{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,30]],"date-time":"2025-03-30T08:28:43Z","timestamp":1743323323762,"version":"3.40.3"},"publisher-location":"Cham","reference-count":22,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031200953"},{"type":"electronic","value":"9783031200960"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-20096-0_23","type":"book-chapter","created":{"date-parts":[[2023,1,12]],"date-time":"2023-01-12T15:04:11Z","timestamp":1673535851000},"page":"296-310","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["MUEBA: A Multi-model System for\u00a0Insider Threat Detection"],"prefix":"10.1007","author":[{"given":"Jing","family":"Liu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jingci","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Changcun","family":"Du","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dianxin","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2023,1,13]]},"reference":[{"key":"23_CR1","unstructured":"Daniel C., Michael A., Matthew C., Samuel P., George S., Derrick S.: An Insider Threat Indicator Ontology. Technical Report CMU\/SEI-2016-TR-007. Software Engineering Institute, Carnegie Mellon University, Pittsburgh (2016)"},{"key":"23_CR2","unstructured":"CSO, CERT Division of SRI-CMU, and Force Point. 2018 U.S. State of Cybercrime. Technical Report (2018)"},{"key":"23_CR3","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102221","volume":"104","author":"Y Shuhan","year":"2021","unstructured":"Shuhan, Y.: Deep learning for insider threat detection: review, challenges and opportunities. Comput. Secur. 104, 102221 (2021). https:\/\/doi.org\/10.1016\/j.cose.2021.102221","journal-title":"Comput. Secur."},{"key":"23_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-78612-0","volume-title":"Artificial Intelligence and Security","year":"2021","unstructured":"Sun, X., Zhang, X., Xia, Z., Bertino, E. (eds.): ICAIS 2021. LNCS, vol. 12737. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-78612-0"},{"key":"23_CR5","doi-asserted-by":"publisher","unstructured":"Lavanya, P., Shankar Sriram, V.S.: Detection of insider threats using deep learning: a review. In: Nayak, J., Behera, H., Naik, B., Vimal, S., Pelusi, D. (eds.) Computational Intelligence in Data Mining. Smart Innovation, Systems and Technologies, Vol 281. Springer, Singapore (2022). https:\/\/doi.org\/10.1007\/978-981-16-9447-9_4","DOI":"10.1007\/978-981-16-9447-9_4"},{"key":"23_CR6","unstructured":"Gorka S., Avivah L., Toby B., Tricia P.: Market guide for user and entity behavior analytics, Gartner inc. (2018)"},{"issue":"19","key":"23_CR7","doi-asserted-by":"publisher","first-page":"4018","DOI":"10.3390\/app9194018","volume":"9","author":"J Kim","year":"2019","unstructured":"Kim, J., Park, M., Kim, H., Cho, S., Kang, P.: Insider threat detection based on user behavior modeling and anomaly detection algorithms. Appl. Sci. 9(19), 4018 (2019). https:\/\/doi.org\/10.3390\/app9194018","journal-title":"Appl. Sci."},{"key":"23_CR8","doi-asserted-by":"publisher","unstructured":"Emmanuel Cand\u00c3$$\\acute{\\text{l}}$$s, J., Li, X., Ma, Y., John W.: Robust principal component analysis? J. ACM 58(3), 37 (2011). https:\/\/doi.org\/10.1145\/1970392.1970395","DOI":"10.1145\/1970392.1970395"},{"key":"23_CR9","doi-asserted-by":"publisher","unstructured":"Heller, K., Svore, K., Keromytis, A., Stolfo S.: One class support vector machines for detecting anomalous windows registry accesses. In: ICDM Workshop on Data Mining for Computer Security, Melbourne, FL, (2003). https:\/\/doi.org\/10.7916\/D84B39Q0","DOI":"10.7916\/D84B39Q0"},{"key":"23_CR10","doi-asserted-by":"publisher","unstructured":"Fei, T.L., Kai, M.T., Zhihua, Z.: Isolation Forest. In: Eighth IEEE International Conference Data Mining, vol. 2008, pp. 413\u2013422 (2008). https:\/\/doi.org\/10.1109\/ICDM.2008.17","DOI":"10.1109\/ICDM.2008.17"},{"key":"23_CR11","doi-asserted-by":"publisher","unstructured":"Breunig, M.M., Kriegel, H.P., Ng, R.T., Sander, J.: 2000. LOF: identifying density-based local outliers. In: Proceedings of the 2000 ACM SIGMOD International Conference on Management of Data. Association for Computing Machinery, New York, NY, USA, pp. 93\u2013104. https:\/\/doi.org\/10.1145\/335191.335388","DOI":"10.1145\/335191.335388"},{"key":"23_CR12","doi-asserted-by":"publisher","unstructured":"Madhu, S., Minyi, S., Jisheng, W.: User and entity behavior analytics for enterprise security. In: IEEE International Conference on Big Data (Big Data), pp. 1867\u20131874 (2016). https:\/\/doi.org\/10.1109\/BigData.2016.7840805","DOI":"10.1109\/BigData.2016.7840805"},{"key":"23_CR13","doi-asserted-by":"publisher","unstructured":"Haidar, D., Gaber, M. M.: Adaptive one-class ensemble-based anomaly detection: an application to insider threats. In: 2018 International Joint Conference on Neural Networks (IJCNN), pp. 1\u20139 (2018). https:\/\/doi.org\/10.1109\/IJCNN.2018.8489107","DOI":"10.1109\/IJCNN.2018.8489107"},{"key":"23_CR14","doi-asserted-by":"publisher","unstructured":"Yilin, W., Yun, Z., Cheng, Z., Xianqiang, Z., Weiming, Z.: Abnormal behavior analysis in office automation system within organizations. Int. J. Comput. Commun. Eng. 6, 212\u2013220 (2017). https:\/\/doi.org\/10.17706\/IJCCE.2017.6.3.212-220","DOI":"10.17706\/IJCCE.2017.6.3.212-220"},{"key":"23_CR15","unstructured":"Pankaj, M., Lovekesh, V., Gautam, S., Puneet A.: Long short term memory networks for anomaly detection in time series. In: ESANN (2015)"},{"key":"23_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"141","DOI":"10.1007\/978-3-319-48057-2_9","volume-title":"Future Data and Security Engineering","author":"L Bontemps","year":"2016","unstructured":"Bontemps, L., Cao, V.L., McDermott, J., Le-Khac, N.-A.: Collective anomaly detection based on long short-term memory recurrent neural networks. In: Dang, T.K., Wagner, R., K\u00fcng, J., Thoai, N., Takizawa, M., Neuhold, E. (eds.) FDSE 2016. LNCS, vol. 10018, pp. 141\u2013152. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-48057-2_9"},{"key":"23_CR17","doi-asserted-by":"publisher","unstructured":"Sharma, B., Pokharel, P., Joshi, B.: User behavior analytics for anomaly detection using LSTM autoencoder - Insider Threat Detection. In: Porkaew, K., Chignell, M.H., Fong, S., Watanapa, B. (eds.) IAIT, pp. 5:1\u20135:9. ACM. https:\/\/doi.org\/10.1145\/3406601.3406610","DOI":"10.1145\/3406601.3406610"},{"issue":"11\u201312","key":"23_CR18","doi-asserted-by":"publisher","first-page":"1637","DOI":"10.1142\/S0218194018400211","volume":"28","author":"X Xiangyu","year":"2018","unstructured":"Xiangyu, X., et al.: An ensemble approach for detecting anomalous user behaviors. Int. J. Softw. Eng. Knowl. Eng. 28(11\u201312), 1637\u20131656 (2018). https:\/\/doi.org\/10.1142\/S0218194018400211","journal-title":"Int. J. Softw. Eng. Knowl. Eng."},{"key":"23_CR19","doi-asserted-by":"publisher","unstructured":"Sun, D., Liu, M., Li, M., Shi, Z., Liu, P., Wang, X.: DeepMIT: a novel malicious insider threat detection framework based on recurrent neural network. In: 2021 IEEE 24th International Conference on Computer Supported Cooperative Work in Design (CSCWD), pp. 335\u2013341 (2021). https:\/\/doi.org\/10.1109\/CSCWD49262.2021.9437887","DOI":"10.1109\/CSCWD49262.2021.9437887"},{"key":"23_CR20","doi-asserted-by":"publisher","unstructured":"Brown, A., Tuor, A., Hutchinson, B., Nichols, N.: Recurrent neural network attention mechanisms for interpretable system log anomaly detection. CoRR, abs\/1803.04967 (2018). https:\/\/doi.org\/10.1145\/3217871.3217872","DOI":"10.1145\/3217871.3217872"},{"issue":"1","key":"23_CR21","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s40537-021-00541-8","volume":"8","author":"I Benchaji","year":"2021","unstructured":"Benchaji, I., Douzi, S., El Ouahidi, B., Jaafari, J.: Enhanced credit card fraud detection based on attention mechanism and LSTM deep model. J. Big Data 8(1), 1\u201321 (2021). https:\/\/doi.org\/10.1186\/s40537-021-00541-8","journal-title":"J. Big Data"},{"issue":"4","key":"23_CR22","doi-asserted-by":"publisher","first-page":"3223","DOI":"10.1007\/s11227-020-03391-y","volume":"77","author":"L Xia","year":"2020","unstructured":"Xia, L., Li, Z.: A new method of abnormal behavior detection using LSTM network with temporal attention mechanism. J. Supercomput. 77(4), 3223\u20133241 (2020). https:\/\/doi.org\/10.1007\/s11227-020-03391-y","journal-title":"J. Supercomput."}],"container-title":["Lecture Notes in Computer Science","Machine Learning for Cyber Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-20096-0_23","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,1,12]],"date-time":"2023-01-12T15:09:48Z","timestamp":1673536188000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-20096-0_23"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031200953","9783031200960"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-20096-0_23","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"13 January 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ML4CS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Machine Learning for Cyber Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Guangzhou","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2 December 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 December 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ml4cs2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/nsclab.org\/ml4cs2022\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}