{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,4]],"date-time":"2026-03-04T16:17:02Z","timestamp":1772641022658,"version":"3.50.1"},"publisher-location":"Cham","reference-count":36,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031757631","type":"print"},{"value":"9783031757648","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,10,17]],"date-time":"2024-10-17T00:00:00Z","timestamp":1729123200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,10,17]],"date-time":"2024-10-17T00:00:00Z","timestamp":1729123200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-75764-8_17","type":"book-chapter","created":{"date-parts":[[2024,10,22]],"date-time":"2024-10-22T11:03:12Z","timestamp":1729594992000},"page":"323-340","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Insider Threat Detection Based on\u00a0User and\u00a0Entity Behavior Analysis with\u00a0a\u00a0Hybrid Model"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-7888-5093","authenticated-orcid":false,"given":"Yue","family":"Song","sequence":"first","affiliation":[]},{"given":"Jianting","family":"Yuan","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,10,17]]},"reference":[{"key":"17_CR1","doi-asserted-by":"crossref","unstructured":"Al-Mhiqani, M.N., Ahmed, R., Abidin, Z.Z., Isnin, S.N.: An integrated imbalanced learning and deep neural network model for insider threat detection. Int. J. Adv. Comput. Sci. App. 12(1) (2021)","DOI":"10.14569\/IJACSA.2021.0120166"},{"key":"17_CR2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.103066","volume":"126","author":"M AlSlaiman","year":"2023","unstructured":"AlSlaiman, M., Salman, M.I., Saleh, M.M., Wang, B.: Enhancing false negative and positive rates for efficient insider threat detection. Comput. Secur. 126, 103066 (2023)","journal-title":"Comput. Secur."},{"issue":"3","key":"17_CR3","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/1541880.1541882","volume":"41","author":"V Chandola","year":"2009","unstructured":"Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41(3), 1\u201358 (2009)","journal-title":"ACM Comput. Surv. (CSUR)"},{"issue":"3","key":"17_CR4","doi-asserted-by":"publisher","first-page":"660","DOI":"10.1109\/TCSS.2018.2857473","volume":"5","author":"P Chattopadhyay","year":"2018","unstructured":"Chattopadhyay, P., Wang, L., Tan, Y.-P.: Scenario-based insider threat detection from cyber activities. IEEE Trans. Comput. Soc. Syst. 5(3), 660\u2013675 (2018)","journal-title":"IEEE Trans. Comput. Soc. Syst."},{"key":"17_CR5","doi-asserted-by":"crossref","unstructured":"Choi, H., Lee, H., Lee, H., Kim, H.: Botnet detection by monitoring group activities in DNS traffic. In: 7th IEEE International Conference on Computer and Information Technology (CIT 2007), pp. 715\u2013720. IEEE (2007)","DOI":"10.1109\/CIT.2007.90"},{"key":"17_CR6","unstructured":"Costa, D.: Cert definition of \u2018insider threat\u2019 - updated. Carnegie Mellon University, Software Engineering Institute\u2019s Insights (blog) (2017). https:\/\/insights.sei.cmu.edu\/blog\/cert-definition-of-insider-threat-updated\/"},{"issue":"1","key":"17_CR7","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1080\/19361610.2011.529413","volume":"6","author":"W Eberle","year":"2010","unstructured":"Eberle, W., Graves, J., Holder, L.: Insider threat detection using a graph-based approach. J. Appl. Secur. Res. 6(1), 32\u201381 (2010)","journal-title":"J. Appl. Secur. Res."},{"key":"17_CR8","doi-asserted-by":"crossref","unstructured":"Haidar, D., Gaber, M.M.: Adaptive one-class ensemble-based anomaly detection: an application to insider threats. In: 2018 International Joint Conference on Neural Networks (IJCNN), pp. 1\u20139. IEEE (2018)","DOI":"10.1109\/IJCNN.2018.8489107"},{"key":"17_CR9","doi-asserted-by":"crossref","unstructured":"Hanley, M., Montelibano, J.: Insider threat control: using centralized logging to detect data exfiltration near insider termination. Software Engineering Institute, Carnegie Mellon University, Pittsburgh (2011)","DOI":"10.21236\/ADA610463"},{"key":"17_CR10","doi-asserted-by":"crossref","unstructured":"He, H., Bai, Y., Garcia, E.A., Li, S.: ADASYN: adaptive synthetic sampling approach for imbalanced learning. In: 2008 IEEE International Joint Conference on Neural Networks (IEEE World Congress on Computational Intelligence), pp. 1322\u20131328. IEEE (2008)","DOI":"10.1109\/IJCNN.2008.4633969"},{"key":"17_CR11","doi-asserted-by":"crossref","unstructured":"Huang, W., Zhu, H., Li, C., Lv, Q., Wang, Y., Yang, H.: Itdbert: temporal-semantic representation for insider threat detection. In: 2021 IEEE Symposium on Computers and Communications (ISCC), pp. 1\u20137. IEEE (2021)","DOI":"10.1109\/ISCC53001.2021.9631538"},{"key":"17_CR12","unstructured":"Cybersecurity Insiders. 2023 insider threat report. Technical report, Gurukul (2023). https:\/\/gurucul.com\/2023-insider-threat-report"},{"key":"17_CR13","unstructured":"Kim, A., Oh, J., Ryu, J., Lee, J., Kwon, K., Lee, K.: SoK: a systematic review of insider threat detection. J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl. 10(4), 46\u201367 (2019)"},{"key":"17_CR14","doi-asserted-by":"crossref","unstructured":"Le, D.C., Zincir-Heywood, A.N.: Evaluating insider threat detection workflow using supervised and unsupervised learning. In: 2018 IEEE Security and Privacy Workshops (SPW), pp. 270\u2013275. IEEE (2018)","DOI":"10.1109\/SPW.2018.00043"},{"key":"17_CR15","doi-asserted-by":"publisher","unstructured":"Lindauer, B.: Insider Threat Test Dataset (2020). https:\/\/kilthub.cmu.edu\/articles\/dataset\/Insider_Threat_Test_Dataset\/12841247. https:\/\/doi.org\/10.1184\/R1\/12841247.v1","DOI":"10.1184\/R1\/12841247.v1"},{"key":"17_CR16","doi-asserted-by":"crossref","unstructured":"Liu, F., Wen, Y., Zhang, D., Jiang, X., Xing, X., Meng, D.: Log2vec: a heterogeneous graph embedding based approach for detecting cyber threats within enterprise. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1777\u20131794 (2019)","DOI":"10.1145\/3319535.3363224"},{"key":"17_CR17","doi-asserted-by":"publisher","first-page":"183162","DOI":"10.1109\/ACCESS.2019.2957055","volume":"7","author":"L Liu","year":"2019","unstructured":"Liu, L., Chen, C., Zhang, J., De Vel, O., Xiang, Y.: Insider threat identification using the simultaneous neural learning of multi-source logs. IEEE Access 7, 183162\u2013183176 (2019)","journal-title":"IEEE Access"},{"key":"17_CR18","doi-asserted-by":"crossref","unstructured":"Liu, L., Chen, C., Zhang, J., De Vel, O., Xiang, Y.: Doc2vec-based insider threat detection through behaviour analysis of multi-source security logs. In: 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 301\u2013309. IEEE (2020)","DOI":"10.1109\/TrustCom50675.2020.00050"},{"key":"17_CR19","doi-asserted-by":"crossref","unstructured":"Liu, L., De Vel, O., Chen, C., Zhang, J., Xiang, Y.: Anomaly-based insider threat detection using deep autoencoders. In: 2018 IEEE International Conference on Data Mining Workshops (ICDMW), pp. 39\u201348. IEEE (2018)","DOI":"10.1109\/ICDMW.2018.00014"},{"issue":"2","key":"17_CR20","doi-asserted-by":"publisher","first-page":"1397","DOI":"10.1109\/COMST.2018.2800740","volume":"20","author":"L Liu","year":"2018","unstructured":"Liu, L., De Vel, O., Han, Q.-L., Zhang, J., Xiang, Y.: Detecting and preventing cyber insider threats: a survey. IEEE Commun. Surv. Tutor. 20(2), 1397\u20131417 (2018)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"17_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"333","DOI":"10.1007\/978-3-319-94268-1_28","volume-title":"Wireless Algorithms, Systems, and Applications","author":"B Lv","year":"2018","unstructured":"Lv, B., Wang, D., Wang, Y., Lv, Q., Lu, D.: A hybrid model based on multi-dimensional features for insider threat detection. In: Chellappan, S., Cheng, W., Li, W. (eds.) WASA 2018. LNCS, vol. 10874, pp. 333\u2013344. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-94268-1_28"},{"key":"17_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"146","DOI":"10.1007\/978-3-540-74320-0_8","volume-title":"Recent Advances in Intrusion Detection","author":"MA Maloof","year":"2007","unstructured":"Maloof, M.A., Stephens, G.D.: elicit: a system for detecting insiders who violate need-to-know. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 146\u2013166. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74320-0_8"},{"key":"17_CR23","unstructured":"Mikolov, T., Chen, K., Corrado, G., Dean, J.: Efficient estimation of word representations in vector space. arXiv preprint arXiv:1301.3781 (2013)"},{"key":"17_CR24","doi-asserted-by":"crossref","unstructured":"Nguyen, N., Reiher, P., Kuenning, G.H.: Detecting insider threats by monitoring system call activity. In: IEEE Systems, Man and Cybernetics Society Information Assurance Workshop, pp. 45\u201352. IEEE (2003)","DOI":"10.1109\/SMCSIA.2003.1232400"},{"key":"17_CR25","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2023.119925","volume":"224","author":"P Pal","year":"2023","unstructured":"Pal, P., Chattopadhyay, P., Swarnkar, M.: Temporal feature aggregation with attention for insider threat detection from activity logs. Expert Syst. Appl. 224, 119925 (2023)","journal-title":"Expert Syst. Appl."},{"key":"17_CR26","doi-asserted-by":"crossref","unstructured":"Parveen, P., Evans, J., Thuraisingham, B., Hamlen, K.W., Khan, L.: Insider threat detection using stream mining and graph mining. In: 2011 IEEE Third International Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third International Conference on Social Computing, pp. 1102\u20131110. IEEE (2011)","DOI":"10.1109\/PASSAT\/SocialCom.2011.211"},{"key":"17_CR27","doi-asserted-by":"crossref","unstructured":"Rashid, T., Agrafiotis, I., Nurse, J.R.C.: A new take on detecting insider threats: exploring the use of hidden Markov models. In: Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats, pp. 47\u201356 (2016)","DOI":"10.1145\/2995959.2995964"},{"key":"17_CR28","doi-asserted-by":"crossref","unstructured":"Song, Y., Salem, M.B., Hershkop, S., Stolfo, S.J.: System level user behavior biometrics using fisher features and gaussian mixture models. In: 2013 IEEE Security and Privacy Workshops, pp. 52\u201359. IEEE (2013)","DOI":"10.1109\/SPW.2013.33"},{"key":"17_CR29","unstructured":"Tuor, A., Kaplan, S., Hutchinson, B., Nichols, N., Robinson, S.: Deep learning for unsupervised insider threat detection in structured cybersecurity data streams. In: Workshops at the Thirty-First AAAI Conference on Artificial Intelligence (2017)"},{"key":"17_CR30","unstructured":"Tuor, A.R., Baerwolf, R., Knowles, N., Hutchinson, B., Nichols, N., Jasper, R.: Recurrent neural network language models for open vocabulary event-level cyber anomaly detection. In: Workshops at the Thirty-Second AAAI Conference on Artificial Intelligence (2018)"},{"key":"17_CR31","unstructured":"Wang, Y., Zhou, Y., Zhu, C., Zhu, X., Zhang, W.: Abnormal behavior analysis in office automation system within organizations. International Academy Publishing (IAP) (3) (2017)"},{"key":"17_CR32","doi-asserted-by":"crossref","unstructured":"Wang, Z.Q., El Saddik, A.: DTITD: an intelligent insider threat detection framework based on digital twin and self-attention based deep learning models. IEEE Access (2023)","DOI":"10.1109\/ACCESS.2023.3324371"},{"issue":"3","key":"17_CR33","doi-asserted-by":"publisher","first-page":"640","DOI":"10.1109\/TC.2013.2295802","volume":"64","author":"S Wen","year":"2014","unstructured":"Wen, S., Haghighi, M.S., Chen, C., Xiang, Y., Zhou, W., Jia, W.: A sword with two edges: propagation studies on both positive and negative information in online social networks. IEEE Trans. Comput. 64(3), 640\u2013653 (2014)","journal-title":"IEEE Trans. Comput."},{"key":"17_CR34","doi-asserted-by":"crossref","unstructured":"Yen, T.-F., et al.: Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks. In: Proceedings of the 29th Annual Computer Security Applications Conference, pp. 199\u2013208 (2013)","DOI":"10.1145\/2523649.2523670"},{"key":"17_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1007\/978-3-319-93698-7_4","volume-title":"Computational Science \u2013 ICCS 2018","author":"F Yuan","year":"2018","unstructured":"Yuan, F., Cao, Y., Shang, Y., Liu, Y., Tan, J., Fang, B.: Insider threat detection with deep neural network. In: Shi, Y., et al. (eds.) ICCS 2018. LNCS, vol. 10860, pp. 43\u201354. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-93698-7_4"},{"key":"17_CR36","doi-asserted-by":"crossref","unstructured":"Zhang, F., Ma, X., Huang, W.: SeqA-ITD: user behavior sequence augmentation for insider threat detection at multiple time granularities. In: 2022 International Joint Conference on Neural Networks (IJCNN), pp. 1\u20137. IEEE (2022)","DOI":"10.1109\/IJCNN55064.2022.9892163"}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-75764-8_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,30]],"date-time":"2024-11-30T01:14:38Z","timestamp":1732929278000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-75764-8_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,17]]},"ISBN":["9783031757631","9783031757648"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-75764-8_17","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,10,17]]},"assertion":[{"value":"17 October 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ISC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Arlington, VA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 October 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 October 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"isw2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/isc24.cs.gmu.edu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}