{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,1]],"date-time":"2025-12-01T07:00:12Z","timestamp":1764572412740,"version":"3.46.0"},"reference-count":76,"publisher":"Springer Science and Business Media LLC","issue":"6","license":[{"start":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T00:00:00Z","timestamp":1761523200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T00:00:00Z","timestamp":1761523200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,12]]},"DOI":"10.1007\/s10207-025-01145-6","type":"journal-article","created":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T12:45:32Z","timestamp":1761569132000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A systematic review on insider threat detection using natural language processing"],"prefix":"10.1007","volume":"24","author":[{"given":"Ketan","family":"Kundiya","sequence":"first","affiliation":[]},{"given":"Yashodhara","family":"Haribhakta","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,10,27]]},"reference":[{"doi-asserted-by":"crossref","unstructured":"Raval, M.S., Gandhi, R., Chaudhary, S.: Insider threat detection: A machine learning way. Versatile Cybersecur. 72, 19\u201353 (2018)","key":"1145_CR1","DOI":"10.1007\/978-3-319-97643-3_2"},{"issue":"4","key":"1145_CR2","doi-asserted-by":"publisher","first-page":"66","DOI":"10.1109\/MSP.2008.87","volume":"6","author":"J Predd","year":"2008","unstructured":"Predd, J., Pfleeger, S.L., Hunker, J., Bulford, C.: Insiders are behaving badly. IEEE Secur. Priv. 6(4), 66\u201370 (2008)","journal-title":"IEEE Secur. Priv."},{"key":"1145_CR3","doi-asserted-by":"publisher","first-page":"102221","DOI":"10.1016\/j.cose.2021.102221","volume":"104","author":"S Yuan","year":"2021","unstructured":"Yuan, S., Wu, X.: Deep learning for insider threat detection: Review, challenges, and opportunities. Computers Secur. 104, 102221 (2021)","journal-title":"Computers Secur."},{"unstructured":"Costa, D.L., Albrethsen, M.J., Collins, M.L., Perl, S.J., Silowash, G.J., Spooner, D.L.: An insider threat indicator ontology. Technical Report CMU\/SEI-2016-TR-007. (2016)","key":"1145_CR4"},{"doi-asserted-by":"crossref","unstructured":"Eldardiry, H., Bart, E., Liu, J., Hanley, J., Price, B., Brdiczka, O.: Multi-domain information fusion for insider threat detection. In: 2013 IEEE Security and Privacy Workshops, pp. 45\u201351. IEEE (2013, May)","key":"1145_CR5","DOI":"10.1109\/SPW.2013.14"},{"doi-asserted-by":"crossref","unstructured":"Rashid, T., Agrafiotis, I., Nurse, J.R.: A new take on detecting insider threats: exploring the use of hidden markov models. In Proceedings of the 8th ACM CCS International Workshop on managing insider security threats (pp. 47\u201356). (2016), October","key":"1145_CR6","DOI":"10.1145\/2995959.2995964"},{"doi-asserted-by":"crossref","unstructured":"Le, D.C., Nur Zincir-Heywood, A.: Evaluating insider threat detection workflow using supervised and unsupervised learning. In: 2018 IEEE Security and Privacy Workshops (SPW), pp. 270\u2013275. IEEE (2018)","key":"1145_CR7","DOI":"10.1109\/SPW.2018.00043"},{"doi-asserted-by":"crossref","unstructured":"Salem, M., Ben, S., Hershkop, Salvatore, J.: Stolfo. A survey of insider attack detection research. Insider Attack Cyber Security: Beyond Hacke. 39, 69\u201390 (2008)","key":"1145_CR8","DOI":"10.1007\/978-0-387-77322-3_5"},{"doi-asserted-by":"crossref","unstructured":"Sanzgiri, A., Dasgupta, D.: Classification of insider threat detection techniques. In Proceedings of the 11th annual Cyber and Information Security Research Conference (pp. 1\u20134). (2016, April)","key":"1145_CR9","DOI":"10.1145\/2897795.2897799"},{"unstructured":"Tuor, A., Kaplan, S., Hutchinson, B., Nichols, N., Robinson, S.: Deep learning for unsupervised insider threat detection in structured cybersecurity data streams. In Workshops at the Thirty-First AAAI Conference on Artificial Intelligence. (2017)","key":"1145_CR10"},{"unstructured":"Paxton-Fear, K.: Understanding Insider Threats Using Natural Language Processing (Doctoral dissertation). (2021)","key":"1145_CR11"},{"unstructured":"Huang, R., Riloff, E.: Inducing domain-specific semantic class taggers from (almost) nothing. In Proceedings of the 48th Annual Meeting of the Association for Computational Linguistics (pp. 275\u2013285). (2010, July)","key":"1145_CR12"},{"issue":"2","key":"1145_CR13","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1080\/07421222.2016.1205925","volume":"33","author":"N Liang","year":"2016","unstructured":"Liang, N., Biros, D.P., Luse, A.: An empirical validation of malicious insider characteristics. J. Manage. Inform. Syst. 33(2), 361\u2013392 (2016)","journal-title":"J. Manage. Inform. Syst."},{"key":"1145_CR14","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1016\/j.jnca.2013.05.007","volume":"38","author":"D Choi","year":"2014","unstructured":"Choi, D., Ko, B., Kim, H., Kim, P.: Text analysis for detecting terrorism-related articles on the web. J. Netw. Comput. Appl. 38, 16\u201321 (2014)","journal-title":"J. Netw. Comput. Appl."},{"issue":"12","key":"1145_CR15","first-page":"1","volume":"7","author":"S Sharma","year":"2023","unstructured":"Sharma, S.: Natural language processing for detecting anomalies and intrusions in unstructured cybersecurity data. Int. J. Inform. Cybersecur. 7(12), 1\u201324 (2023)","journal-title":"Int. J. Inform. Cybersecur."},{"unstructured":"Michael, A.: A Machine Learning Approach to Detect Insider Threats in Emails Caused by Human Behaviour (Master\u2019s thesis, University of Pretoria (South Africa)). (2020)","key":"1145_CR16"},{"issue":"12","key":"1145_CR17","first-page":"1","volume":"7","author":"S Sharma","year":"2023","unstructured":"Sharma, S., Arjunan, T.: Natural language processing for detecting anomalies and intrusions in unstructured cybersecurity data. Int. J. Inform. Cybersecur. 7(12), 1\u201324 (2023)","journal-title":"Int. J. Inform. Cybersecur."},{"issue":"2","key":"1145_CR18","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3303771","volume":"52","author":"I Homoliak","year":"2019","unstructured":"Homoliak, I., Toffalini, F., Guarnizo, J., Elovici, Y., Ochoa, M.: Insight into insiders and it: A survey of insider threat taxonomies, analysis, modelling, and countermeasures. ACM Comput. Surv. (CSUR). 52(2), 1\u201340 (2019)","journal-title":"ACM Comput. Surv. (CSUR)"},{"issue":"12","key":"1145_CR19","doi-asserted-by":"publisher","first-page":"255","DOI":"10.3390\/computers12120255","volume":"12","author":"P Sarzaeim","year":"2023","unstructured":"Sarzaeim, P., Mahmoud, Q.H., Azim, A., Bauer, G., Bowles, I.: A systematic review of using machine learning and natural language processing in smart policing. Computers. 12(12), 255 (2023)","journal-title":"Computers"},{"doi-asserted-by":"crossref","unstructured":"Gayathri, R.G., Sajjanhar, A., Xiang, Y.: Hybrid deep learning model using SPCAGAN augmentation for insider threat analysis. Expert Syst. Appl. 249, 123533 (2024)","key":"1145_CR20","DOI":"10.1016\/j.eswa.2024.123533"},{"issue":"2","key":"1145_CR21","doi-asserted-by":"publisher","first-page":"13341","DOI":"10.48084\/etasr.6911","volume":"14","author":"E Yilmaz","year":"2024","unstructured":"Yilmaz, E., Can, O.: Unveiling shadows: Harnessing artificial intelligence for insider threat detection. Eng. Technol. Appl. Sci. Res. 14(2), 13341\u201313346 (2024)","journal-title":"Eng. Technol. Appl. Sci. Res."},{"issue":"2","key":"1145_CR22","doi-asserted-by":"publisher","first-page":"651","DOI":"10.3390\/s23020651","volume":"23","author":"S Silvestri","year":"2023","unstructured":"Silvestri, S., Islam, S., Papastergiou, S., Tzagkarakis, C., Ciampi, M.: A machine learning approach for the NLP-based analysis of cyber threats and vulnerabilities of the healthcare ecosystem. Sensors. 23(2), 651 (2023)","journal-title":"Sensors"},{"doi-asserted-by":"crossref","unstructured":"Wang, Z.Q., El Saddik, A.: DTITD: An intelligent insider threat detection framework based on digital twin and self-attention-based deep learning models. IEEE Access. (2023)","key":"1145_CR23","DOI":"10.1109\/ACCESS.2023.3324371"},{"issue":"3","key":"1145_CR24","doi-asserted-by":"publisher","first-page":"1132","DOI":"10.3390\/make5030058","volume":"5","author":"JE Coyac-Torres","year":"2023","unstructured":"Coyac-Torres, J.E., Sidorov, G., Aguirre-Anaya, E., Hern\u00e1ndez-Oreg\u00f3n, G.: Cyberattack detection in social network messages based on convolutional neural networks and NLP techniques. Mach. Learn. Knowl. Extr. 5(3), 1132\u20131148 (2023)","journal-title":"Mach. Learn. Knowl. Extr."},{"doi-asserted-by":"crossref","unstructured":"Jones, R., Omar, M.: Detecting IoT malware with knowledge distillation technique. In: 2023, Congress in Computer Science, Computer Engineering, & Applied Computing (CSCE), pp. 131\u2013135. IEEE (2023, July)","key":"1145_CR25","DOI":"10.1109\/CSCE60160.2023.00026"},{"issue":"1","key":"1145_CR26","doi-asserted-by":"publisher","first-page":"259","DOI":"10.3390\/app13010259","volume":"13","author":"B Bin Sarhan","year":"2022","unstructured":"Bin Sarhan, B., Altwaijry, N.: Insider threat detection using a machine learning approach. Appl. Sci. 13(1), 259 (2022)","journal-title":"Appl. Sci."},{"issue":"2","key":"1145_CR27","doi-asserted-by":"publisher","first-page":"1152","DOI":"10.1109\/TNSM.2021.3071928","volume":"18","author":"DC Le","year":"2021","unstructured":"Le, D.C., Zincir-Heywood, N.: Anomaly detection for insider threats using unsupervised ensembles. IEEE Trans. Netw. Serv. Manage. 18(2), 1152\u20131164 (2021)","journal-title":"IEEE Trans. Netw. Serv. Manage."},{"key":"1145_CR28","doi-asserted-by":"publisher","first-page":"143266","DOI":"10.1109\/ACCESS.2021.3118297","volume":"9","author":"R Nasir","year":"2021","unstructured":"Nasir, R., Afzal, M., Latif, R., Iqbal, W.: Behavioural-based insider threat detection using deep learning. IEEE Access. 9, 143266\u2013143274 (2021)","journal-title":"IEEE Access."},{"issue":"1","key":"1145_CR29","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1109\/TNSM.2020.2967721","volume":"17","author":"DC Le","year":"2020","unstructured":"Le, D.C., Zincir-Heywood, N., Heywood, M.I.: Analyzing data granularity levels for insider threat detection using machine learning. IEEE Trans. Netw. Serv. Manage. 17(1), 30\u201344 (2020)","journal-title":"IEEE Trans. Netw. Serv. Manage."},{"doi-asserted-by":"crossref","unstructured":"Iorga, D., Corl\u0103tescu, D., Grigorescu, O., S\u0103ndescu, C., Dasc\u0103lu, M., Rughini\u015f, R.: Early detection of vulnerabilities from news websites using machine learning models. In 2020, 19th RoEduNet Conference: Networking in Education and Research (RoEduNet) (pp. 1\u20136). IEEE. (2020, December)","key":"1145_CR30","DOI":"10.1109\/RoEduNet51892.2020.9324852"},{"key":"1145_CR31","first-page":"183162183176","volume":"7","author":"L Liu","year":"2019","unstructured":"Liu, L., Chen, C., Zhang, J., De Vel, O., Xiang, Y.: Insider threat identification using the simultaneous neural learning of multi-source logs. IEEE Access. 7, 183162183176 (2019)","journal-title":"IEEE Access."},{"doi-asserted-by":"crossref","unstructured":"Yuan, F., Cao, Y., Shang, Y., Liu, Y., Tan, J., Fang, B.: Insider threat detection with deep neural network. In Computational Science\u2013ICCS 2018: 18th International Conference, Wuxi, China, June 11\u201313, 2018, Proceedings, Part I 18 (pp. 43\u201354). Springer International Publishing. (2018)","key":"1145_CR32","DOI":"10.1007\/978-3-319-93698-7_4"},{"doi-asserted-by":"crossref","unstructured":"Meng, F., Lou, F., Fu, Y., Tian, Z.: Deep learning-based attribute classification for insider threat detection for data security. In 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC) (pp. 576\u2013581). IEEE. (2018, June)","key":"1145_CR33","DOI":"10.1109\/DSC.2018.00092"},{"key":"1145_CR34","doi-asserted-by":"publisher","first-page":"30907","DOI":"10.1109\/ACCESS.2024.3369906","volume":"12","author":"FR Alzaabi","year":"2024","unstructured":"Alzaabi, F.R., Mehmood, A.: A review of recent advances, challenges, and opportunities in malicious insider threat detection using machine learning methods. IEEE Access. 12, 30907\u201330927 (2024)","journal-title":"IEEE Access."},{"doi-asserted-by":"crossref","unstructured":"Hendawi, S., Jararweh, Y.: Yazan Zreqat, and Shadi AlZu\u2019bi. Cybersecurity Empirics: Evaluating Machine Learning Techniques for Phishing Detection. In 14th International Conference on Information and Communication Systems (ICICS), pp. 1\u20135. IEEE, 2023. (2023)","key":"1145_CR35","DOI":"10.1109\/ICICS60529.2023.10330476"},{"doi-asserted-by":"crossref","unstructured":"Shankar, Karthiga, A.M., Abirami, K., Indira, C.V.N., Angeline, Shubhavya, K.: Cyberbullying Detection in Social Media Using Supervised ML and NLP Techniques. In Communication and Intelligent Systems: Proceedings of ICCIS 2021, pp. 817\u2013828. Singapore: Springer Nature Singapore, (2022)","key":"1145_CR36","DOI":"10.1007\/978-981-19-2130-8_63"},{"doi-asserted-by":"crossref","unstructured":"Mussiraliyeva, S., Omarov, B., Bolatbek, M., Ospanov, R., Baispay, G., Medetbek, Z. and ZhastayYeltay.: Applying deep learning for extremism detection. In Advanced Informatics for Computing Research: 4th International Conference, ICAICR Gurugram, India, December 26\u201327, 2020, Revised Selected Papers, Part I 4, pp. 597\u2013605. Springer Singapore, 2021. (2020)","key":"1145_CR37","DOI":"10.1007\/978-981-16-3660-8_56"},{"doi-asserted-by":"crossref","unstructured":"Iorga, D., Corl\u0103tescu, D., Grigorescu, O., S\u0103ndescu, C., Dasc\u0103lu, M., Rughini\u015f, R.: Early detection of vulnerabilities from news websites using machine learning models. In 2020 19th RoEduNet Conference: Networking in Education and Research (RoEduNet), pp. 1\u20136. IEEE, (2020)","key":"1145_CR38","DOI":"10.1109\/RoEduNet51892.2020.9324852"},{"doi-asserted-by":"crossref","unstructured":"Saganowski, S.: A three-stage machine learning network security solution for public entities. In 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1097\u20131104. IEEE, (2020)","key":"1145_CR39","DOI":"10.1109\/TrustCom50675.2020.00145"},{"doi-asserted-by":"crossref","unstructured":"Qasim, M., Salman, M., Pedersen, J.M., Masood, A., Abbas, H.: NLP and ML Synergy: A Novel Approach in Botnet Detection from Sandbox Artifacts. In 2024 ASU International Conference in Emerging Technologies for Sustainability and Intelligent Systems (ICETSIS), pp. 1679\u20131684. IEEE, (2024)","key":"1145_CR40","DOI":"10.1109\/ICETSIS61505.2024.10459415"},{"issue":"1","key":"1145_CR41","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1007\/s10207-023-00769-w","volume":"23","author":"S Silvestri","year":"2024","unstructured":"Silvestri, S., Islam, S., Amelin, D., Weiler, G., Papastergiou, S., Ciampi, M.: Cyber threat assessment and management for securing healthcare ecosystems using natural language processing. Int. J. Inf. Secur. 23(1), 31\u201350 (2024)","journal-title":"Int. J. Inf. Secur."},{"doi-asserted-by":"crossref","unstructured":"Niyaoui, O.: and Oussama Mohamed Reda. Malicious URL Detection Using Transformers\u2019 NLP Models and Machine Learning. In International Conference on Advanced Intelligent Systems for Sustainable Development, pp. 389\u2013399. Cham: Springer Nature Switzerland, (2023)","key":"1145_CR42","DOI":"10.1007\/978-3-031-54318-0_35"},{"doi-asserted-by":"crossref","unstructured":"Dissanayake, D.M.A., Sifran, K.M., Thiviya, J.E.T.A., Wijesinghe, D.I.D.S.: Skin Disease detection of pet dogs and identifying home remedies using machine learning (SVM, NLP) and AI. In 2022, 3rd International Informatics and Software Engineering Conference (IISEC), pp. 1\u20136. IEEE, (2022)","key":"1145_CR43","DOI":"10.1109\/IISEC56263.2022.9998090"},{"doi-asserted-by":"crossref","unstructured":"Lee, H., Asher, N., Prathapani, R., Paturi: Sarp Parmaksiz, and Fabio Di Troia. NLP-based User Authentication through Mouse Dynamics. In ICISSP, pp. 696\u2013702. (2022)","key":"1145_CR44","DOI":"10.5220\/0011005900003120"},{"key":"1145_CR45","doi-asserted-by":"publisher","first-page":"S77","DOI":"10.1016\/j.diin.2019.01.017","volume":"28","author":"EMB Karbab","year":"2019","unstructured":"Karbab, E.M.B.: Maldy: Portable, data-driven malware detection using natural language processing and machine learning techniques on behavioural analysis reports. Digit. Invest. 28, S77\u2013S87 (2019)","journal-title":"Digit. Invest."},{"doi-asserted-by":"crossref","unstructured":"Diakhame, M., Lamine, C., Diallo, Mejri, M.: MCM-CASR: Novel Alert Correlation Framework for Cyber Attack Scenario Reconstruction Based on NLP, NER, and Semantic Similarity. In 2023, 7th Cyber Security in Networking Conference (CSNet), pp. 27\u201331. IEEE, (2023)","key":"1145_CR46","DOI":"10.1109\/CSNet59123.2023.10339751"},{"key":"1145_CR47","doi-asserted-by":"publisher","first-page":"58915","DOI":"10.1109\/ACCESS.2023.3260020","volume":"11","author":"R Marinho","year":"2023","unstructured":"Marinho, R., Holanda, R.: Automated emerging cyber threat identification and profiling based on natural language processing. IEEE Access. 11, 58915\u201358936 (2023)","journal-title":"IEEE Access."},{"doi-asserted-by":"crossref","unstructured":"Nguyen, M.T., Van Anh, S., BannourSouihi, Sami Souihi: Deep learning in NLP for anomalous HTTP requests detection. In, and. 19th International Conference on Network and Service Management (CNSM), pp. 1\u20138. IEEE, 2023. (2023)","key":"1145_CR48","DOI":"10.23919\/CNSM59352.2023.10327888"},{"key":"1145_CR49","doi-asserted-by":"publisher","first-page":"119925","DOI":"10.1016\/j.eswa.2023.119925","volume":"224","author":"P Pal","year":"2023","unstructured":"Pal, P., Chattopadhyay, P., Mayank Swarnkar: Temporal feature aggregation with attention for insider threat detection from activity logs. Expert Syst. Appl. 224, 119925 (2023)","journal-title":"Expert Syst. Appl."},{"issue":"3","key":"1145_CR50","doi-asserted-by":"publisher","first-page":"354","DOI":"10.3390\/sym12030354","volume":"12","author":"T-M Georgescu","year":"2020","unstructured":"Georgescu, T.-M.: Natural language processing model for automatic analysis of cybersecurity-related documents. Symmetry. 12(3), 354 (2020)","journal-title":"Symmetry"},{"doi-asserted-by":"crossref","unstructured":"Singh, M., Mehtre, B.M., Sangeetha, S.: User behaviour profiling using ensemble approach for insider threat detection. In IEEE 5th International Conference on Identity, Security, and Behavior Analysis (ISBA), pp. 1\u20138. IEEE, 2019. (2019)","key":"1145_CR51","DOI":"10.1109\/ISBA.2019.8778466"},{"issue":"2","key":"1145_CR52","doi-asserted-by":"publisher","first-page":"13341","DOI":"10.48084\/etasr.6911","volume":"14","author":"E Yilmaz","year":"2024","unstructured":"Yilmaz, E.: Unveiling shadows: Harnessing artificial intelligence for insider threat detection. Eng. Technol. Appl. Sci. Res. 14(2), 13341\u201313346 (2024)","journal-title":"Eng. Technol. Appl. Sci. Res."},{"doi-asserted-by":"crossref","unstructured":"Jovanovic, L., Kaljevic, J., Zivkovic, M., Bacanin, N., Antonijevic, M.: and Miroslav Cajic. Insider Threat Identification From Accessed Website Content Optimized by Modified Metaheuristic. In 2024 International Conference on Circuit, Systems and Communication (ICCSC), pp. 1\u20136. IEEE, (2024)","key":"1145_CR53","DOI":"10.1109\/ICCSC62074.2024.10617256"},{"doi-asserted-by":"crossref","unstructured":"Kumpf, K., Protic, M., Jovanovic, L., Cajic, M., Zivkovic, M.: and Nebojsa Bacanin. Insider Threat Detection Using Bidirectional Encoder Representations From Transformers and Optimized AdaBoost Classifier. In 2024 International Conference on Circuit, Systems and Communication (ICCSC), pp. 1\u20136. IEEE, (2024)","key":"1145_CR54","DOI":"10.1109\/ICCSC62074.2024.10616526"},{"doi-asserted-by":"crossref","unstructured":"Tian, Z., Shi, W., Tan, Z., Qiu, J., Sun, Y., Feng Jiang, and, Liu, Y.: Deep learning and Dempster-Shafer based insider threat detection. Mob. Networks Appl. 29, 1\u201310 (2020)","key":"1145_CR55","DOI":"10.1007\/s11036-020-01656-7"},{"doi-asserted-by":"crossref","unstructured":"Silva, P., Gon\u00e7alves, C., Godinho, C., Antunes, N., and Marilia Curado:. Using NLPmachine learning to detect data privacy violations. In IEEE INFOCOM 2020-IEEE conference on computer communications workshops (INFOCOM WKSHPS), pp. 972\u2013977. IEEE, (2020)","key":"1145_CR56","DOI":"10.1109\/INFOCOMWKSHPS50562.2020.9162683"},{"doi-asserted-by":"crossref","unstructured":"Saaudi, A., Al-Ibadi, Z., Tong, Y., and Csilla Farkas:. Insider threats detection using CNN-LSTM model. In 2018 International Conference on Computational ScienceComputational Intelligence (CSCI), pp. 94\u201399. IEEE, (2018)","key":"1145_CR57","DOI":"10.1109\/CSCI46756.2018.00025"},{"unstructured":"Verizon Enterprise: Verizon Data Breach Investigations Report 12th Edition. Available online (2023). https:\/\/www.verizon.com\/business\/resources\/reports\/dbir\/2023","key":"1145_CR58"},{"key":"1145_CR59","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3135639","author":"V-V Miguel","year":"2023","unstructured":"Miguel, V.-V., Modelo-Howard, G., Dube, S., Bhargava, B.: Hunting for insider threats using LSTM-based anomaly detection. IEEE Trans. Dependable Secur. Comput. (2023). https:\/\/doi.org\/10.1109\/TDSC.2021.3135639","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"issue":"1","key":"1145_CR60","doi-asserted-by":"publisher","first-page":"619","DOI":"10.32604\/iasc.2022.021430","volume":"33","author":"MA Haq","year":"2022","unstructured":"Haq, M.A., Khan, M.A.R., Alshehri, M.: Insider threat detection based on NLP word embedding and machine learning. Intell. Autom. Soft Comput. 33(1), 619\u2013635 (2022)","journal-title":"Intell. Autom. Soft Comput."},{"doi-asserted-by":"crossref","unstructured":"Paxton-Fear, K., Hodges, D., Buckley, O.: Understanding insider threat attacks using natural language processing: Automatically mapping organic narrative reports to existing insider threat frameworks. International Conference on Human-Computer Interaction. Cham: Springer International Publishing (2020)","key":"1145_CR61","DOI":"10.1007\/978-3-030-50309-3_42"},{"key":"1145_CR62","doi-asserted-by":"publisher","first-page":"1638","DOI":"10.1109\/TIFS.2023.3245413","volume":"18","author":"X Li","year":"2023","unstructured":"Li, X., et al.: A high accuracy and adaptive anomaly detection model with dual-domain graph convolutional network for insider threat detection. IEEE Trans. Inf. Forensics Secur. 18, 1638\u20131652 (2023). https:\/\/doi.org\/10.1109\/TIFS.2023.3245413","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"1145_CR63","doi-asserted-by":"publisher","first-page":"64","DOI":"10.1016\/j.procs.2020.10.012","volume":"177","author":"F Janjua","year":"2020","unstructured":"Janjua, F., et al.: Handling insider threat through supervised machine learning techniques. Procedia Comput. Sci. 177, 64\u201371 (2020)","journal-title":"Procedia Comput. Sci."},{"doi-asserted-by":"crossref","unstructured":"Vinay, M.S., Yuan, S., Wu, X.: Contrastive learning for insider threat detection. International Conference on Database Systems for Advanced Applications. Cham: Springer International Publishing (2022)","key":"1145_CR64","DOI":"10.1007\/978-3-031-00123-9_32"},{"doi-asserted-by":"crossref","unstructured":"Jiang, J., et al.: Warder: Online insider threat detection system using multi-feature modeling and graph-based correlation. MILCOM 2019\u20132019 IEEE Military Communications Conference (MILCOM). IEEE (2019)","key":"1145_CR65","DOI":"10.1109\/MILCOM47813.2019.9020931"},{"doi-asserted-by":"crossref","unstructured":"Liu, L., et al.: Doc2vec-based insider threat detection through behaviour analysis of multi-source security logs. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE (2020)","key":"1145_CR66","DOI":"10.1109\/TrustCom50675.2020.00050"},{"doi-asserted-by":"crossref","unstructured":"Singh, M., Mehtre, B.M., Sangeetha, S.: User behaviour based insider threat detection in critical infrastructures. 2021 2nd International Conference on Secure Cyber Computing and Communications (ICSCCC). IEEE (2021)","key":"1145_CR67","DOI":"10.1109\/ICSCCC51823.2021.9478137"},{"doi-asserted-by":"crossref","unstructured":"Jiang, J., et al.: Anomaly detection with graph convolutional networks for insider threat and fraud detection. MILCOM 2019\u20132019 IEEE Military Communications Conference (MILCOM). IEEE (2019)","key":"1145_CR68","DOI":"10.1109\/MILCOM47813.2019.9020760"},{"unstructured":"Lopez, E., Sartipi, K.: Detecting the insider threat with long short term memory (LSTM) neural networks. arXiv preprint arXiv:2007.11956 (2020)","key":"1145_CR69"},{"doi-asserted-by":"crossref","unstructured":"Dion\u00edsio, N., et al.: Cyberthreat detection from twitter using deep neural networks. 2019 International Joint Conference on Neural Networks (IJCNN). IEEE (2019)","key":"1145_CR70","DOI":"10.1109\/IJCNN.2019.8852475"},{"doi-asserted-by":"publisher","unstructured":"Raut, M., Dhavale, S., Singh, A., Mehra, A.: Insider threat detection using deep learning: A review. 2020 3rd International Conference on Intelligent Sustainable Systems (ICISS), Thoothukudi, India, 856\u2013863. (2020). https:\/\/doi.org\/10.1109\/ICISS49785.2020.9315932","key":"1145_CR71","DOI":"10.1109\/ICISS49785.2020.9315932"},{"doi-asserted-by":"crossref","unstructured":"Xiao, J., et al.: Robust anomaly-based insider threat detection using graph neural network. IEEE Trans. Netw. Serv. Manage. 20, 3717\u20133733 (2022)","key":"1145_CR72","DOI":"10.1109\/TNSM.2022.3222635"},{"doi-asserted-by":"crossref","unstructured":"Zhang, C., et al.: Detecting insider threat from behavioral logs based on ensemble and self-supervised learning. Secur. Communication Networks. 2021, 1\u201311 (2021)","key":"1145_CR73","DOI":"10.1155\/2021\/4148441"},{"doi-asserted-by":"publisher","unstructured":"M.J., McKenzie, J E., et al.: The PRISMA 2020 statement: an updated guideline for reporting systematic reviews. BMJ. 372, n71 (2021). https:\/\/doi.org\/10.1136\/bmj.n71","key":"1145_CR74","DOI":"10.1136\/bmj.n71"},{"issue":"1","key":"1145_CR75","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1016\/j.icte.2025.01.005","volume":"11","author":"R Chinnasamy","year":"2025","unstructured":"Chinnasamy, R., Subramanian, M., Easwaramoorthy, V., S., Cho, J.: Deep learning-driven methods for network-based intrusion detection systems: A systematic review. ICT Express. 11(1), 181\u2013215 (2025). https:\/\/doi.org\/10.1016\/j.icte.2025.01.005","journal-title":"ICT Express"},{"key":"1145_CR76","doi-asserted-by":"publisher","first-page":"1125","DOI":"10.1007\/s10207-023-00682-2","volume":"22","author":"OH Abdulganiyu","year":"2023","unstructured":"Abdulganiyu, O.H., Tchakoucht, A., T., Saheed, Y.K.: A systematic literature review for network intrusion detection system (IDS). Int. J. Inf. Secur. 22, 1125\u20131162 (2023). https:\/\/doi.org\/10.1007\/s10207-023-00682-2","journal-title":"Int. J. Inf. Secur."}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01145-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-01145-6\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01145-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,1]],"date-time":"2025-12-01T06:55:33Z","timestamp":1764572133000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-01145-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,27]]},"references-count":76,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2025,12]]}},"alternative-id":["1145"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-01145-6","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"type":"print","value":"1615-5262"},{"type":"electronic","value":"1615-5270"}],"subject":[],"published":{"date-parts":[[2025,10,27]]},"assertion":[{"value":"17 January 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"19 October 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"27 October 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"227"}}