{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,17]],"date-time":"2026-05-17T23:06:49Z","timestamp":1779059209268,"version":"3.51.4"},"publisher-location":"Cham","reference-count":36,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032200174","type":"print"},{"value":"9783032200181","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-20018-1_6","type":"book-chapter","created":{"date-parts":[[2026,5,17]],"date-time":"2026-05-17T22:27:12Z","timestamp":1779056832000},"page":"98-115","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Real-Time Insider Threat Hunting Based on\u00a0Dynamic Risk Indicators"],"prefix":"10.1007","author":[{"given":"N\u2019Famoussa Kounon","family":"Nanamou","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Neda","family":"Baghalizadeh-Moghadam","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Thibault","family":"Leblanc","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"K\u00e9ren A.","family":"Saint-Hilaire","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nora","family":"Boulahia-Cuppens","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fr\u00e9d\u00e9ric","family":"Cuppens","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anis","family":"Bkakria","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,5,1]]},"reference":[{"issue":"15","key":"6_CR1","doi-asserted-by":"publisher","first-page":"5208","DOI":"10.3390\/app10155208","volume":"10","author":"MN Al-Mhiqani","year":"2020","unstructured":"Al-Mhiqani, M.N., et al.: A review of insider threat detection: classification, machine learning techniques, datasets, open challenges, and recommendations. Appl. Sci. 10(15), 5208 (2020)","journal-title":"Appl. Sci."},{"key":"6_CR2","unstructured":"Axelsson, S.: Intrusion detection systems: a survey and taxonomy. Tech. Rep. 99-15, Chalmers University of Technology (2000)"},{"issue":"1","key":"6_CR3","first-page":"1","volume":"1","author":"A Azaria","year":"2016","unstructured":"Azaria, A., Richardson, A., Kraus, S., Subrahmanian, V.: Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis. Big Data Anal. 1(1), 1\u201329 (2016)","journal-title":"Big Data Anal."},{"key":"6_CR4","doi-asserted-by":"crossref","unstructured":"Baghalizadeh-Moghadam, N., Cuppens, F., Cuppens, N.: An NLP-based framework leveraging email and multimodal user data for insider threat detection. In: Proceedings of the 22nd International Conference on Security and Cryptography (SECRYPT). SciTePress (2025)","DOI":"10.5220\/0013524000003979"},{"key":"6_CR5","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1145\/1007730.1007735","volume":"6","author":"GE Batista","year":"2004","unstructured":"Batista, G.E., Prati, R.C., Monard, M.C.: A study of the behavior of several methods for balancing machine learning training data. ACM SIGKDD Explor. Newsl. 6, 20\u201329 (2004)","journal-title":"ACM SIGKDD Explor. Newsl."},{"issue":"1","key":"6_CR6","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1023\/A:1010933404324","volume":"45","author":"L Breiman","year":"2001","unstructured":"Breiman, L.: Random forests. Mach. Learn. 45(1), 5\u201332 (2001). https:\/\/doi.org\/10.1023\/A:1010933404324","journal-title":"Mach. Learn."},{"key":"6_CR7","doi-asserted-by":"publisher","unstructured":"Cami\u00f1a, J.B., Hern\u00e1ndez-Gracidas, C., Monroy, R., Trejo, L.: The Windows-Users and -Intruder simulations Logs dataset (WUIL): an experimental framework for masquerade detection mechanisms. Exp. Syst. Appl. 41(3), 919\u2013930 (2014). https:\/\/doi.org\/10.1016\/j.eswa.2013.08.022, issn 0957-4174, https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0957417413006349","DOI":"10.1016\/j.eswa.2013.08.022"},{"key":"6_CR8","unstructured":"Cappelli, D.M., Moore, A.P., Trzeciak, R.F.: The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes. Software Engineering Institute (2012)"},{"issue":"3","key":"6_CR9","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/1541880.1541882","volume":"41","author":"V Chandola","year":"2009","unstructured":"Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41(3), 1\u201358 (2009)","journal-title":"ACM Comput. Surv."},{"key":"6_CR10","doi-asserted-by":"publisher","unstructured":"Collins, M., Greitzer, F., Moore, A., Cappelli, D., Spooner, D., Walker, J.: Insider Threats in Cyber Security. Springer, New York (2016). https:\/\/doi.org\/10.1007\/978-1-4471-2131-4","DOI":"10.1007\/978-1-4471-2131-4"},{"key":"6_CR11","unstructured":"Gartner: Top strategic technology trends for 2023: Cybersecurity (2023). https:\/\/www.gartner.com\/en\/topics\/cybersecurity"},{"key":"6_CR12","doi-asserted-by":"publisher","unstructured":"Greitzer, F.L., Purl, J., Kangas, L.J., Noonan, T.: Combining traditional cyber security audit data with psychosocial data: towards predictive modeling for insider threat mitigation. In: Insider Threats in Cyber Security, pp. 85\u2013113. Springer, Boston (2010). https:\/\/doi.org\/10.1007\/978-1-4419-7133-3_5","DOI":"10.1007\/978-1-4419-7133-3_5"},{"key":"6_CR13","doi-asserted-by":"publisher","unstructured":"Harilal, A., Toffalini, F., Castellanos, J., Guarnizo, J., Homoliak, I., Ochoa, M.: TWOS: a dataset of malicious insider threat behavior based on a gamified competition. In: Proceedings of the 2017 ACM Workshop on Managing Insider Security Threats (MIST \u201917), pp. 45\u201356. Association for Computing Machinery, New York, NY, USA (2017). https:\/\/doi.org\/10.1145\/3139923.3139929","DOI":"10.1145\/3139923.3139929"},{"issue":"9","key":"6_CR14","doi-asserted-by":"publisher","first-page":"1460","DOI":"10.3390\/electronics9091460","volume":"9","author":"I Homoliak","year":"2020","unstructured":"Homoliak, I., Toffalini, F., Guarnizo, J., Elovici, Y., Ochoa, M.: Impact and key challenges of insider threats on organizations and critical businesses. Electronics 9(9), 1460 (2020)","journal-title":"Electronics"},{"key":"6_CR15","unstructured":"IBM Security: Cost of a data breach report 2023 (2023). https:\/\/www.ibm.com\/reports\/data-breach"},{"key":"6_CR16","doi-asserted-by":"publisher","unstructured":"Jolliffe, I.T.: Principal Component Analysis, 2nd edn. Springer, New York (2002). https:\/\/doi.org\/10.1007\/b98835","DOI":"10.1007\/b98835"},{"key":"6_CR17","doi-asserted-by":"publisher","unstructured":"Kaufman, S., Rosset, S., Perlich, C.: Leakage in data mining: formulation, detection, and avoidance. In: Proceedings of the 18th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 556\u2013563. ACM (2012). https:\/\/doi.org\/10.1145\/2339530.2339620","DOI":"10.1145\/2339530.2339620"},{"key":"6_CR18","unstructured":"Kim, A., Oh, M., Lee, J.: A method of insider threat detection based on behavior monitoring. In: International Conference on Information Science and Applications, pp.\u00a01\u20134. IEEE (2014)"},{"key":"6_CR19","unstructured":"Klimt, B., Yang, Y.: Introducing the Enron corpus. In: Proceedings of the First Conference on Email and Anti-Spam (CEAS), Mountain View, CA, USA (2004). https:\/\/www.ceas.cc\/papers-2004\/168.pdf"},{"key":"6_CR20","doi-asserted-by":"crossref","unstructured":"Leblanc, T., Baghalizadeh-Moghadam, N., Cuppens, F., Boulahia-Cuppens, N.: Real-time anomaly detection for event-based insider threat hunting (2025)","DOI":"10.1007\/978-981-95-6419-4_7"},{"key":"6_CR21","doi-asserted-by":"publisher","unstructured":"Lindauer, B.: Insider threat test dataset (2020). https:\/\/doi.org\/10.1184\/R1\/12841247.v1","DOI":"10.1184\/R1\/12841247.v1"},{"key":"6_CR22","unstructured":"Malhotra, P., Vig, L., Shroff, G., Agarwal, P.: Long short term memory networks for anomaly detection in time series. In: Proceedings of the 23rd European Symposium on Artificial Neural Networks, Computational Intelligence and Machine Learning (ESANN) (2015)"},{"key":"6_CR23","unstructured":"MITRE: Insider Threat Framework (2022). https:\/\/www.mitre.org\/research\/insider-threat"},{"key":"6_CR24","doi-asserted-by":"publisher","unstructured":"Nanamou, N.K., Neal, C., Boulahia-Cuppens, N., Cuppens, F., Bkakria, A.: From traits to threats: learning risk indicators of malicious insider using psychometric data. In: Information Systems Security (2025). https:\/\/doi.org\/10.1007\/978-3-031-80020-7_10","DOI":"10.1007\/978-3-031-80020-7_10"},{"key":"6_CR25","doi-asserted-by":"crossref","unstructured":"Nanamou, N.K., Salem, R.B., Boulahia-Cuppens, N., Cuppens, F., Bkakria, A.: From static to dynamic risk indicators in predicting and detecting insider attacks. In: TrustCom2025 (2025)","DOI":"10.1109\/Trustcom66490.2025.00236"},{"key":"6_CR26","doi-asserted-by":"publisher","unstructured":"Pantelidis, E., Bendiab, G., Shiaeles, S., Kolokotronis, N.: Insider threat detection using deep autoencoder and variational autoencoder neural networks. In: 2021 IEEE International Conference on Cyber Security and Resilience (CSR), pp. 129\u2013134 (2021). https:\/\/doi.org\/10.1109\/CSR51186.2021.9527925, https:\/\/arxiv.org\/abs\/2109.02568","DOI":"10.1109\/CSR51186.2021.9527925"},{"key":"6_CR27","doi-asserted-by":"publisher","unstructured":"Saint-Hilaire, K.A., Neal, C., Cuppens, F., Boulahia-Cuppens, N., Hadji, M.: Optimal automated generation of playbooks. In: IFIP Annual Conference on Data and Applications Security and Privacy, pp. 191\u2013199. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-65172-4_12","DOI":"10.1007\/978-3-031-65172-4_12"},{"issue":"15","key":"6_CR28","doi-asserted-by":"publisher","first-page":"5208","DOI":"10.3390\/app10155208","volume":"10","author":"MB Salem","year":"2020","unstructured":"Salem, M.B., Stolfo, S.J.: A review of insider threat detection: classification, machine learning techniques, datasets, open challenges, and recommendations. Appl. Sci. 10(15), 5208 (2020)","journal-title":"Appl. Sci."},{"key":"6_CR29","unstructured":"Sanh, V., Debut, L., Chaumond, J., Wolf, T.: DistilBERT, a distilled version of BERT: smaller, faster, cheaper and lighter. In: Proceedings of the 5th Workshop on Energy Efficient Machine Learning and Cognitive Computing (2019). https:\/\/arxiv.org\/abs\/1910.01108"},{"issue":"1","key":"6_CR30","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1214\/ss\/998929476","volume":"16","author":"M Schonlau","year":"2001","unstructured":"Schonlau, M., DuMouchel, W., Ju, W., Karr, A.F., Theus, M., Vardi, Y.: Computer intrusion: detecting masquerades. Stat. Sci. 16(1), 58\u201374 (2001). https:\/\/doi.org\/10.1214\/ss\/998929476","journal-title":"Stat. Sci."},{"key":"6_CR31","unstructured":"Secureframe: 2024 cybersecurity statistics: the latest trends and insights (2024). https:\/\/secureframe.com\/blog\/cybersecurity-statistics"},{"key":"6_CR32","doi-asserted-by":"publisher","unstructured":"Shum, K.M., Ptaszynski, M., Masui, F.: Big five personality trait prediction based on user comments. Information 16(5), 418 (2025). https:\/\/doi.org\/10.3390\/info16050418","DOI":"10.3390\/info16050418"},{"key":"6_CR33","unstructured":"Verizon: 2023 data breach investigations report (DBIR) (2023). https:\/\/www.verizon.com\/business\/resources\/reports\/dbir\/"},{"key":"6_CR34","unstructured":"Yhdego, M., Ghafir, I.: Toward sequential deep learning for insider threat detection. IEEE Access 11, 85329\u201385343 (2023)"},{"key":"6_CR35","unstructured":"Yuan, L., Chen, M., Zhang, Y.: Real-time detection of insider threats using behavioral analytics and deep evidential clustering. arXiv preprint arXiv:2505.15383 (2025)"},{"key":"6_CR36","doi-asserted-by":"publisher","unstructured":"Zadrozny, B., Elkan, C.: Transforming classifier scores into accurate multiclass probability estimates. In: Proceedings of the 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 694\u2013699. ACM (2002). https:\/\/doi.org\/10.1145\/775047.775151","DOI":"10.1145\/775047.775151"}],"container-title":["Lecture Notes in Computer Science","Foundations and Practice of Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-20018-1_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,17]],"date-time":"2026-05-17T22:27:16Z","timestamp":1779056836000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-20018-1_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032200174","9783032200181"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-20018-1_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"1 May 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"FPS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Foundations and Practice of Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Brest","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 November 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 November 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"fps2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/hub.imt-atlantique.fr\/fps2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}