{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,21]],"date-time":"2026-05-21T17:20:07Z","timestamp":1779384007976,"version":"3.53.1"},"reference-count":78,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"DOI":"10.13039\/501100002383","name":"Deanship of Scientific Research at King Saud University","doi-asserted-by":"publisher","award":["RG-1441-401"],"award-info":[{"award-number":["RG-1441-401"]}],"id":[{"id":"10.13039\/501100002383","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2020]]},"DOI":"10.1109\/access.2020.2989739","type":"journal-article","created":{"date-parts":[[2020,4,23]],"date-time":"2020-04-23T20:03:40Z","timestamp":1587672220000},"page":"78385-78402","source":"Crossref","is-referenced-by-count":33,"title":["Empirical Detection Techniques of Insider Threat Incidents"],"prefix":"10.1109","volume":"8","author":[{"given":"Rakan A.","family":"Alsowail","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9783-919X","authenticated-orcid":false,"given":"Taher","family":"Al-Shehari","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1080\/08839519508945477"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1145\/1656274.1656278"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2014.38"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.5038\/1944-0472.4.2.2"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1186\/1748-5908-8-139"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1016\/j.futures.2015.06.006"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11212-1_22"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1145\/1143844.1143865"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2012.11"},{"key":"ref75","first-page":"203","article-title":"A comparison of prediction accuracy, complexity, and training time of thirty-three old and new classification algorithms","volume":"229","author":"tjen-sien","year":"1992","journal-title":"Mach Learn"},{"key":"ref78","first-page":"326","article-title":"Growing information: Part I","author":"cohen","year":"2009","journal-title":"Proc Informing Sci Inf Technol (IISIT)"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2013.08.022"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23644-0_10"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04219-5_3"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-15512-3_20"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-74320-0_8"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2016.14"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/.2006.1629440"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.4028\/www.scientific.net\/AMM.713-715.2212"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1037\/lhb0000032"},{"key":"ref62","year":"2016","journal-title":"Insider Threat Test Dataset"},{"key":"ref61","first-page":"1","article-title":"An abnormal file access behavior detection approach based on file path diversity","author":"wang","year":"2014","journal-title":"Proc Int Conf Inf Commun Technol (ICT)"},{"key":"ref63","author":"schonlau","year":"2001","journal-title":"Masquerading User Dataset of Unix Command Line Sequences"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1057\/ejis.2011.51"},{"key":"ref64","author":"project","year":"2015","journal-title":"Enron Email Dataset"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/SKG.2011.31"},{"key":"ref65","author":"laboratory","year":"2018","journal-title":"1998 DARPA Intrusion Detection Evaluation Data Set"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(99)00112-7"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/RE.2016.61"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1007\/s10586-018-2817-4"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.7763\/IJCTE.2014.V6.837"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2009.2039591"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1145\/1595676.1595678"},{"key":"ref1","author":"cappelli","year":"2012","journal-title":"The CERT Guide to Insider Threats How to Prevent Detect and Respond to Information Technology Crimes"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-77322-3_5"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/TCSS.2014.2377811"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1080\/19393555.2011.654318"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1186\/s41044-016-0006-0"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.28945\/2010"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1504\/IJSN.2017.10005217"},{"key":"ref25","doi-asserted-by":"crossref","DOI":"10.1371\/journal.pmed.1000097","article-title":"Preferred reporting items for systematic reviews and meta-analyses: The PRISMA statement","volume":"6","author":"moher","year":"2009","journal-title":"PLoS Med"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/IAW.2005.1495972"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM.2011.6127457"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1080\/19361610.2011.529413"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2013.14"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.24251\/HICSS.2017.319"},{"key":"ref56","first-page":"1","article-title":"Deep learning for unsupervised insider threat detection in structured cybersecurity data streams","author":"tuor","year":"2017","journal-title":"Proc 31st AAAI Conf Artif Intell"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1504\/IJSN.2008.017224"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/1014052.1014084"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/SMCSIA.2003.1232400"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/ICTAI.2011.176"},{"key":"ref10","year":"2018","journal-title":"Cost of Insider Threats? Global Sponsored by ObserveIT"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1007\/s10796-010-9252-2"},{"key":"ref11","author":"lee","year":"2019","journal-title":"IBM X-Force Threat Intelligence Index Report"},{"key":"ref12","year":"2018","journal-title":"Threat Report 2018&#x2013;C Technologies"},{"key":"ref13","author":"center","year":"2018","journal-title":"Common Sense Guide to Mitigating Insider Threats 4th Edition"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1016\/j.istr.2010.11.002"},{"key":"ref15","first-page":"1","article-title":"The insider threat to information systems","volume":"2","author":"shaw","year":"1998","journal-title":"Security Awareness Bulletin"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2018.2800740"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/2897795.2897799"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2016.01.008"},{"key":"ref19","first-page":"46","article-title":"A survey on masquerader detection approaches","author":"bertacchini","year":"2009","journal-title":"Proc 5th Congr Iberoamericano de Seguridad Inform&#x00E1;tica Univ de la Rep&#x00FA;blica de Uruguay"},{"key":"ref4","first-page":"77","article-title":"Position: &#x2018;Insider&#x2019; is relative","author":"bishop","year":"2005","journal-title":"Proceedings New Security Paradigms Workshop"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2005.05.002"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4419-7133-3_5"},{"key":"ref5","first-page":"4","article-title":"Insiders and insider threats-an overview of definitions and mitigation techniques","volume":"2","author":"hunker","year":"2011","journal-title":"J Wireless Mobile Netw Ubiquitous Comput Dependable Appl"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-4048(02)01009-X"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/2487575.2488213"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.21236\/ADA610463"},{"key":"ref9","first-page":"30","article-title":"Insight into Insiders and IT: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures","volume":"52","author":"homoliak","year":"2018","journal-title":"ACM Comput Surv"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2012.29"},{"key":"ref45","first-page":"10","article-title":"One-class training for masquerade detection","author":"wang","year":"2003","journal-title":"Proc Workshop Data Mining Comput Secur (ICDM)"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2015.2438442"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2013.35"},{"key":"ref42","first-page":"52","article-title":"System level user behavior biometrics using Fisher features and Gaussian mixture models","author":"song","year":"2013","journal-title":"Proc IEEE Secur Privacy Workshops"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCA.2011.2162500"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2006.255112"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-014-0238-9"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/8948470\/09076665.pdf?arnumber=9076665","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,12,17]],"date-time":"2021-12-17T19:51:36Z","timestamp":1639770696000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9076665\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"references-count":78,"URL":"https:\/\/doi.org\/10.1109\/access.2020.2989739","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]}}}