRIVACY"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/spy2.70122","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T07:42:26Z","timestamp":1763451746000},"score":1,"resource":{"primary":{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/10.1002\/spy2.70122"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,20]]},"references-count":40,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2025,11]]}},"alternative-id":["10.1002\/spy2.70122"],"URL":"https:\/\/doi.org\/10.1002\/spy2.70122","archive":["Portico"],"relation":{},"ISSN":["2475-6725","2475-6725"],"issn-type":[{"value":"2475-6725","type":"print"},{"value":"2475-6725","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,20]]},"assertion":[{"value":"2025-06-25","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-10-08","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-10-20","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"e70122"}}