{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2023,9,17]],"date-time":"2023-09-17T21:07:27Z","timestamp":1694984847213},"reference-count":20,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2010,9,23]],"date-time":"2010-09-23T00:00:00Z","timestamp":1285200000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Inf Syst Front"],"published-print":{"date-parts":[[2013,3]]},"DOI":"10.1007\/s10796-010-9268-7","type":"journal-article","created":{"date-parts":[[2010,9,22]],"date-time":"2010-09-22T09:28:52Z","timestamp":1285147732000},"page":"17-34","source":"Crossref","is-referenced-by-count":15,"title":["Knowing who to watch: Identifying attackers whose actions are hidden within false alarms and background noise"],"prefix":"10.1007","volume":"15","author":[{"given":"Howard","family":"Chivers","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"John A.","family":"Clark","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Philip","family":"Nobles","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Siraj A.","family":"Shaikh","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hao","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2010,9,23]]},"reference":[{"key":"9268_CR1","unstructured":"Bace, R., & Mell, P. (2001). Intrusion detection systems (IDS). Tech. Rep. SP 800-31, National Institute of Standards and Technology (NIST)."},{"key":"9268_CR2","unstructured":"Band, S. R., Cappelli, D. M., Fischer, L. F., Moore, A. P., Shaw, E. D., & Trzeciak, R. F. (2006). Comparing insider it sabotage and espionage: A model-based analysis. Tech. rep., Carnegie Mellon Software Engineering Institute."},{"key":"9268_CR3","unstructured":"Brackney, R. C., & Anderson, R. H. (2004). Understanding the insider threat. Tech. Rep. Proceedings of March 2004 Workshop, RAND National Security Research Division."},{"key":"9268_CR4","unstructured":"Bradford, P. G., Brown, M., Perdue, J., & Self, B. (2004). Towards proactive computer-system forensics. In International conference on information technology: Coding and computing (ITCC 2004) (pp. 648\u2013652). IEEE Computer Society."},{"key":"9268_CR5","first-page":"1","volume-title":"11th international conference on information fusion","author":"JF Buford","year":"2008","unstructured":"Buford, J. F., Lewis, L., & Jakobson, G. (2008). Insider threat detection using situation-aware MAS. In 11th international conference on information fusion (pp. 1\u20138). Cologne, Germany: IEEE Xplore."},{"issue":"6","key":"9268_CR6","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1109\/MSP.2009.110","volume":"7","author":"DD Caputo","year":"2009","unstructured":"Caputo, D. D., Stephens, G. D., & Maloof, M. A. (2009). Detecting insider theft of trade secrets. IEEE Security & Privacy, 7(6), 14\u201321.","journal-title":"IEEE Security & Privacy"},{"key":"9268_CR7","unstructured":"CERT Incident Note (1998). IN-98-05: Probes with spoofed IP addresses."},{"issue":"4","key":"9268_CR8","doi-asserted-by":"crossref","first-page":"295","DOI":"10.1016\/j.cose.2004.09.008","volume":"24","author":"S Chebrolua","year":"2004","unstructured":"Chebrolua, S., Abrahama, A., & Thomas, J. P. (2004). Feature deduction and ensemble design of intrusion detection systems. Computers & Security, 24(4), 295\u2013307.","journal-title":"Computers & Security"},{"key":"9268_CR9","unstructured":"Chivers, H., Nobles, P., Shaikh, S. A., Clark, J. A., & Chen, H. (2009). Accumulating evidence of insider attacks. In The 1st international workshop on managing insider security threats (MIST 2009) (In conjunction with IFIPTM 2009). CEUR Workshop Proceedings."},{"key":"9268_CR10","doi-asserted-by":"crossref","unstructured":"Colombe, J. B., & Stephens, G. (2004). Statistical profiling and visualization for detection of malicious insider attacks on computer networks. In The 2004 ACM workshop on visualization and data mining for computer security (pp. 138\u2013142). ACM Press.","DOI":"10.1145\/1029208.1029231"},{"key":"9268_CR11","doi-asserted-by":"crossref","unstructured":"Eberle, W., & Holder, L. (2009). Insider threat detection using graph-based approaches. In Cybersecurity applications & technology conference for homeland security (CATCH) (pp. 237\u2013241). IEEE Computer Society.","DOI":"10.1109\/CATCH.2009.7"},{"key":"9268_CR12","unstructured":"Goodin, D. (2007). TJX breach was twice as big as admitted, banks say. The Register."},{"key":"9268_CR13","unstructured":"Heberlein, T. (2002). Tactical operations and strategic intelligence: Sensor purpose and placement. Tech. Rep. TR-2002-04.02, Net Squared, Inc."},{"key":"9268_CR14","doi-asserted-by":"crossref","unstructured":"Herbig, K. L., & Wiskoff, M. F. (2002). Espionage against the united states by American citizens 1947\u20132001. Tech. Rep. 02-05, Defense Personnel Security Research Center (PERSEREC).","DOI":"10.21236\/ADA411004"},{"key":"9268_CR15","first-page":"18","volume-title":"2003 IEEE Workshop on information assurance","author":"N Nguyen","year":"2003","unstructured":"Nguyen, N., Reiher, P., & Kuenning, G. H. (2003). Detecting insider threats by monitoring system call activity. In 2003 IEEE Workshop on information assurance (pp. 18\u201320). IEEE Computer Society, United States Military Academy, West Point."},{"key":"9268_CR16","unstructured":"Randazzo, M.R., Cappelli, D., Keeney, M., Moore, A., & Kowalski, E. (2004). U.S. secret service and CERT coordination center\/SEI insider threat study: Illicit cyber activity in the banking and finance sector. Tech. rep., Software Engineering Institute, Carnegie Mellon University."},{"key":"9268_CR17","unstructured":"Russell, S., & Norvig, P. (2010). Artificial intelligence (3rd ed.). Prentice Hall."},{"key":"9268_CR18","doi-asserted-by":"crossref","unstructured":"Spitzner, L. (2003). Honeypots: Catching the insider threat. In 19th annual computer security applications conference (ACSAC \u201903) (pp. 170\u2013179). IEEE Computer Society.","DOI":"10.1109\/CSAC.2003.1254322"},{"issue":"1\/2","key":"9268_CR19","doi-asserted-by":"crossref","first-page":"105","DOI":"10.3233\/JCS-2002-101-205","volume":"10","author":"S Staniford","year":"2002","unstructured":"Staniford, S., Hoagland, J. A., & McAlerney, J. M. (2002). Practical automated detection of stealthy portscans. Journal of Computer Security, 10(1\/2), 105\u2013136.","journal-title":"Journal of Computer Security"},{"key":"9268_CR20","unstructured":"Wells, J. T. (2008). Principles of fraud examination (2nd ed.). Wiley."}],"container-title":["Information Systems Frontiers"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-010-9268-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10796-010-9268-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-010-9268-7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,5]],"date-time":"2019-06-05T00:32:23Z","timestamp":1559694743000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10796-010-9268-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010,9,23]]},"references-count":20,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2013,3]]}},"alternative-id":["9268"],"URL":"https:\/\/doi.org\/10.1007\/s10796-010-9268-7","relation":{},"ISSN":["1387-3326","1572-9419"],"issn-type":[{"value":"1387-3326","type":"print"},{"value":"1572-9419","type":"electronic"}],"subject":[],"published":{"date-parts":[[2010,9,23]]}}}