{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,21]],"date-time":"2026-05-21T10:42:51Z","timestamp":1779360171860,"version":"3.51.4"},"publisher-location":"Boston, MA","reference-count":43,"publisher":"Springer US","isbn-type":[{"value":"9780387773216","type":"print"},{"value":"9780387773223","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-0-387-77322-3_5","type":"book-chapter","created":{"date-parts":[[2008,3,6]],"date-time":"2008-03-06T15:47:27Z","timestamp":1204818447000},"page":"69-90","source":"Crossref","is-referenced-by-count":176,"title":["A Survey of Insider Attack Detection Research"],"prefix":"10.1007","author":[{"given":"Malek Ben","family":"Salem","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shlomo","family":"Hershkop","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Salvatore J.","family":"Stolfo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"5_CR1","unstructured":"Bell D E, LaPadula L J, Secure Computer Systems: Mathematical Foundations. MITRE Corporation, 1973."},{"key":"5_CR2","unstructured":"Chinchani R, Muthukrishnan A, Chandrasekaran M, Upadhyaya S, RACOON: Rapidly Generating User Command Data for Anomaly Detection from Customizable Templates. Computer Security Applications Conference, 2004. 20th Annual Volume, Issue, 6-10 Dec, 2004."},{"key":"5_CR3","doi-asserted-by":"crossref","unstructured":"Clark D, Wilson D R, A Comparison of Commercial and Military Computer Security Policies. IEEE Symposium on Security and Privacy, 1987.","DOI":"10.1109\/SP.1987.10001"},{"key":"5_CR4","unstructured":"Costa P C G, Laskey K B, Revankar M, Mirza S, Alghamdi G, Barbara D, Shackelford T, Wright E J, DTB Project: A Behavioral Model for Detecting insider Threats. International Conference on Intelligence Analysis. McLean, VA, 2005."},{"key":"5_CR5","doi-asserted-by":"crossref","unstructured":"Coull S, Branch J, Szymanski B, Breimer E, Intrusion Detection: A Bioinformatics Approach. Proceedings of the 19th Annual Computer Security Applications Conference, 2003.","DOI":"10.1109\/CSAC.2003.1254307"},{"key":"5_CR6","unstructured":"Dash S K, Rawat S, Vijaya Kumari G, Pujari A K, Masquarade Detection Using IA Network. Computer Security Applications Conference, 2005."},{"key":"5_CR7","unstructured":"Davison B D, Hirsh H, Predicting Sequences of User Actions. AAAI-98\/ICML-98 Workshop :5-12, 1998."},{"key":"5_CR8","unstructured":"DuMouchel W, Computer Intrusion Detection Based on Bayes Factors for Comparing Command Transition Probabilities. Technical Report TR91: National Institute of Statistical Sciences, 1999."},{"key":"5_CR9","doi-asserted-by":"crossref","unstructured":"Forrest S, Hofmeyer S A, Somayaji A, Longstaff T A, A Sense of Self for Unix Processes. IEEE Symposium on Research in Security and Privacy :120-128, 1996.","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"5_CR10","unstructured":"Ghosh A K, Schwartzbard A, Schatz M, Learning Program Behavior Profiles for Intrusion Detection. USENIX Workshop on Intrusion Detection and Network Monitoring, 1999."},{"key":"5_CR11","unstructured":"Goldring T, User Profiling for Intrusion Detection in Windows NT. 35th Symposium on the Interface, 2003."},{"key":"5_CR12","unstructured":"Gordon L A, Loeb M P, Lucyshyn W, Richardson R, CSI\/FBI Computer Crime and Security Survey, 2006."},{"key":"5_CR13","unstructured":"Jha S, Kruger L, Kurtz T, Lee Y, Smith A, A Filtering Approach To Anomaly and Masquerade Detection, 2004. http:\/\/www.people.fas.harvard.edu\/\u223c lee48\/research\/IDS.pdf"},{"key":"5_CR14","unstructured":"Jones A K, Sielken R S, Computer System Intrusion Detection: A Survey, University of Virginia, Computer Science Technical Report, 2000."},{"key":"5_CR15","unstructured":"Ju W-H, Vardi Y, A Hybrid High-Order Markov Chain Model For Computer Intrusion Detection, Technical Report Number 92, National Institute of Statistical Sciences, 1999."},{"key":"5_CR16","unstructured":"Killourhy K, Maxion R, Investigating a Possible Flaw in a Masquerade Detection System, Technical Reports of the University Newcastle University, Number 869, 2004."},{"key":"5_CR17","unstructured":"Kim H S, Cho S, Lee Y, Cha S, Use of Support Vector Machine (SVM) In Detecting Anomalous Web Usage Patterns, Symposium on Information and Communications Technology, 2004."},{"key":"5_CR18","unstructured":"Lane T, Brodley C, Sequence Matching and Learning in Anomaly Detection for Computer Security. AAAI-97 Workshop on AI Approaches to Fraud Detection and Risk Management :43-49, 1997"},{"key":"5_CR19","unstructured":"Laskey K, Alghamdi G, Wang X, Barabara D, Shackelford T, Wright E, Fitgerald J, Detecting Threatening Behavior Using Bayesian Networks, Proceedings of the Conference on Behavioral Representation in Modeling and Simulation, 2004."},{"key":"5_CR20","unstructured":"Li L, Manikopoulos C N, Windows NT one-class masquerade detection. Information Assurance Workshop, Proceedings from the Fifth Annual IEEE SMC :82-87, 2004."},{"key":"5_CR21","unstructured":"Maloof M, Stephens G D, ELICIT: A System for Detecting Insiders Who Violate Need-toknow. Recent Advances in Intrusion Detection (RAID), 2007."},{"key":"5_CR22","doi-asserted-by":"crossref","unstructured":"Maxion R A, Townsend T N, Masquerade Detection Using Truncated Command Lines. International Conference on Dependable Systems and Networks :219-228, 2002.","DOI":"10.1109\/DSN.2002.1028903"},{"key":"5_CR23","doi-asserted-by":"crossref","unstructured":"Maxion R A, Masquerade Detection Using Enriched Command Lines. International Conference on Dependable Systems & Networks, 2003.","DOI":"10.1109\/DSN.2003.1209911"},{"key":"5_CR24","doi-asserted-by":"crossref","unstructured":"Maxion R A, Townsend T N, Masquerade Detection Augmented with Error Analysis. IEEE Transactions on Reliability 53, 2004.","DOI":"10.1109\/TR.2004.824828"},{"key":"5_CR25","unstructured":"Maybury M, Chase P, Cheikes B, Brackney D, Matzner S, Hetheringston T, Wood, B, Sibley C, Martin J, Longstaff T, Spitzner L, Haile J, Copeland J, Lewandowski S, Analysis and Detection of Malicious Insiders, International Conference on Intelligence Analysis, 2005."},{"key":"5_CR26","doi-asserted-by":"crossref","unstructured":"Nguyen N T, Reiher P L, Kuenning G, Detecting Insider Threats by Monitoring System Call Activity. IEEE Workshop on Information Assurance :45-52, 2003.","DOI":"10.1109\/SMCSIA.2003.1232400"},{"key":"5_CR27","unstructured":"Oka M, Oyama Y, Kato K, Eigen Co-occurrence Matrix Method for Masquerade Detection, 2004 http:\/\/spa.jssst.or.jp\/2004\/pub\/papers\/04016.pdf."},{"key":"5_CR28","doi-asserted-by":"crossref","unstructured":"Oka M, Oyama Y, Abe H, Kato K, Anomaly Detection Using Layered Networks Based on Eigen Co-occurrence Matrix, RAID 2004, 223-237.","DOI":"10.1007\/978-3-540-30143-1_12"},{"key":"5_CR29","unstructured":"Phyo A H, Furnell S M, A Detection-Oriented Classification of Insider IT Misuse. Proceedings of the 3rd Security Conference, 2004."},{"issue":"7","key":"5_CR30","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1109\/MSPEC.2007.376605","volume":"44","author":"V Prevelakis","year":"2007","unstructured":"Prevelakis V, Spinellis D, The Athens Affair. IEEE Spectrum, 44:7:26-33, 2007.","journal-title":"IEEE Spectrum"},{"key":"5_CR31","unstructured":"Randazzo M R, Keeney M, Kowalski E, Cappelli D, Moore A, Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector, 2004."},{"issue":"1","key":"5_CR32","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1214\/ss\/998929476","volume":"16","author":"M Schonlau","year":"2001","unstructured":"Schonlau M, DuMouchel W, Ju W-H, Karr A F, Theus M, Vardi Y, Computer Intrusion: Detecting Masquerades. Statistical Science 16:1:58-74, 2001.","journal-title":"Statistical Science"},{"key":"5_CR33","doi-asserted-by":"crossref","unstructured":"Seo J, Cha S, Masquerade Detection based on SVM and sequence-based user commands profile. ACM Symposium On Information, Computer And Communications Security. :398- 400, 2007.","DOI":"10.1145\/1229285.1229340"},{"key":"5_CR34","doi-asserted-by":"crossref","unstructured":"Shavlik J, Shavlik M, Selection, Combination, and Evaluation of Effective Software Sensors for Detecting Abnormal Computer Usage, Pentagon Reports, 2004.","DOI":"10.1145\/1014052.1014084"},{"key":"5_CR35","doi-asserted-by":"publisher","first-page":"526","DOI":"10.1016\/S0167-4048(02)01009-X","volume":"21","author":"E E Schultz","year":"2002","unstructured":"Schultz E E, A Framework For Understanding And Predicting Insider Attacks. Journal of Computers and Security 21:526-531, 2002.","journal-title":"Journal of Computers and Security"},{"key":"5_CR36","doi-asserted-by":"crossref","unstructured":"Spitzner L, Honeypots: Catching the Insider Threat. Computer Security Applications Conference, 2003.","DOI":"10.1109\/CSAC.2003.1254322"},{"key":"5_CR37","first-page":"4","volume":"13","author":"S Stolfo","year":"2005","unstructured":"Stolfo S, Apap F, Eskin E, Heller K, Hershkop S, Honig A, Svore K, A Comparative Evaluation of Two Algorithms for Windows Registry Anomaly Detection. Journal of Compauter Security 13:4, 2005.","journal-title":"Journal of Compauter Security"},{"key":"5_CR38","doi-asserted-by":"crossref","unstructured":"Szymanski B K, Zhang Y, Recursive Data Mining for Masquerade Detection and Author Identification. Information Assurance Workshop :424-431,2004.","DOI":"10.1109\/IAW.2004.1437848"},{"key":"5_CR39","unstructured":"Tan K, Maxion R A, \u201cWhy 6\u201d Defining the Operational Limits of stide, and Anomaly-Based Intrusion Detector. IEEE Symposium on Security and Privacy, 2002."},{"key":"5_CR40","unstructured":"Tuglular T, Spafford E H, A Framework for Characterization of Insider Computer Misuse. Unpublished paper, Purdue University, 1997."},{"key":"5_CR41","unstructured":"Wang K, Stolfo S., One-class Training for Masquerade Detection. ICDM Workshop on Data Mining for Computer Security (DMSEC), 2003"},{"issue":"4","key":"5_CR42","doi-asserted-by":"publisher","first-page":"266","DOI":"10.1109\/3468.935043","volume":"31","author":"N Ye","year":"2001","unstructured":"Ye N, Li X, Chen Q, Emran S M, Xu M, Probabilistic Techniques for Intrusion Detection Based on Computer Audit Data. Systems, Man and Cybernetics, Part A 31:4:266-274, 2001.","journal-title":"Systems, Man and Cybernetics, Part A"},{"key":"5_CR43","doi-asserted-by":"crossref","unstructured":"Yung K H, Using Self-Consistent Na\u00efve-Bayes to Detect Masqueraders, Stanford Electrical Engineering and Computer Science Research Journal, 2004.","DOI":"10.1007\/978-3-540-24775-3_41"}],"container-title":["Advances in Information Security","Insider Attack and Cyber Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-0-387-77322-3_5.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,29]],"date-time":"2021-04-29T04:14:54Z","timestamp":1619669694000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-0-387-77322-3_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9780387773216","9780387773223"],"references-count":43,"URL":"https:\/\/doi.org\/10.1007\/978-0-387-77322-3_5","relation":{},"ISSN":["1568-2633"],"issn-type":[{"value":"1568-2633","type":"print"}],"subject":[]}}