{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T17:28:51Z","timestamp":1770226131048,"version":"3.49.0"},"publisher-location":"Cham","reference-count":20,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030781194","type":"print"},{"value":"9783030781200","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-78120-0_24","type":"book-chapter","created":{"date-parts":[[2021,6,17]],"date-time":"2021-06-17T05:02:49Z","timestamp":1623906169000},"page":"367-381","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Anomaly Detection for Insider Threats: An Objective Comparison of Machine Learning Models and Ensembles"],"prefix":"10.1007","author":[{"given":"Filip Wieslaw","family":"Bartoszewski","sequence":"first","affiliation":[]},{"given":"Mike","family":"Just","sequence":"additional","affiliation":[]},{"given":"Michael A.","family":"Lones","sequence":"additional","affiliation":[]},{"given":"Oleksii","family":"Mandrychenko","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,6,15]]},"reference":[{"issue":"7","key":"24_CR1","doi-asserted-by":"publisher","first-page":"9","DOI":"10.1016\/S1361-3723(15)30066-X","volume":"2015","author":"I Agrafiotis","year":"2015","unstructured":"Agrafiotis, I., Nurse, J.R., et al.: Identifying attack patterns for insider threat detection. Comput. Fraud Secur. 2015(7), 9\u201317 (2015)","journal-title":"Comput. Fraud Secur."},{"key":"24_CR2","volume-title":"The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes","author":"D Cappelli","year":"2012","unstructured":"Cappelli, D., Moore, A., Trzeciak, R.: The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes. Addison-Wesley Professional, Boston (2012)"},{"key":"24_CR3","doi-asserted-by":"crossref","unstructured":"Dahmane, M., Foucher, S.: Combating insider threats by user profiling from activity logging data. In: ICDIS, pp. 194\u2013199 (2018)","DOI":"10.1109\/ICDIS.2018.00039"},{"key":"24_CR4","unstructured":"Emmott, A., Das, S., Dietterich, T., Fern, A., Wong, W.K.: A meta-analysis of the anomaly detection problem, March 2015. https:\/\/arxiv.org\/abs\/1503.01158"},{"key":"24_CR5","doi-asserted-by":"crossref","unstructured":"Glasser, J., Lindauer, B.: Bridging the gap: a pragmatic approach to generating insider threat data. In: Proceedings - IEEE CS Security and Privacy (2013)","DOI":"10.1109\/SPW.2013.37"},{"key":"24_CR6","doi-asserted-by":"crossref","unstructured":"Haidar, D., Gaber, M.M.: Adaptive one-class ensemble-based anomaly detection: an application to insider threats. In: 2018 International Joint Conference on Neural Networks (IJCNN), pp. 1\u20139 (2018)","DOI":"10.1109\/IJCNN.2018.8489107"},{"key":"24_CR7","doi-asserted-by":"crossref","unstructured":"IBM: Cost of Insider Threats\u2014ObserveIT (2020). https:\/\/www.observeit.com\/cost-of-insider-threats\/","DOI":"10.1016\/S1353-4858(20)30017-9"},{"issue":"19","key":"24_CR8","doi-asserted-by":"publisher","first-page":"4018","DOI":"10.3390\/app9194018","volume":"9","author":"J Kim","year":"2019","unstructured":"Kim, J., Park, M., Kim, H., Cho, S., Kang, P.: Insider threat detection based on user behavior modeling and anomaly detection algorithms. Appl. Sci. (Switz.) 9(19), 4018 (2019)","journal-title":"Appl. Sci. (Switz.)"},{"key":"24_CR9","doi-asserted-by":"crossref","unstructured":"Le, D.C., Zincir-Heywood, A.N.: Evaluating insider threat detection workflow using supervised and unsupervised learning. In: 2018 IEEE Security and Privacy Workshops (SPW), pp. 270\u2013275 (2018)","DOI":"10.1109\/SPW.2018.00043"},{"key":"24_CR10","doi-asserted-by":"publisher","unstructured":"Le, D.C., Zincir-Heywood, N.: Exploring anomalous behaviour detection and classification for insider threat identification. Int. J. Netw. Manag. (July 2019), 1\u201319 (2020). https:\/\/doi.org\/10.1002\/nem.2109","DOI":"10.1002\/nem.2109"},{"issue":"2","key":"24_CR11","doi-asserted-by":"publisher","first-page":"503","DOI":"10.1109\/JSYST.2015.2438442","volume":"11","author":"PA Legg","year":"2017","unstructured":"Legg, P.A., Buckley, O., Goldsmith, M., Creese, S.: Automated insider threat detection system using user and role-based profile assessment. IEEE Syst. J. 11(2), 503\u2013512 (2017)","journal-title":"IEEE Syst. J."},{"key":"24_CR12","doi-asserted-by":"publisher","unstructured":"Lo, O., Buchanan, W.J., Griffiths, P., Macfarlane, R.: Distance measurement methods for improved insider threat detection. Secur. Commun. Netw. 2018(January) (2018). https:\/\/doi.org\/10.1155\/2018\/5906368","DOI":"10.1155\/2018\/5906368"},{"key":"24_CR13","doi-asserted-by":"crossref","unstructured":"Parveen, P., Weger, Z.R., Thuraisingham, B., Hamlen, K., Khan, L.: Supervised learning for insider threat detection using stream mining. In: 2011 IEEE 23rd International Conference on Tools with Artificial Intelligence, pp. 1032\u20131039 (2011)","DOI":"10.1109\/ICTAI.2011.176"},{"key":"24_CR14","doi-asserted-by":"crossref","unstructured":"Rashid, T., Agrafiotis, I., Nurse, J.R.: A New Take on Detecting Insider Threats, pp. 47\u201356 (2016)","DOI":"10.1145\/2995959.2995964"},{"key":"24_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1007\/978-3-319-74860-3_6","volume-title":"Graphical Models for Security","author":"B Ruttenberg","year":"2018","unstructured":"Ruttenberg, B., et al.: Probabilistic modeling of insider threat detection systems. In: Liu, P., Mauw, S., St\u00f8len, K. (eds.) GraMSec 2017. LNCS, vol. 10744, pp. 91\u201398. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-74860-3_6"},{"key":"24_CR16","unstructured":"Tuor, A., Kaplan, S., Hutchinson, B., Nichols, N., Robinson, S.: Deep learning for unsupervised insider threat detection in structured cybersecurity data streams, October 2017. http:\/\/arxiv.org\/abs\/1710.00811"},{"issue":"1","key":"24_CR17","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1145\/2786984.2786995","volume":"19","author":"G Varoquaux","year":"2015","unstructured":"Varoquaux, G., Buitinck, L., Louppe, G., et al.: Scikit-learn: machine learning in Python. GetMobile: Mobile Comput. Commun. 19(1), 29\u201333 (2015)","journal-title":"GetMobile: Mobile Comput. Commun."},{"key":"24_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1007\/978-3-319-93698-7_4","volume-title":"Computational Science \u2013 ICCS 2018","author":"F Yuan","year":"2018","unstructured":"Yuan, F., Cao, Y., Shang, Y., Liu, Y., Tan, J., Fang, B.: Insider threat detection with deep neural network. In: Shi, Y., et al. (eds.) ICCS 2018. LNCS, vol. 10860, pp. 43\u201354. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-93698-7_4"},{"key":"24_CR19","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"192","DOI":"10.1007\/978-981-15-0871-4_15","volume-title":"Applications and Techniques in Information Security","author":"F Yuan","year":"2019","unstructured":"Yuan, F., Shang, Y., Liu, Y., Cao, Y., Tan, J.: Attention-based LSTM for insider threat detection. In: Shankar Sriram, V.S., Subramaniyaswamy, V., Sasikaladevi, N., Zhang, L., Batten, L., Li, G. (eds.) ATIS 2019. CCIS, vol. 1116, pp. 192\u2013201. Springer, Singapore (2019). https:\/\/doi.org\/10.1007\/978-981-15-0871-4_15"},{"key":"24_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1007\/978-3-030-15465-3_7","volume-title":"Graphical Models for Security","author":"H Zhang","year":"2019","unstructured":"Zhang, H., Agrafiotis, I., Erola, A., Creese, S., Goldsmith, M.: A state machine system for insider threat detection. In: Cybenko, G., Pym, D., Fila, B. (eds.) GraMSec 2018. LNCS, vol. 11086, pp. 111\u2013129. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-15465-3_7"}],"container-title":["IFIP Advances in Information and Communication Technology","ICT Systems Security and Privacy Protection"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-78120-0_24","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,16]],"date-time":"2025-06-16T22:02:34Z","timestamp":1750111354000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-78120-0_24"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030781194","9783030781200"],"references-count":20,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-78120-0_24","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"value":"1868-4238","type":"print"},{"value":"1868-422X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"15 June 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on ICT Systems Security and Privacy Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Oslo","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Norway","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 June 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 June 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"36","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sec2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.ifipsec.org\/2021\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"112","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"28","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"25% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}