{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,2]],"date-time":"2026-06-02T08:45:52Z","timestamp":1780389952418,"version":"3.54.1"},"reference-count":37,"publisher":"Springer Science and Business Media LLC","issue":"11-12","license":[{"start":{"date-parts":[[2024,4,4]],"date-time":"2024-04-04T00:00:00Z","timestamp":1712188800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2024,4,4]],"date-time":"2024-04-04T00:00:00Z","timestamp":1712188800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"name":"National Centers of Academic Excellence, NSA","award":["H98230-22-1-0256"],"award-info":[{"award-number":["H98230-22-1-0256"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Ann. Telecommun."],"published-print":{"date-parts":[[2024,12]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Insider threats refer to harmful actions carried out by authorized users within an organization, posing the most damaging risks. The increasing number of these threats has revealed the inadequacy of traditional methods for detecting and mitigating insider threats. These existing approaches lack the ability to analyze activity-related information in detail, resulting in delayed detection of malicious intent. Additionally, current methods lack advancements in addressing noisy datasets or unknown scenarios, leading to under-fitting or over-fitting of the models. To address these, our paper presents a hybrid insider threat detection framework. We not only enhance prediction accuracy by incorporating a layer of statistical criteria on top of machine learning-based classification but also present optimal parameters to address over\/under-fitting of models. We evaluate the performance of our framework using a real-life threat test dataset (CERT r4.2) and compare it to existing methods on the same dataset (Glasser and Lindauer 2013). Our initial evaluation demonstrates that our proposed framework achieves an accuracy of 98.48% in detecting insider threats, surpassing the performance of most of the existing methods. Additionally, our framework effectively handles potential bias and data imbalance issues that can arise in real-life scenarios.<\/jats:p>","DOI":"10.1007\/s12243-024-01023-7","type":"journal-article","created":{"date-parts":[[2024,4,4]],"date-time":"2024-04-04T02:01:46Z","timestamp":1712196106000},"page":"819-831","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["E-Watcher: insider threat monitoring and detection for enhanced security"],"prefix":"10.1007","volume":"79","author":[{"given":"Zhiyuan","family":"Wei","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Usman","family":"Rauf","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Fadi","family":"Mohsen","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2024,4,4]]},"reference":[{"key":"1023_CR1","doi-asserted-by":"publisher","unstructured":"Glasser J, Lindauer B (2013) Bridging the gap: a pragmatic approach to generating insider threat data. In: 2013 IEEE Security and Privacy Workshops, pp 98\u2013104. https:\/\/doi.org\/10.1109\/SPW.2013.37","DOI":"10.1109\/SPW.2013.37"},{"key":"1023_CR2","doi-asserted-by":"publisher","unstructured":"Rauf U, Mohsen F, Wei Z (2023) A taxonomic classification of insider threats: existing techniques, future directions & recommendations. J Cyber Secur Mobil. https:\/\/doi.org\/10.13052\/jcsm2245-1439.1225","DOI":"10.13052\/jcsm2245-1439.1225"},{"key":"1023_CR3","doi-asserted-by":"publisher","first-page":"412","DOI":"10.1016\/j.future.2020.11.009","volume":"117","author":"U Rauf","year":"2021","unstructured":"Rauf U, Shehab M, Qamar N, Sameen S (2021) Formal approach to thwart against insider attacks: a bio-inspired auto-resilient policy regulation framework. Future Gener Comput Syst 117:412\u2013425. https:\/\/doi.org\/10.1016\/j.future.2020.11.009","journal-title":"Future Gener Comput Syst"},{"key":"1023_CR4","doi-asserted-by":"publisher","unstructured":"Rauf U, Shehab M, Qamar N, Sameen S (2019) Bio-inspired approach to thwart against insider threats: an access control policy regulation framework. In: Bio-inspired information and communication technologies. Springer, Cham, pp 39\u201357. https:\/\/doi.org\/10.1007\/978-3-030-24202-2_4","DOI":"10.1007\/978-3-030-24202-2_4"},{"key":"1023_CR5","doi-asserted-by":"crossref","unstructured":"Verizon (2021) 2021 data breach investigations report. Tech Rep. https:\/\/www.verizon.com\/business\/resources\/reports\/2021\/2021-data-breach-investigations-report.pdf","DOI":"10.1016\/S1361-3723(21)00061-0"},{"key":"1023_CR6","unstructured":"Ponemon Institute (2022) 2022 cost of insider threats global report. Tech Rep. https:\/\/www.proofpoint.com\/us\/resources\/threat-reports\/cost-of-insider-threats"},{"key":"1023_CR7","doi-asserted-by":"publisher","unstructured":"Brdiczka O, Liu J, Price B, Shen J, Patil A, Chow R, Bart E, Ducheneaut N (2012) Proactive insider threat detection through graph learning and psychological context. In: Security and Privacy Workshops (SPW), 2012 IEEE Symposium On, pp 142\u2013149. https:\/\/doi.org\/10.1109\/SPW.2012.29","DOI":"10.1109\/SPW.2012.29"},{"key":"1023_CR8","doi-asserted-by":"publisher","unstructured":"Kim J, Park M, Kim H, Cho S, Kang P (2019) Insider threat detection based on user behavior modeling and anomaly detection algorithms. Appl Sci 9(19). https:\/\/doi.org\/10.3390\/app9194018","DOI":"10.3390\/app9194018"},{"key":"1023_CR9","doi-asserted-by":"publisher","unstructured":"Yuan F, Cao Y, Shang Y, Liu Y, Tan J, Fang B (2018) Insider threat detection with deep neural network. In: Computational Science \u2013 ICCS 2018. Springer, Cham, pp 43\u201354. https:\/\/doi.org\/10.1007\/978-3-319-93698-7_4","DOI":"10.1007\/978-3-319-93698-7_4"},{"key":"1023_CR10","doi-asserted-by":"publisher","unstructured":"Rauf U, Wei Z, Mohsen F (2023) Employee watcher: a machine learning-based hybrid insider threat detection framework. In: 2023 7th Cyber Security in Networking Conference (CSNet), pp 39\u201345. https:\/\/doi.org\/10.1109\/CSNet59123.2023.10339777","DOI":"10.1109\/CSNet59123.2023.10339777"},{"key":"1023_CR11","unstructured":"Cybersecurity Agency IS (2022) Insider threat mitigation guide. https:\/\/www.cisa.gov\/insider-threat-mitigation"},{"key":"1023_CR12","unstructured":"Cybersecurity Insiders (2020) 2020 insider threat report. Techn Rep. https:\/\/www.cybersecurity-insiders.com\/portfolio\/2020-insider-threat-report-gurucul\/"},{"key":"1023_CR13","unstructured":"Schoenherr JR, Lilja-Lolax K, Gioe D (2022) Multiple approach paths to insider threat (map-it): Intentional, ambivalent and unintentional insider threats. Counter-Insider Threat Research and Practice 1(1)"},{"key":"1023_CR14","unstructured":"Rauf U (2020) Bio-inspired cyber security and threat analytics. PhD thesis, The University of North Carolina at Charlotte"},{"key":"1023_CR15","doi-asserted-by":"publisher","unstructured":"Sarker IH (2021) Machine learning: algorithms, real-world applications and research directions. SN Comput Sci 2(160). https:\/\/doi.org\/10.1007\/s42979-021-00592-x","DOI":"10.1007\/s42979-021-00592-x"},{"key":"1023_CR16","doi-asserted-by":"publisher","unstructured":"Chunrui Z, Shen W, Dechen Z, Tingyue Y, Tiangang W, Mingyong Y (2021) Detecting insider threat from behavioral logs based on ensemble and self-supervised learning. Secur Commun Netw 2021(4148441). https:\/\/doi.org\/10.1155\/2021\/414844","DOI":"10.1155\/2021\/414844"},{"key":"1023_CR17","doi-asserted-by":"publisher","unstructured":"Lindauer B (2020) Insider threat test dataset. Carnegie Mellon University, Pittsburgh, PA. https:\/\/doi.org\/10.1184\/R1\/12841247.v1","DOI":"10.1184\/R1\/12841247.v1"},{"key":"1023_CR18","unstructured":"CERT Threat Test Dataset (2016). https:\/\/resources.sei.cmu.edu\/library\/asset-view.cfm?assetid=508099"},{"key":"1023_CR19","unstructured":"Le DC (2021) A machine learning based framework for user-centered insider threat detection. PhD thesis, Dalhousie University. https:\/\/dalspace.library.dal.ca\/bitstream\/handle\/10222\/80731\/DucLe2021.pdf?sequence=1"},{"issue":"10","key":"1023_CR20","doi-asserted-by":"publisher","first-page":"1258","DOI":"10.3390\/e23101258","volume":"23","author":"T Al-Shehari","year":"2021","unstructured":"Al-Shehari T, Alsowail RA (2021) An insider data leakage detection using one-hot encoding, synthetic minority oversampling and machine learning techniques. Entropy 23(10):1258. https:\/\/doi.org\/10.3390\/e23101258","journal-title":"Entropy"},{"key":"1023_CR21","doi-asserted-by":"publisher","first-page":"301126","DOI":"10.1016\/j.fsidi.2021.301126","volume":"38","author":"Y Wei","year":"2021","unstructured":"Wei Y, Chow K-P, Yiu S-M (2021) Insider threat prediction based on unsupervised anomaly detection scheme for proactive forensic investigation. Forensic Sci Int Digit Investig 38:301126. https:\/\/doi.org\/10.1016\/j.fsidi.2021.301126","journal-title":"Forensic Sci Int Digit Investig"},{"key":"1023_CR22","doi-asserted-by":"publisher","unstructured":"Jiang W, Tian Y, Liu W, Liu W (2018) An insider threat detection method based on user behavior analysis. In: 10th International conference on intelligent information processing (IIP). Intelligent Information Processing IX, vol AICT-538, Nanning, China, pp 421\u2013429. https:\/\/doi.org\/10.1007\/978-3-030-00828-4_43. Part 10: Image Understanding","DOI":"10.1007\/978-3-030-00828-4_43"},{"key":"1023_CR23","doi-asserted-by":"publisher","unstructured":"Koutsouvelis V, Shiaeles S, Ghita B, Bendiab G (2020) Detection of insider threats using artificial intelligence and visualisation. In: 2020 6th IEEE Conference on Network Softwarization (NetSoft), pp 437\u2013443. https:\/\/doi.org\/10.1109\/NetSoft48620.2020.9165337","DOI":"10.1109\/NetSoft48620.2020.9165337"},{"key":"1023_CR24","doi-asserted-by":"publisher","unstructured":"Ma Q, Rastogi N (2020) Dante: predicting insider threat using lstm on system logs. https:\/\/doi.org\/10.1109\/TrustCom50675.2020.00153","DOI":"10.1109\/TrustCom50675.2020.00153"},{"key":"1023_CR25","doi-asserted-by":"publisher","unstructured":"Kurniabudi, Stiawan D, Darmawijoyo, Bin\u00a0Idris, MY, Bamhdi AM, Budiarto R (2020) Cicids-2017 dataset feature analysis with information gain for anomaly detection. IEEE Access 8:132911\u2013132921. https:\/\/doi.org\/10.1109\/ACCESS.2020.3009843","DOI":"10.1109\/ACCESS.2020.3009843"},{"key":"1023_CR26","doi-asserted-by":"publisher","unstructured":"Vajapeyam S (2014) Understanding shannon\u2019s entropy metric for information. https:\/\/doi.org\/10.48550\/ARXIV.1405.2061","DOI":"10.48550\/ARXIV.1405.2061"},{"key":"1023_CR27","doi-asserted-by":"publisher","unstructured":"Breunig MM, Kriegel H-P, Ng RT, Sander J (2000) Lof: identifying density-based local outliers. In: Proceedings of the 2000 ACM SIGMOD International Conference on Management of Data. SIGMOD \u201900, New York, NY, USA, pp 93\u2013104. https:\/\/doi.org\/10.1145\/342009.335388","DOI":"10.1145\/342009.335388"},{"issue":"7","key":"1023_CR28","doi-asserted-by":"publisher","first-page":"891","DOI":"10.1109\/JIOT.2019.2958185","volume":"30","author":"GO Campos","year":"2016","unstructured":"Campos GO, Zimek A, Sander J, Campello RJGB, Micenkov\u00e1 B, Schubert E, Assent I, Houle ME (2016) On the evaluation of unsupervised outlier detection: measures, datasets, and an empirical study. Data Min Knowl Disc 30(7):891\u2013927. https:\/\/doi.org\/10.1109\/JIOT.2019.2958185","journal-title":"Data Min Knowl Disc"},{"key":"1023_CR29","unstructured":"IBM Cloud Education (2020) What is Supervised Learning? https:\/\/www.ibm.com\/cloud\/learn\/supervised-learning"},{"key":"1023_CR30","doi-asserted-by":"publisher","first-page":"466","DOI":"10.1016\/j.procs.2019.11.146","volume":"161","author":"S Gupta","year":"2019","unstructured":"Gupta S, Gupta A (2019) Dealing with noise problem in machine learning data-sets: a systematic review. Procedia Comput Sci 161:466\u2013474. https:\/\/doi.org\/10.1016\/j.procs.2019.11.146","journal-title":"Procedia Comput Sci"},{"key":"1023_CR31","unstructured":"IBM Cloud Education (2021) What is Overfitting? https:\/\/www.ibm.com\/cloud\/learn\/overfitting"},{"key":"1023_CR32","doi-asserted-by":"publisher","unstructured":"Gavai G, Sricharan K, Gunning D, Hanley J, Singhal M, Rolleston R (2015) Supervised and unsupervised methods to detect insider threat from enterprise social and online activity data. 6:47\u201363. https:\/\/doi.org\/10.22667\/JOWUA.2015.12.31.047","DOI":"10.22667\/JOWUA.2015.12.31.047"},{"key":"1023_CR33","doi-asserted-by":"publisher","unstructured":"Aldairi M, Karimi L, Joshi J (2019) A trust aware unsupervised learning approach for insider threat detection. In: 2019 IEEE 20th International conference on information reuse and integration for data science (IRI), pp 89\u201398. https:\/\/doi.org\/10.1109\/IRI.2019.00027","DOI":"10.1109\/IRI.2019.00027"},{"issue":"14","key":"1023_CR34","doi-asserted-by":"publisher","first-page":"4945","DOI":"10.3390\/app10144945","volume":"10","author":"RG Gayathri","year":"2020","unstructured":"Gayathri RG, Sajjanhar A, Xiang Y (2020) Image-based feature representation for insider threat classification. Appl Sci 10(14):4945. https:\/\/doi.org\/10.3390\/app10144945","journal-title":"Appl Sci"},{"key":"1023_CR35","doi-asserted-by":"publisher","unstructured":"Nicolaou A, Shiaeles S, Savage N (2020) Mitigating insider threats using bio-inspired models. Appl Sci 10. https:\/\/doi.org\/10.3390\/app10155046","DOI":"10.3390\/app10155046"},{"key":"1023_CR36","doi-asserted-by":"publisher","unstructured":"Pantelidis E, Bendiab G, Shiaeles S, Kolokotronis N (2021) Insider threat detection using deep autoencoder and variational autoencoder neural networks. In: 2021 IEEE International conference on cyber security and resilience (CSR), pp 129\u2013134. https:\/\/doi.org\/10.1109\/CSR51186.2021.9527925","DOI":"10.1109\/CSR51186.2021.9527925"},{"issue":"4","key":"1023_CR37","doi-asserted-by":"publisher","first-page":"2109","DOI":"10.1002\/nem.2109","volume":"31","author":"DC Le","year":"2021","unstructured":"Le DC, Zincir-Heywood N (2021) Exploring anomalous behaviour detection and classification for insider threat identification. Int J Netw Manag 31(4):2109. https:\/\/doi.org\/10.1002\/nem.2109","journal-title":"Int J Netw Manag"}],"container-title":["Annals of Telecommunications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12243-024-01023-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s12243-024-01023-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12243-024-01023-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,29]],"date-time":"2024-11-29T23:03:41Z","timestamp":1732921421000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s12243-024-01023-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,4]]},"references-count":37,"journal-issue":{"issue":"11-12","published-print":{"date-parts":[[2024,12]]}},"alternative-id":["1023"],"URL":"https:\/\/doi.org\/10.1007\/s12243-024-01023-7","relation":{},"ISSN":["0003-4347","1958-9395"],"issn-type":[{"value":"0003-4347","type":"print"},{"value":"1958-9395","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,4,4]]},"assertion":[{"value":"30 December 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"11 March 2024","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"4 April 2024","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}]}}