{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,16]],"date-time":"2025-06-16T22:28:04Z","timestamp":1750112884735,"version":"3.40.3"},"publisher-location":"Cham","reference-count":27,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030154646"},{"type":"electronic","value":"9783030154653"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-15465-3_7","type":"book-chapter","created":{"date-parts":[[2019,3,30]],"date-time":"2019-03-30T04:02:37Z","timestamp":1553918557000},"page":"111-129","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["A State Machine System for Insider Threat Detection"],"prefix":"10.1007","author":[{"given":"Haozhe","family":"Zhang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ioannis","family":"Agrafiotis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Arnau","family":"Erola","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sadie","family":"Creese","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael","family":"Goldsmith","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,3,31]]},"reference":[{"issue":"1","key":"7_CR1","first-page":"26","volume":"8","author":"I Agrafiotis","year":"2017","unstructured":"Agrafiotis, I., Erola, A., Goldsmith, M., Creese, S.: Formalising policies for insider-threat detection: a tripwire grammar. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. (JoWUA) 8(1), 26\u201343 (2017)","journal-title":"J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. (JoWUA)"},{"key":"7_CR2","doi-asserted-by":"crossref","unstructured":"Agrafiotis, I., Erola, A., Happa, J., Goldsmith, M., Creese, S.: Validating an insider threat detection system: a real scenario perspective. In: 2016 IEEE Security and Privacy Workshops (SPW), pp. 286\u2013295. IEEE (2016)","DOI":"10.1109\/SPW.2016.36"},{"issue":"7","key":"7_CR3","doi-asserted-by":"publisher","first-page":"9","DOI":"10.1016\/S1361-3723(15)30066-X","volume":"2015","author":"I Agrafiotis","year":"2015","unstructured":"Agrafiotis, I., Nurse, J.R., Buckley, O., Legg, P., Creese, S., Goldsmith, M.: Identifying attack patterns for insider threat detection. Comput. Fraud Secur. 2015(7), 9\u201317 (2015)","journal-title":"Comput. Fraud Secur."},{"issue":"2","key":"7_CR4","doi-asserted-by":"publisher","first-page":"174","DOI":"10.1109\/78.978374","volume":"50","author":"MS Arulampalam","year":"2002","unstructured":"Arulampalam, M.S., Maskell, S., Gordon, N., Clapp, T.: A tutorial on particle filters for online nonlinear\/non-Gaussian Bayesian tracking. IEEE Trans. Sig. Process. 50(2), 174\u2013188 (2002)","journal-title":"IEEE Trans. Sig. Process."},{"key":"7_CR5","doi-asserted-by":"crossref","unstructured":"Bishop, M., et al.: Insider threat identification by process analysis. In: 2014 IEEE Security and Privacy Workshops (SPW), pp. 251\u2013264. IEEE (2014)","DOI":"10.1109\/SPW.2014.40"},{"key":"7_CR6","first-page":"701","volume":"492","author":"M Bostock","year":"2012","unstructured":"Bostock, M.: D3.js. Data Driven Doc. 492, 701 (2012)","journal-title":"Data Driven Doc."},{"key":"7_CR7","doi-asserted-by":"crossref","unstructured":"Brdiczka, O., et al.: Proactive insider threat detection through graph learning and psychological context. In: 2012 IEEE Symposium on Security and Privacy Workshops (SPW), pp. 142\u2013149. IEEE (2012)","DOI":"10.1109\/SPW.2012.29"},{"key":"7_CR8","unstructured":"Gemalto\u2019s Breach Level Index: Data breach database and risk assessment calculator (2016). \n                    http:\/\/www.breachlevelindex.com\/"},{"key":"7_CR9","unstructured":"Buford, J.F., Lewis, L., Jakobson, G.: Insider threat detection using situation-aware MAS. In: 2008 11th International Conference on Information Fusion, pp. 1\u20138. IEEE (2008)"},{"key":"7_CR10","volume-title":"The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)","author":"DM Cappelli","year":"2012","unstructured":"Cappelli, D.M., Moore, A.P., Trzeciak, R.F.: The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud). Addison-Wesley, Boston (2012)"},{"key":"7_CR11","doi-asserted-by":"crossref","unstructured":"Chen, Y., Malin, B.: Detection of anomalous insiders in collaborative environments via relational analysis of access logs. In: Proceedings of the First ACM Conference on Data and Application Security and Privacy, pp. 63\u201374. ACM (2011)","DOI":"10.1145\/1943513.1943524"},{"issue":"1","key":"7_CR12","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1080\/19361610.2011.529413","volume":"6","author":"W Eberle","year":"2010","unstructured":"Eberle, W., Graves, J., Holder, L.: Insider threat detection using a graph-based approach. J. Appl. Secur. Res. 6(1), 32\u201381 (2010)","journal-title":"J. Appl. Secur. Res."},{"key":"7_CR13","volume-title":"React.js Essentials","author":"A Fedosejev","year":"2015","unstructured":"Fedosejev, A.: React.js Essentials. Packt Publishing Ltd., Birmingham (2015)"},{"key":"7_CR14","unstructured":"Health Professions Education Unit United Kingdom: Ponemon cyber crime report: it, computer and internet security (2015). \n                    http:\/\/www8.hp.com\/uk\/en\/software-solutions\/ponemon-cyber-security-report\/"},{"issue":"1","key":"7_CR15","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1016\/S0167-4048(02)00109-8","volume":"21","author":"G Magklaras","year":"2001","unstructured":"Magklaras, G., Furnell, S.: Insider threat prediction tool: evaluating the probability of IT misuse. Comput. Secur. 21(1), 62\u201373 (2001)","journal-title":"Comput. Secur."},{"key":"7_CR16","doi-asserted-by":"crossref","unstructured":"Moore, A.P., Cappelli, D., Caron, T.C., Shaw, E.D., Spooner, D., Trzeciak, R.F.: A preliminary model of insider theft of intellectual property (2011)","DOI":"10.21236\/ADA589594"},{"key":"7_CR17","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/978-0-387-77322-3_3","volume-title":"Insider Attack and Cyber Security","author":"AP Moore","year":"2008","unstructured":"Moore, A.P., Cappelli, D.M., Trzeciak, R.F.: The \u201cBig Picture\u201d of insider IT sabotage across U.S. critical infrastructures. In: Stolfo, S.J., Bellovin, S.M., Keromytis, A.D., Hershkop, S., Smith, S.W., Sinclair, S. (eds.) Insider Attack and Cyber Security, pp. 17\u201352. Springer, Heidelberg (2008). \n                    https:\/\/doi.org\/10.1007\/978-0-387-77322-3_3"},{"key":"7_CR18","doi-asserted-by":"crossref","unstructured":"Myers, J., Grimaila, M.R., Mills, R.F.: Towards insider threat detection using web server logs. In: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, p. 54. ACM (2009)","DOI":"10.1145\/1558607.1558670"},{"key":"7_CR19","doi-asserted-by":"crossref","unstructured":"Nurse, J.R., et al.: Understanding insider threat: a framework for characterising attacks. In: 2014 IEEE Security and Privacy Workshops (SPW), pp. 214\u2013228. IEEE (2014)","DOI":"10.1109\/SPW.2014.38"},{"key":"7_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"270","DOI":"10.1007\/978-3-319-07620-1_24","volume-title":"Human Aspects of Information Security, Privacy, and Trust","author":"JRC Nurse","year":"2014","unstructured":"Nurse, J.R.C., et al.: A critical reflection on the threat from human insiders \u2013 its nature, industry perceptions, and detection approaches. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 270\u2013281. Springer, Cham (2014). \n                    https:\/\/doi.org\/10.1007\/978-3-319-07620-1_24"},{"key":"7_CR21","doi-asserted-by":"crossref","unstructured":"Parveen, P., Thuraisingham, B.: Unsupervised incremental sequence learning for insider threat detection. In: 2012 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 141\u2013143. IEEE (2012)","DOI":"10.1109\/ISI.2012.6284271"},{"key":"7_CR22","doi-asserted-by":"crossref","unstructured":"Rashid, T., Agrafiotis, I., Nurse, J.R.: A new take on detecting insider threats: exploring the use of hidden Markov models. In: Proceedings of the 2016 International Workshop on Managing Insider Security Threats, pp. 47\u201356. ACM (2016)","DOI":"10.1145\/2995959.2995964"},{"key":"7_CR23","unstructured":"ISACA and RSA Conference: State of Cybersecurity: implications for 2015 (2015). \n                    http:\/\/www.isaca.org\/cyber\/Documents\/State-of-Cybersecurity_Res_Eng_0415.pdf"},{"issue":"3","key":"7_CR24","doi-asserted-by":"publisher","first-page":"112","DOI":"10.1016\/j.istr.2010.11.002","volume":"15","author":"KR Sarkar","year":"2010","unstructured":"Sarkar, K.R.: Assessing insider threats to information security using technical, behavioural and organisational measures. Inf. Secur. Tech. Rep. 15(3), 112\u2013133 (2010)","journal-title":"Inf. Secur. Tech. Rep."},{"issue":"6","key":"7_CR25","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1109\/MIC.2010.145","volume":"14","author":"S Tilkov","year":"2010","unstructured":"Tilkov, S., Vinoski, S.: Node.js: using Javascript to build high-performance network programs. IEEE Internet Comput. 14(6), 80\u201383 (2010)","journal-title":"IEEE Internet Comput."},{"issue":"9","key":"7_CR26","first-page":"94","volume":"92","author":"DM Upton","year":"2014","unstructured":"Upton, D.M., Creese, S.: The danger from within. Harv. Bus. Rev. 92(9), 94\u2013101 (2014)","journal-title":"Harv. Bus. Rev."},{"key":"7_CR27","doi-asserted-by":"publisher","unstructured":"Young, W.T., Memory, A., Goldberg, H.G., Senator, T.E.: Detecting unknown insider threat scenarios. In: 2014 IEEE Security and Privacy Workshops, pp. 277\u2013288, May 2014. \n                    https:\/\/doi.org\/10.1109\/SPW.2014.42","DOI":"10.1109\/SPW.2014.42"}],"container-title":["Lecture Notes in Computer Science","Graphical Models for Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-15465-3_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,20]],"date-time":"2019-05-20T08:35:16Z","timestamp":1558341316000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-15465-3_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030154646","9783030154653"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-15465-3_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"31 March 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"GraMSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Workshop on Graphical Models for Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Oxford","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Kingdom","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 July 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 July 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"gramsec2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.gramsec.uni.lu\/2018\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}